Information Centric Networks (ICNs) have emerged in recent years as a new networking paradigm for the next-generation Internet. The primary goal of these networks is to provide effective mechanisms for content distribution and retrieval based on in-network content caching. The design of different ICN architectures addressed many of the security issues found in the traditional Internet. Therefore, allowing for a secure, reliable, and scalable communication over the Internet. However, recent research studies showed that these architectures are vulnerable to different types of DDoS attacks. In this paper, we propose a defense mechanism against distributed denial of service attacks (DDoS) in path-identifier based information centric networks. The proposed mechanism, called LogDos, performs GET Message logging based filtering and employs Bloom filter based logging to store incoming GET messages such that corresponding content messages are verified, while filtering packets originating from malicious hosts. We develop three versions of LogDos with varying levels of storage overhead at LogDos-enabled router. Extensive simulation experiments show that LogDos is very effective against DDoS attacks as it can filter more than 99.98 % of attack traffic in different attack scenarios while incurring acceptable storage overhead.

中文翻译：

---

LogDoS：基于路径标识符的以信息为中心的网络中基于日志的新型 DDoS 预防机制

近年来，以信息为中心的网络 (ICN) 已成为下一代互联网的新网络范例。这些网络的主要目标是为基于网络内内容缓存的内容分发和检索提供有效的机制。不同 ICN 架构的设计解决了传统互联网中发现的许多安全问题。因此，允许通过 Internet 进行安全、可靠和可扩展的通信。然而，最近的研究表明，这些架构容易受到不同类型的 DDoS 攻击。在本文中，我们提出了一种针对基于路径标识符的信息中心网络中的分布式拒绝服务攻击 (DDoS) 的防御机制。提议的机制，称为 LogDos，执行基于 GET 消息日志记录的过滤，并使用基于 Bloom 过滤器的日志记录来存储传入的 GET 消息，以便验证相应的内容消息，同时过滤来自恶意主机的数据包。我们开发了三个版本的 LogDos，在启用 LogDos 的路由器上具有不同级别的存储开销。大量的模拟实验表明，LogDos 对 DDoS 攻击非常有效，因为它可以过滤不同攻击场景下超过 99.98% 的攻击流量，同时产生可接受的存储开销。