Expect More from the Networking: DDoS Mitigation by FITT in Named Data Networking.

Distributed Denial of Service (DDoS) attacks have plagued the Internet for decades, but defenses have not fundamentally outpaced attackers. Instead, the size and rate of growth in attacks have actually outpaced carriersu0027 and DDoS mitigation servicesu0027 growth. In this paper, we comprehensively examine ways in which Named Data Networking (NDN), a proposed data-centric Internet architecture, fundamentally addresses some of the principle weaknesses in todayu0027s DDoS defenses in IP networking. We argue that NDNu0027s architectural changes (even when incrementally deployed) can make DDoS attacks fundamentally more difficult to launch and less effective. We present a new DDoS mitigation solution -- Fine-grained Interest Traffic Throttling FITT, to leverage NDNu0027s features to combat DDoS in the Internet of Things (IoT) age. FITT enables the network to detect DDoS directly from feedback from victims, throttle DDoS traffic along its exact path in the network, and perform reinforcement control over the misbehaving entities at their sources. In cases like the Mirai attacks, where smart IoT devices (smart cameras, refrigerators, etc.) were able to cripple high-capacity service providers using diverse DDoS Tactics Techniques and Procedures (TTPs), FITT would be able to precisely squelch the attack traffic at its distributed sources, without disrupting other legitimate application traffic running on the same devices. FITT offers an incrementally deployable solution for service providers to effectuate the application-level remediation at the sources, which remains unattainable in todayu0027s DDoS market. Our extensive simulations results show that FITT can effectively throttle attack traffic in a short time and achieve over 99% legitimate traffic.