2020, Volume 22, Issue 6
Strategic Study of CAE >> 2020, Volume 22, Issue 6 doi: 10.15302/J-SSCAE-2020.06.017
Fog Computing-Based Firewall in Information-Centric Networking
Institute of Cyber Science and Technology, Shanghai Jiao Tong University, Shanghai 200240, China
Next Previous
Abstract
The information-centric network (ICN) provides network protocols oriented to information itself, including a content-centric subscription mechanism and semantic-led naming, routing, and caching strategies. It has shown great potential in solving attacks on current IP address based network. This paper aims to propose a smart firewall model for ICN, and to build a firewall based on a semantic inference algorithm to isolate content. The ICN firewall module uses the fog computing paradigm to sense content threats from ICN, and generates customized filtering strategies for different contents. On the basis of analyzing the types of ICN attacks and the development of the fog computing architecture in ICN, this article introduces the fog-based ICN firewall model from three aspects: the overall structure of content defense, the host-oriented defense fog model, and the network-oriented defense fog model. This article also proposes an ICN-oriented detection and defense mechanism in order to alleviate the interest flooding attacks. Finally, by building the ndnSIM network simulation platform, this article evaluates the ICN cache hit rate and network communication delay, and verifies the feasibility and efficiency of the proposed fog computing-based ICN firewall module and defense algorithm.
Figures
图 1
图 2
图 3
图 4
References
[ 1 ] Arshad S, Azam M A, Rehmani M H, et al. Recent advances in information-centric networking-based Internet of things (ICN-IoT) [J]. IEEE Internet of Things Journal, 2018, 6(2): 2128-2158. link1
[ 2 ] Varas C, Hirsch T. Self protection through collaboration using D-CAF: A distributed context-aware firewall [C]. Glyfada: 2009 Third International Conference on Emerging Security Information, Systems and Technologies, 2009.
[ 3 ] Kondo D, Silverston T, Tode H, et al. Name anomaly detection for ICN [C]. Rome: 2016 IEEE International Symposium on Local and Metropolitan Area Networks (LANMAN), 2016.
[ 4 ] La Polla M, Martinelli F, Sgandurra D. A survey on security for mobile devices [J]. IEEE Communications Surveys & Tutorials, 2012, 15(1): 446-471. link1
[ 5 ] Igure V M, Williams R D. Taxonomies of attacks and vulnerabilities in computer systems [J]. IEEE Communications Surveys & Tutorials, 2008, 10(1): 6-19. link1
[ 6 ] AbdAllah E G, Hassanein H S, Zulkernine M. A survey of security attacks in information-centric networking [J]. IEEE Communications Surveys & Tutorials, 2015, 17(3): 1441-1454. link1
[ 7 ] Dannewitz C, Golic J, Ohlman B, et al. Secure naming for a network of information [C]. San Diego: 2010 INFOCOM IEEE Conference on Computer Communications Workshops, 2010.
[ 8 ] Zeng D Z, Gu L, Guo S, et al. Joint optimization of task scheduling and image placement in fog computing supported software-defined embedded system [J]. IEEE Transactions on Computers, 2016, 65(12): 3702-3712. link1
[ 9 ] Aazam M, Huh E N. Fog computing: The cloud-IoT///IoE middleware paradigm [J]. IEEE Potentials, 2016, 35(3): 40-44. link1
京公网安备 11010502051620号
