摘要
信息中心网络(ICN)通过提供面向信息本身的网络协议,包括以内容为中心的订阅机制和以语义主导的命名、路由和缓存策略,在解决当前基于IP地址联网模式的攻击问题方面展现出极大的潜力。本文旨在为ICN提出一种智能防火墙模型,构建基于语义推理的内容隔离防火墙,运用基于雾计算的ICN防火墙技术,感知来自ICN的内容威胁,并针对不同内容生成定制的过滤策略。在分析ICN面临的攻击类型、梳理ICN中雾计算架构发展情况的基础上,从内容防御整体结构、面向主机的单体防御雾模型、面向网络的区域防御雾模型三方面阐述了基于雾计算的ICN防火墙架构;同时为缓解兴趣洪泛攻击,提出了一种面向ICN的检测及防御机制。搭建ndnSIM网络仿真平台,完成了对ICN的缓存命中率、网络通信时延的性能评估,验证了基于雾计算的ICN防火墙技术及相关防御算法的可行性和高效性。
The information-centric network(ICN)provides network protocols oriented to information itself,including a content-centric subscription mechanism and semantic-led naming,routing,and caching strategies.It has shown great potential in solving attacks on current IP address based network.This paper aims to propose a smart firewall model for ICN,and to build a firewall based on a semantic inference algorithm to isolate content.The ICN firewall module uses the fog computing paradigm to sense content threats from ICN,and generates customized filtering strategies for different contents.On the basis of analyzing the types of ICN attacks and the development of the fog computing architecture in ICN,this article introduces the fog-based ICN firewall model from three aspects:the overall structure of content defense,the host-oriented defense fog model,and the network-oriented defense fog model.This article also proposes an ICN-oriented detection and defense mechanism in order to alleviate the interest flooding attacks.Finally,by building the ndnSIM network simulation platform,this article evaluates the ICN cache hit rate and network communication delay,and verifies the feasibility and efficiency of the proposed fog computing-based ICN firewall module and defense algorithm.
作者
刘毅
李建华
Liu Yi;Li Jianhua(Institute of Cyber Science and Technology,Shanghai Jiao Tong University,Shanghai 200240,China)
出处
《中国工程科学》
CSCD
北大核心
2020年第6期128-135,共8页
Strategic Study of CAE
基金
中国工程院咨询项目“网络空间安全保障战略研究”(2017-XY-45)。
关键词
信息中心网络
雾计算
兴趣洪泛攻击
防火墙
information-centric networking
fog computing
interest flooding attack
firewall
