Detection and Defense of Cache Pollution Attacks Using Clustering in Named Data Networks

Named Data Network (NDN), as a promising information-centric networking architecture, is expected to support next-generation of large-scale content distribution with open in-network cachings. However, such open in-network caches are vulnerable against Cache Pollution Attacks (CPAs) with the goal of filling cache storage with non-popular contents. The detection and defense against such attacks are especially difficult because of CPA's similarities with normal fluctuations of content requests. In this work, we use a clustering technique to detect and defend against CPAs. By clustering the content interests, our scheme is able to distinguish whether they have followed the Zipf-like distribution or not for accurate detections. Once any attack is detected, an attack table will be updated to record the abnormal requests. While such requests are still forwarded, the corresponding content chunks are not cached. Extensive simulations in ndnSIM demonstrate that our scheme can resist CPA effectively with higher cache hit, higher detecting ratio, lower hop count, and lower algorithm complexity compared to other state-of-the-art schemes.