Detection and Defense of Cache Pollution Attack Using State Transfer Matrix in Named Data Networks

Due to the cache's capacity of forwarding information, Named Data Networking (NDN) has become a promising networking architecture. Since distributed caching is susceptible to cache pollution attacks (CPAs), researchers pay more attention to CPAs detection and defense. The current detection schemes seriously rely on an assumption that the content popularity remains stable over time. However, the change in interests of legitimate users in the network is unavoidable, which makes content popularity change dynamically. Thus, it is difficult to detect CPAs based on a static content popularity distribution. To address this issue, we propose a novel scheme to detect CPAs by analysing latency instead of popularity. The proposed scheme constructs the probability transfer matrix based on the Markov process of contents transfer and detects CPAs by the convergence states of the matrix. Once a CPA is detected, the affected router recognizes the attack type and adopts a specific defense method according to the attack type. This defense method can improve the network Quality of Service (QoS) by leveraging particular methods for different routers rather than the broadcasted global method. Extensive simulations in ndnSIM show that our scheme can effectively detect CPAs with higher detection ratio and defense CPAs with acceptable impacts on the overall network in network scenarios with dynamically changing content popularity.