Abstract
TCP/IP protocol suite has served as the backbone of the Internet for many years, facilitating robust global communication. However, with the evolving Internet landscape, inherent limitations of this suite, such as inefficient content retrieval and constraints in mobility and multicast support, have become increasingly evident. To overcome these limitations, researchers developed the Named Data Networks (NDN) concept. NDN shifts the focus from IP addresses to data names and improves data retrieval by enabling in-network caching. This caching reduces latency and network congestion, making data access faster and more efficient. Lately, NDN has been found to be vulnerable to Interest Flooding Attacks (IFA), where attacks overwhelm intermediate routers with malicious Interest packets. This leads to resource exhaustion and service interruptions. To detect these attacks, researchers in the community proposed several rate-limiting mechanisms. However, these mechanisms cannot detect the newly disclosed induced IFA variants. In this paper, we propose a chi-square-based detection approach that can be deployed as the first line of defense to detect these newly disclosed attacks. The proposed approach compares a normal NDN traffic profile with the traffic profiles generated during the testing phase. If the profiles deviate significantly from each other, the proposed approach detects the presence of anomalous traffic. We conducted extensive experiments by considering various parameters to test the detection performance of the proposed approach and furnish the results. The results show that the approach can detect attacks in different scenarios with high accuracy.