Mechanism for identifying and resisting cache pollution attack in vehicular named data networking
-
摘要: 为了在车载命名数据网络中准确检测并有效抑制缓存污染攻击,融合内容流行度预测,设计了一种基于深度强化学习的自适应攻击检测与抑制机制;针对缓存污染攻击的特点,基于支持向量机设计了一种网络状态判断方法,在识别出状态异常时,即触发缓存污染攻击的检测与抑制功能;同时,结合深度Q网络和K-means算法,设计了一种自适应攻击检测方法,该方法能够根据网络特征动态调整攻击检测的时间间隔,并由路侧单元依据车辆节点的内容流行度预测结果和请求记录,对缓存污染攻击产生的虚假流行内容进行筛选,从而实现攻击的精准快速检测;设计了一种基于动态黑名单的缓存污染攻击抑制方法,将攻击产生的虚假流行内容放入黑名单,并根据检测结果动态更新黑名单,车辆节点和路侧单元根据黑名单从缓存中剔除虚假流行内容,同时丢弃与其相应的兴趣包,从而有效抑制缓存污染攻击,减少对用户的影响;搭建了半实物仿真平台,通过半实物仿真试验进一步验证了所提方法对缓存污染攻击的检测性能。仿真结果表明:当面临高强度缓存污染攻击时,所提出的方法在低密度和高密度车载命名数据网络场景下,缓存污染攻击检测的准确率分别提升至0.91和0.92,车辆节点的内容获取延迟分别降低为0.113 s和0.112 s,表明该方法性能优于现有方法,能够有效地识别抑制缓存污染攻击,提升车载命名数据网络的安全性。Abstract: To accurately detect and effectively resist cache pollution attacks in vehicular named data networking, an adaptive attack detection and resistance mechanism based on deep reinforcement learning was proposed by integrating the prediction of content popularity. A network state judgment method using support vector machine was designed for the characteristics of cache pollution attack. When an abnormal state was identified, the functions of detection and resistance of cache pollution attack were triggered. Meanwhile, an adaptive attack detection method was developed by combining deep Q-network and the K-means algorithm. With this method, the time interval for attack detection was dynamically adjusted based on network characteristics. The roadside unit could filter the false popular content generated by cache pollution attacks based on the predicted content popularity and request records of vehicle nodes, thereby achieving precise and rapid attack detection. In addition, a method for resisting cache pollution attacks was proposed based on the dynamic blacklist. The false popular contents generated by the attack were placed on the blacklist, which was dynamically updated based on the detection results. Vehicle nodes and roadside units removed the false popular contents from the cache according to the blacklist and discarded the corresponding interest packets. Therefore, the cache pollution attack was effectively suppressed and its impact on users was also reduced. Semi-physical simulation platform was constructed. The detection performance of the proposed method against cache pollution attacks was further verified by a semi-physical simulation test. Simulation test results show that when facing high-intensity cache pollution attacks, the proposed method detects cache pollution attacks with accuracies of 0.91 and 0.92, respectively, in low-density and high-density vehicular named data networking scenarios. The content retrieval delays for vehicle nodes decrease to 0.113 and 0.112 s, respectively. The performance of the proposed method is superior to existing methods. It can effectively identify and resist cache pollution attacks, and improve the security of vehicular named data networking.
-
图 11 G的不同取值对假阳性率的影响
Figure 11. Influence of different values of G on false positive rate
图 12 G的不同取值对假阴性率的影响
Figure 12. Influence of different values of G on false negative rate
图 13 低密度场景下准确率的试验结果
Figure 13. Experimental results of accuracy in low-density scenarios
图 14 高密度场景下准确率的试验结果
Figure 14. Experimental results of accuracy in high-density scenarios
图 15 低密度场景下假阳性率的试验结果
Figure 15. Experimental results of false positive rate in low-density scenarios
图 16 低密度场景下假阴性率的试验结果
Figure 16. Experimental results of false negative rate in low-density scenarios
图 17 高密度场景下假阳性率的试验结果
Figure 17. Experimental results of false positive rate in high-density scenarios
图 18 高密度场景下假阴性率的试验结果
Figure 18. Experimental results of false negative rate in high-density scenarios
图 19 低密度场景RSU端平均缓存命中率试验结果
Figure 19. Experimental result of average cache hit ratio of RSU in low-density scenarios
图 20 低密度场景车辆节点平均缓存命中率试验结果
Figure 20. Experimental results of average cache hit ratio of vehicle nodes in low-density scenarios
图 21 高密度场景RSU端平均缓存命中率试验结果
Figure 21. Experimental results of average cache hit ratio of RSU in high-density scenarios
图 22 高密度场景车辆节点平均缓存命中率试验结果
Figure 22. Experimental results of average cache hit ratio of vehicle nodes in high-density scenarios
图 23 低密度场景车辆节点平均内容获取延迟试验结果
Figure 23. Experimental results of average content acquisition delay of vehicle nodes in low-density scenarios
图 24 高密度场景车辆节点平均内容获取延迟试验结果
Figure 24. Experimental results of average content acquisition delay of vehicle nodes in high-density scenarios
表 1 试验参数
Table 1. Experimental parameters
参数名称 值 试验区域尺寸/m×m 2 000×2 000 RSU通信半径/m 500 车辆节点缓存 20 RSU缓存 200 试验持续时间/s 2 000 合法用户请求频率/(次·s-1) 10 攻击强度 0.0~1.0 可用内容数量/个 2 000 准确率阈值AK 0.85 假阳性率阈值FK 0.15 假阴性率阈值BK 0.15 初始时间间隔T0/s 1 车辆节点数量/veh 40 150 
下载: 导出CSV
表 2 FLA的检测准确率、假阳性率和假阴性率
Table 2. Detection accuracy, false positive rate and false negative rate of FLA
攻击强度 准确率 假阳性率 假阴性率 0.8 0.915 0.108 0.114 1.0 0.920 0.104 0.108
下载: 导出CSV
表 3 LDA的检测准确率、假阳性率和假阴性率
Table 3. Detection accuracy, false positive rate and false negative rate of LDA
攻击强度 准确率 假阳性率 假阴性率 0.8 0.912 0.112 0.119 1.0 0.918 0.115 0.123
下载: 导出CSV
-
[1] 马永杰, 程时升, 马芸婷, 等. 卷积神经网络及其在智能交通系统中的应用综述[J]. 交通运输工程学报, 2021, 21(4): 48-71. doi: 10.19818/j.cnki.1671-1637.2021.04.003MA Yong-jie, CHENG Shi-sheng, MA Yun-ting, et al. Review of convolutional neural network and its application in intelligent transportation system[J]. Journal of Traffic and Transportation Engineering, 2021, 21(4): 48-71. doi: 10.19818/j.cnki.1671-1637.2021.04.003 [2] 汤红波, 郑林浩, 葛国栋, 等. CCN中基于节点状态模型的缓存污染攻击检测算法[J]. 通信学报, 2016, 37(9): 1-9.TANG Hong-bo, ZHENG Lin-hao, GE Guo-dong, et al. Detection algorithm for cache pollution attacks based on node state model in content centric networking[J]. Journal on Communications, 2016, 37(9): 1-9. [3] 韩江萍, 汪浩东, 杨佳宇, 等. NDN-Ad Hoc网络中基于多属性决策的可靠转发策略[J]. 通信学报, 2024, 45(5): 151-164.HAN Jiang-ping, WANG Hao-dong, YANG Jia-yu, et al. Reliable forwarding strategy based on multiple attribute decision-making in NDN-Ad Hoc networks[J]. Journal on Communications, 2024, 45(5): 151-164. [4] CHEN C, WANG C, QIU T, et al. A secure content sharing scheme based on blockchain in vehicular named data networks[J]. IEEE Transactions on Industrial Informatics, 2019, 16(5): 3278-3289. [5] CHATTERJEE T, RUJ S, BIT S D. Security issues in named data networks[J]. Computer, 2018, 51(1): 66-75. [6] CONTI M, GASTI P, TEOLI M. A lightweight mechanism for detection of cache pollution attacks in named data networking[J]. Computer Networks, 2013, 57(16): 3178-3191. [7] SALAH H, ALFATAFTA M, SAYEDAHMED S, et al. CoMon++: Preventing cache pollution in NDN efficiently and effectively[C]//IEEE. 2017 42nd Conference on Local Computer Networks. New York: IEEE, 2017: 43-51. [8] KAMIMOTO T, MORI K, UMEDA S, et al. Cache protection method based on prefix hierarchy for content-oriented network[C]//IEEE. 2016 13th Annual Consumer Communications and Networking Conference. New York: IEEE, 2016: 417-422. [9] GUO H R, WANG X D, CHANG K, et al. Exploiting path diversity for thwarting pollution attacks in named data networking[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(9): 2077-2090. [10] KUMAR N, SRIVASTAVA S. IBPC: An approach for mitigation of cache pollution attack in NDN using interface-based popularity[J]. Arabian Journal for Science and Engineering, 2024, 49(3): 3241-3251. [11] ZHANG G Z, LIU J Q, CHANG X L, et al. Combining popularity and locality to enhance in-network caching performance and mitigate pollution attacks in content-centric networking[J]. IEEE Access, 2017, 5: 19012-19022. [12] ZHOU J, LUO J T, DENG L L, et al. Cache pollution prevention mechanism based on cache partition in V-NDN[C]// IEEE. 2020 9th International Conference on Communications in China. New York: IEEE, 2020: 330-335. [13] QU D P, LYU G X, QU S J, et al. An effective and lightweight countermeasure scheme to multiple network attacks in NDN[J]. IEEE/ACM Transactions on Networking, 2021, 30(2): 515-528. [14] YAO L, CHEN Z Y, DAI H P, et al. Exploiting non-cooperative game against cache pollution attack in vehicular content centric network[J]. IEEE Transactions on Dependable and Secure Computing, 2021, 19(6): 3873-3886. [15] KAR P, CHEN L, SHENG W X, et al. Advancing NDN security: Efficient identification of cache pollution attacks through rank comparison[J]. Internet of Things, 2024, 26: 101142. [16] KARAMI A, GUERRERO-ZAPATA M. An ANFIS-based cache replacement method for mitigating cache pollution attacks in named data networking[J]. Computer Networks, 2015, 80: 51-65. [17] YAO L, ZENG YJ, WANG X, et al. Detection and defense of cache pollution based on popularity prediction in named data networking[J]. IEEE Transactions on Dependable and Secure Computing, 2020, 18(6): 2848-2860. [18] YAO L, FAN Z Z, DENG J, et al. Detection and defense of cache pollution attacks using clustering in named data networks[J]. IEEE Transactions on Dependable and Secure Computing, 2018, 17(6): 1310-1321. [19] YAO L, ZHENG Z L, WANG X, et al. Detection of cache pollution attack based on ensemble learning in ICN-based VANET[J]. IEEE Transactions on Dependable and Secure Computing, 2022, 20(4): 3287-3298. [20] LIU Y, ZHI T, XI H D, et al. A novel cache replacement scheme against cache pollution attack in content-centric networks[C]//IEEE. 2019 8th IEEE/CIC International Conference on Communications in China. New York: IEEE, 2019: 207-212. [21] SINGH V P, UJJWAL R L. Gini impurity based NDN cache pollution attack defence mechanism[J]. Journal of Information and Optimization Sciences, 2020, 41(6): 1353-1363. [22] MAN D P, MU Y J, GUO J F, et al. Cache pollution detection method based on GBDT in information-centric network[J]. Security and Communication Networks, 2021, 2021(1): 6658066. [23] BUVANESVARI R M, SURESH JOSEPH K. RBFNN: A radial basis function neural network model for detecting and mitigating the cache pollution attacks in named data networking[J]. IET Networks, 2020, 9(5): 255-261. [24] RANI P V, SHALINIE S M. FuRL: Fuzzy RBM learning framework to detect and mitigate network anomalies in information centric network[J]. Sādhanā, 2020, 45(1): 100. [25] HIDOURI A, TOUATI H, HADDED M, et al. Q-ICAN: A Q-learning based cache pollution attack mitigation approach for named data networking[J]. Computer Networks, 2023, 235: 109998. [26] NASSERALA A, BASTOS I V, MONTEIRO MORAES I. Cache nFace: A simple countermeasure for the producer-consumer collusion attack in named data networking[J]. Annals of Telecommunications, 2019, 74: 125-137. [27] ZHOU J, LUO J T, WANG J X, et al. Cache pollution prevention mechanism based on deep reinforcement learning in NDN[J]. Journal of Communications and Information Networks, 2021, 6(1): 91-100. [28] HIDOURI A, TOUATI H, HADDED M, et al. Improving NDN resilience: A novel mitigation mechanism against cache pollution attack[C]//IEEE. 2024 International Wireless Communications and Mobile Computing. New York: IEEE, 2024: 1564-1569. [29] JOSEPH K. Multi-classifier and meta-heuristic based cache pollution attacks and interest flooding attacks detection and mitigation model for named data networking[J]. Journal of Experimental and Theoretical Artificial Intelligence, 2024, 36(6): 839-864. [30] YAO L, LI J, DENG J, et al. Detection of cache pollution attack based on federated learning in ultra-dense network[J]. Computers and Security, 2023, 124: 102965. [31] CHEN C, WANG C, QIU T, et al. Caching in vehicular named data networking: Architecture, schemes and future directions[J]. IEEE Communications Surveys and Tutorials, 2020, 22(4): 2378-2407. [32] XU Z W, CHEN B, WANG N H, et al. ELDA: Towards efficient and lightweight detection of cache pollution attacks in NDN[C]//IEEE. 2015 40th Conference on Local Computer Networks. New York: IEEE, 2015: 82-90. [33] 樊娜, 李佳龙, 高宇昕, 等. 面向车载命名数据网络的联邦流行度预测方法[J]. 微电子学与计算机, 2025, 42(6): 86-96.FAN Na, LI Jia-long, GAO Yu-xin, et al. A federated popularity prediction method for vehicular named data networking[J]. Microelectronics and Computer, 2025, 42(6): 86-96. [34] ANANTHAKRISHNAN S, TAHILIANI M P, TANDUR D, et al. Group based publisher-subscriber communication primitives for ndnSIM[C]//IEEE. 2020 14th International Conference on Advanced Networks and Telecommunications Systems. New York: IEEE, 2020: 1-6. [35] ROSENSWEIG E J, KUROSE J, TOWSLEY D. Approximate models for general cache networks[C]//IEEE. 2010 Proceedings IEEE INFOCOM. New York: IEEE, 2010: 1-9. [36] ZHAN F P, JING P, RAN B. Infrastructure allocation for improving sensing accuracy and connectivity probability based on combination strategy in vehicular networks[J]. IEEE Transactions on Intelligent Transportation Systems, 2022, 23(9): 15244-15255. -
点击查看大图
计量
- 文章访问数: 410
- HTML全文浏览量: 56
- PDF下载量: 14
- 被引次数: 0
