APPARATUS AND METHOD FOR DETECTING SERVICE REJECTION ATTACK IN CONTENT CENTRIC NETWORK

摘要

Disclosed are an apparatus and a method for detecting a service rejection attack in a content centric network. The apparatus for detecting a service rejection attack according to an embodiment of the present invention comprises: a storage unit for storing the number of received interests and the number of transmitted data in every unit time; an inflow ratio change calculation unit for calculating a square value of a Hellinger distance indicating an inflow ratio change of interests and data in the nth unit time, using a received interest probability distribution and a transmitted data probability distribution according to the number of received interests and the number of transmitted data in the nth unit time, and a received interest probability distribution sequence and a transmitted data probability distribution sequence, which are sets of received interest probability distributions and transmitted data probability distributions according to the number of received interests and the number of transmitted data up to the (n-1)th unit time, respectively, and performing an exponential weighted moving averaging on the square value of the Hellinger distance; a threshold calculation unit for calculating a dynamic threshold, which is a reference for determining whether there is a service rejection attack in the nth time unit, using an arithmetic mean of square values of the Hellinger distance indicating an inflow change of interests and data up to the (n-1)th unit time, a value obtained by performing the exponential weighted moving averaging on the square value of the Hellinger distance corresponding to an inflow ratio change of interests and data in the (n-1)th unit time, and a ratio between the number of received interests and the number of transmitted data in the (n-1)th unit time; and a detection unit for detecting whether a service rejection attack is generated, by comparing the dynamic threshold with the value obtained by performing the exponential weighted moving averaging on the square value of the Hellinger distance.