A Security Monitoring Plane for Named Data Networking Deployment
| Autor: | Wissam Mallouli, Guillaume Doyen, Edgardo Montes de Oca, Remi Cogranne, Olivier Festor, Tan Nguyen, Hoang Long Mai |
|---|---|
| Přispěvatelé: | Laboratoire Modélisation et Sûreté des Systèmes (LM2S), Institut Charles Delaunay (ICD), Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS)-Université de Technologie de Troyes (UTT)-Centre National de la Recherche Scientifique (CNRS), Montimage [Paris], Environnement de Réseaux Autonomes (ERA), TELECOM Nancy, Université de Lorraine (UL), Resilience and Elasticity for Security and ScalabiliTy of dynamic networked systems (RESIST), Inria Nancy - Grand Est, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Department of Networks, Systems and Services (LORIA - NSS), Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Laboratoire Lorrain de Recherche en Informatique et ses Applications (LORIA), Institut National de Recherche en Informatique et en Automatique (Inria)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS)-Université de Lorraine (UL)-Centre National de la Recherche Scientifique (CNRS), ANR-14-CE28-0001,DOCTOR,Déploiement et sécurisation des nouvelles fonctionnalités dans les environnements réseaux virtualisé(2014) |
| Jazyk: | angličtina |
| Rok vydání: | 2018 |
| Předmět: |
021110 strategic
defence & security studies Security monitoring Computer Networks and Communications business.industry Computer science Testbed 0211 other engineering and technologies 020206 networking & telecommunications 02 engineering and technology dissemin Computer Science Applications Flooding (computer networking) Software deployment 0202 electrical engineering electronic engineering information engineering Forwarding plane The Internet [INFO]Computer Science [cs] Electrical and Electronic Engineering business Computer network |
| Zdroj: | IEEE Communications Magazine IEEE Communications Magazine, Institute of Electrical and Electronics Engineers, 2018, 56 (11), pp.88-94. ⟨10.1109/mcom.2018.1701135⟩ IEEE Communications Magazine, 2018, 56 (11), pp.88-94. ⟨10.1109/mcom.2018.1701135⟩ |
| ISSN: | 0163-6804 |
| DOI: | 10.1109/mcom.2018.1701135⟩ |
| Popis: | International audience; NDN is the most mature proposal of the ICN paradigm, a clean-slate approach for the Future Internet. Although NDN was designed to natively tackle security issues inherent to IP networks, it also introduces new security threats that may prevent its practical deployment by telco operators. Therefore, designing and implementing a dedicated security monitoring plane is essential to enable such future deployment. In this article, we present a set of contributions in this area. It first consists of featuring significant NDN attacks in a real operating context to evaluate their actual impact. Then, by analyzing the NFD data plane pipelines, we present a monitoring plane design that captures the state of NDN nodes by instrumenting 18 metrics with dedicated probes. We then correlate these metrics with a Bayesian network, which allows the detection of potential abnormal behaviors. To validate our approach, we demonstrate the efficiency of our monitoring plane in the detection of content poisoning attacks and interest flooding attacks in a testbed carrying real traffic. |
| Databáze: | OpenAIRE |
| Externí odkaz: |
|