Isolation Forest-Based Mechanism to Defend against Interest Flooding Attacks in Named Data Networking

Interest flooding attacks (IFAs) are widely regarded as being among the most harmful security risks in named data networking (NDN). Through an IFA, the attacker injects numerous Interest packets into a network to drain network resources such as bandwidth, caching capacity, and computational capacity, which can seriously affect the normal data content requests of legitimate consumers and degrade the network quality of service (QoS). To design a high-efficiency IFA mitigation scheme, it is critical to detect attacks accurately and rapidly. Therefore, there is high interest in developing an optimized attack detection scheme. In this study, the concept of an isolation forest (iForest) is introduced to develop an IFA detection mechanism in which the iForest construction process isolates abnormal and legitimate prefixes. This approach enables malicious prefixes to be identified among abnormal prefixes to mitigate IFAs by restricting the forwarding of malicious Interest packets. The results of extensive simulations show that the proposed iForest-based IFA detection mechanism (IFDM) outperforms other related schemes in terms of attack detection accuracy and speed and thus can offer effective support for preserving NDN QoS.