BLAM: Lightweight Bloom-filter based DDoS Mitigation for Information-Centric IoT

Information-Centric Networking (ICN) provides great potential to promote the development of the Internet of Things (IoT) due to its multicast nature and mobility support. However, the stateful forwarding peculiarity introduces new varietal attacks named Interest Flooding Attacks (IFA), which is stealthy but destructive for the resource-limited IoT devices. In this paper, we propose a lightweight BLoom-filter based Attack Mitigating (BLAM) mechanism to reduce the detecting memory cost, while guaranteeing both the detecting accuracy and delay. Specifically, each IoT node employs a small Bloom filter to check attack behaviors instead of the traditional memory-consuming operations, i.e., recording malicious requests. Bloom filter values by hashing the published data names with a set of hash functions, are encapsulated and distributed via a new message named Ba-NACK. Based on this design, two specific schemes are further proposed for the attack detecting and Bloom filter updating. We formulate the memory cost minimum problem and theoretically analyze that BLAM can reduce the memory cost. We also implement BLAM in a realistic network testbed to evaluate its performance. The results show that BLAM reduces the memory cost by 78.6 %, and reduces the delay from millisecond to microsecond with slight sacrifice of the accuracy by 0.4% compared with other state-of-the-art mechanisms.