在车载命名数据网络(VNDN)中, 兴趣包洪泛攻击(IFA)通过发送大量恶意兴趣包占用甚至耗尽网络资源, 导致合法用户的请求无法被满足, 严重危害了车联网的运行安全. 针对上述问题, 本文提出了一种基于流量监测的IFA检测方法. 首先构建基于RSU的分布式网络流量监测层, 每个RSU监测其通讯范围内的网络流量, RSU之间通信互联形成RSU网络流量监测层. 其次, 设定固定时间窗口, 对每个窗口内的网络流量通过信息熵、网络自相似性和奇异点3个维度进行分析. 其中, 为了利用信息熵反映兴趣包来源的分布, 在兴趣包中添加了新的字段. 最后, 综合上述3个指标, 判断兴趣包洪泛攻击的存在. 仿真实验结果表明, 本文提出的方法有效地提升了兴趣包洪泛攻击检测的准确率, 降低了误判率.
In vehicular named data network (VNDN), interest flooding attack (IFA) occupies or even exhausts network resources by sending a large number of malicious interest packets, which results in the failure to meet the requests of legitimate users and seriously endangers the operation safety of Internet of Vehicles (IoV). To solve the problems, this study proposes an IFA detection method based on traffic monitoring. Firstly, a distributed network traffic monitoring layer based on RSU is constructed, where each RSU monitors the network traffic within its communication range, and the communication interconnection between RSUs forms the RSU network traffic monitoring layer. Secondly, a fixed time window is set, and the network traffic in each window is analyzed from three dimensions, i.e., information entropy, network self-similarity, and singularity. Additionally, a new field is added to the interest packet, and thus information entropy can be used to reflect the distribution of interest packet sources. Finally, the above three indicators are comprehensively employed to judge the existence of attack. The simulation results indicate that the proposed method effectively improves the accuracy of IFA detection and reduces the misjudgment rate.