[ndnSIM] ddos-interest-flooding satisfaciont based pushback

fabrizio saponaro fab.batta at gmail.com
Fri Jun 20 02:00:22 PDT 2014 

I hope someone can help me.

Fabrizio


2014-06-06 19:19 GMT+02:00 fabrizio saponaro <fab.batta at gmail.com>:

> Hi Alex,
> I'm using your code for the interest glooding mitigation, but I've a
> problem.
> This is a simplification of my scenario:
>
> Principal POP ----- Fake Producer
>      |
>      |
>      |
>    POP A  --------- Attacker
>    |         \\
>    |           \ \
>  Producer   \ \
>                  /  \
>          Client1 ... ClientN
>
> Clients band are very low and there are some other POP connected to the
> Principal POP, but only POP A has the attacker.
> I'm using your classes, except for the Attacker and the Fake Producer.
> Attacker, during the entire simulation, sends a large amount of interest
> per second that fills the Principal POP's pit.
>
> At the end of the simulation I can see that the most download finish
> correctly, but during the time, pit is not empty as if there was no
> attack (there are a lot of entry with the prefix requiered by the attacker)
> .
> I cannot explain me why, I thought that thanks to the statistics that the
> node makes, the face connected to the attacker (so the face of POP A)should
> be enforced to refuse all the interests that come from there.
>
> Could you tell me what are the involved parameters?
> I'm using the satisfaction-based pushed algorithm, with a grace threshold
> of 0.01 and an RTT of 2 seconds, due to my settings topology needs. The
> other parameters have not been touched, so I'm using your exact version
> available on github.
>
> I also notify that printing stats on the POP A, there is something
> strange:
> -If I try to print the unsatisfiedAbs and the countAbs, I can't see all
> the interfaces, but only M-1, where M is the number of links connected to
> this node.
> -For the face connected to the Attacker, I see that unsatisfiedAbs = 0 and
> countAbs = 49.6678. I thougt should be the same values, because there are
> not datas for the fake interests.
> - Printing the announce limit, there aren't announces for the attacker
> prefix, but only for "good" prefix of a normal client.
>
> Best regards,
> Fabrizio
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.lists.cs.ucla.edu/pipermail/ndnsim/attachments/20140620/b2ac184b/attachment.html>

More information about the ndnSIM mailing list