Named Data Network (NDN) as a new network architecture, in recent years become a hot research, its security has been widespread concern. With the continuous updating of distributed denial of service (DDoS) attack methods in NDN networks, this article designs a new type of attack, called the Improved Collusive Flooding Attack (I-CIFA). I-CIFA attack combines the advantages of mainstream DDoS attack in NDN network, and is an attack method generated by low-rate DDoS attack and the cooperation of collusive producer. On the basis of the existing DDoS attack, the I-CIFA attack further improves the ability to destroy the network and the ability to resist the existing defense scheme. I-CIFA is designed on the basis of CIFA by improving the attack nodes and so on. In addition to redefining and configuring the attack parameters, improvements were also made in two aspects. First, the probing mode to probe the pending interest table (PIT) capacity of the routing nodes was added before attack started. Second, the way in which each attacker requests a packet from the collusive producer in each attack cycle has been further improved. Test results show that I-CIFA can cause 87.5% of the legitimate interest packets in the whole network to be discarded, and it is not only has a strong attack range on the network, but it is also difficult to be detected by existing CIFA-countermeasures.

命名数据网络（NDN）作为一种新型的网络架构，近年来成为研究热点，其安全性受到广泛关注。随着NDN网络中分布式拒绝服务（DDoS）攻击方式的不断更新，本文设计了一种新型的攻击方式，称为改进型共谋泛洪攻击（I-CIFA）。I-CIFA 攻击结合了 NDN 网络中主流 DDoS 攻击的优点，是一种低速率 DDoS 攻击与合谋生产者合作产生的攻击方式。I-CIFA攻击在现有DDoS攻击的基础上，进一步提高了破坏网络的能力和抵抗现有防御方案的能力。I-CIFA是在CIFA的基础上通过改进攻击节点等设计的。除了重新定义和配置攻击参数，也有两个方面的改进。首先，在攻击开始之前添加了探测模式来探测路由节点的未决兴趣表（PIT）容量。其次，每个攻击者在每个攻击周期中向合谋生产者请求数据包的方式得到了进一步改进。测试结果表明，I-CIFA可以导致全网87.5%的合法兴趣包被丢弃，不仅对网络具有很强的攻击范围，而且现有CIFA也难以检测到。对策。