A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking

Abstract

Despite the highly secure content sharing and the optimized forwarding mechanism, the content delivery in a Named Data Network (NDN) still suffers from numerous vulnerabilities that can be exploited to reduce the efficiency of such architecture. Malicious attacks in NDN have become more sophisticated and the foremost challenge is to identify unknown and obfuscated malware, as the malware authors use different evasion techniques for information concealing to prevent detection by an Intrusion Detection System (IDS). For the most part, NDN faces immense negative impacts from attacks such as Cache Pollution Attacks (CPA), Cache Privacy Attacks, Cache Poisoning Attacks, and Interest Flooding Attacks (IFA), that target different security components, including availability, integrity, and confidentiality. This poses a critical challenge to the design of IDS in NDN. This paper provides the latest taxonomy, together with a review of the significant research works on IDSs up to the present time, and a classification of the proposed systems according to the taxonomy. It provides a structured and comprehensive overview of the existing IDSs so that a researcher can create an even better mechanism for the previously mentioned attacks. This paper discusses the limits of the techniques applied to design IDSs with recent findings that can be further exploited in order to optimize those detection and mitigation mechanisms.