Name filter

a countermeasure against information leakage attacks in named data networking

Daishi Kondo, Thomas Silverston, Vassilis Vassiliades, Hideki Tode, Tohru Asami

Research output: Contribution to journalArticle

Abstract

Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

Original languageEnglish
Article number8506363
Pages (from-to)65151-65170
Number of pages20
JournalIEEE Access
Volume6
DOIs
Publication statusPublished - 2018 Jan 1

Fingerprint

Websites
Internet
Steganography
Electric inductors
Industry
Throughput
Malware
Web crawler

Keywords

  • Firewall
  • Information leakage attack
  • Name filter
  • Named data networking

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

Cite this

Name filter : a countermeasure against information leakage attacks in named data networking. / Kondo, Daishi; Silverston, Thomas; Vassiliades, Vassilis; Tode, Hideki; Asami, Tohru.

In: IEEE Access, Vol. 6, 8506363, 01.01.2018, p. 65151-65170.

Research output: Contribution to journalArticle

Kondo, Daishi ; Silverston, Thomas ; Vassiliades, Vassilis ; Tode, Hideki ; Asami, Tohru. / Name filter : a countermeasure against information leakage attacks in named data networking. In: IEEE Access. 2018 ; Vol. 6. pp. 65151-65170.
@article{fd2f4c3993c94f4da6740ea7e3ce4da8,
title = "Name filter: a countermeasure against information leakage attacks in named data networking",
abstract = "Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.",
keywords = "Firewall, Information leakage attack, Name filter, Named data networking",
author = "Daishi Kondo and Thomas Silverston and Vassilis Vassiliades and Hideki Tode and Tohru Asami",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/ACCESS.2018.2877792",
language = "English",
volume = "6",
pages = "65151--65170",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Name filter

T2 - a countermeasure against information leakage attacks in named data networking

AU - Kondo, Daishi

AU - Silverston, Thomas

AU - Vassiliades, Vassilis

AU - Tode, Hideki

AU - Asami, Tohru

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

AB - Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

KW - Firewall

KW - Information leakage attack

KW - Name filter

KW - Named data networking

UR - http://www.scopus.com/inward/record.url?scp=85055718068&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055718068&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2877792

DO - 10.1109/ACCESS.2018.2877792

M3 - Article

VL - 6

SP - 65151

EP - 65170

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8506363

ER -