Name filter: a countermeasure against information leakage attacks in named data networking

Named data networking (NDN) has emerged as a future networking architecture having the potential to replace the Internet. In order to do so, the NDN needs to cope with inherent problems of the Internet, such as attacks that cause information leakage from an enterprise. Since NDN has not yet been deployed on a large scale, it is currently unknown how such attacks can occur, let alone what countermeasures can be taken against them. In this paper, we first show that information leakage in NDN can be caused by malware inside an enterprise, which uses steganography to produce malicious interest names encoding confidential information. We investigate such attacks by utilizing a content name dataset based on uniform resource locators (URLs) collected by a Web crawler. Our main contribution is a name filter based on anomaly detection that takes the dataset as input and classifies a name in the Interest as legitimate or not. Our evaluation shows that the malware can exploit the path part in the URL-based NDN name to create malicious names, thus, information leakage in the NDN cannot be prevented completely. However, we show for the first time that our filter can dramatically choke the leakage throughput causing the malware to be 137 times less efficient at leaking information. This finding opens up an interesting avenue of research that could result in a safer future networking architecture.