Name filter: a countermeasure against information leakage attacks in named data networking

Daishi Kondo, Thomas Silverston, Vassilis Vassiliades, Hideki Tode, Tohru Asami

研究成果: Article

抄録

Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

元の言語English
記事番号8506363
ページ(範囲)65151-65170
ページ数20
ジャーナルIEEE Access
6
DOI
出版物ステータスPublished - 2018 1 1

Fingerprint

Websites
Internet
Steganography
Electric inductors
Industry
Throughput
Malware
Web crawler

ASJC Scopus subject areas

  • Computer Science(all)
  • Materials Science(all)
  • Engineering(all)

これを引用

Name filter : a countermeasure against information leakage attacks in named data networking. / Kondo, Daishi; Silverston, Thomas; Vassiliades, Vassilis; Tode, Hideki; Asami, Tohru.

:: IEEE Access, 巻 6, 8506363, 01.01.2018, p. 65151-65170.

研究成果: Article

Kondo, Daishi ; Silverston, Thomas ; Vassiliades, Vassilis ; Tode, Hideki ; Asami, Tohru. / Name filter : a countermeasure against information leakage attacks in named data networking. :: IEEE Access. 2018 ; 巻 6. pp. 65151-65170.
@article{fd2f4c3993c94f4da6740ea7e3ce4da8,
title = "Name filter: a countermeasure against information leakage attacks in named data networking",
abstract = "Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.",
keywords = "Firewall, Information leakage attack, Name filter, Named data networking",
author = "Daishi Kondo and Thomas Silverston and Vassilis Vassiliades and Hideki Tode and Tohru Asami",
year = "2018",
month = "1",
day = "1",
doi = "10.1109/ACCESS.2018.2877792",
language = "English",
volume = "6",
pages = "65151--65170",
journal = "IEEE Access",
issn = "2169-3536",
publisher = "Institute of Electrical and Electronics Engineers Inc.",

}

TY - JOUR

T1 - Name filter

T2 - a countermeasure against information leakage attacks in named data networking

AU - Kondo, Daishi

AU - Silverston, Thomas

AU - Vassiliades, Vassilis

AU - Tode, Hideki

AU - Asami, Tohru

PY - 2018/1/1

Y1 - 2018/1/1

N2 - Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

AB - Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.

KW - Firewall

KW - Information leakage attack

KW - Name filter

KW - Named data networking

UR - http://www.scopus.com/inward/record.url?scp=85055718068&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85055718068&partnerID=8YFLogxK

U2 - 10.1109/ACCESS.2018.2877792

DO - 10.1109/ACCESS.2018.2877792

M3 - Article

AN - SCOPUS:85055718068

VL - 6

SP - 65151

EP - 65170

JO - IEEE Access

JF - IEEE Access

SN - 2169-3536

M1 - 8506363

ER -