Abdelhak, Ph.D. student in collaboration with National School for Computer Science (ENSI) – Tunisia, will defend his Ph.D. thesis on April15, 2025, at 1.30 p.m, in the room 37.4.43 at Cnam, 2 rue Conté, 75003.
PhD Title: Intelligent Approach to Improve the Security of Named Data Networks
PhD Title (French): Approche intelligente pour améliorer la sécurité de l’architecture Named Data Networking
Abstract
Named Data Networking (NDN) represents a paradigm shift in internet architecture, offering a data-centric approach that addresses fundamental limitations of the current IP-based infrastructure. By focusing on what users want rather than where data resides, NDN facilitates efficient content distribution, enhanced security, and improved resilience. NDN’s inherent support for caching, built-in security model, graceful handling of intermittent connectivity, and name-based routing offer significant advantages for modern networking, particularly in the context of streaming media, IoT, and Edge Computing.
Despite these benefits, NDN faces critical security challenges, most notably Cache Pollution Attacks (CPAs). CPAs exploit NDN’s caching mechanisms by injecting unpopular content, degrading cache performance and negatively impacting legitimate users. This thesis addresses the urgent need for robust CPA detection and mitigation strategies. It begins with a comprehensive state-of-the-art review of existing techniques, analyzing their strengths and weaknesses, and highlighting key research gaps. A detailed impact analysis of CPAs on NDN performance is also presented, underscoring the necessity for more effective solutions.
To address these challenges, this thesis proposes a series of novel CPA detection and mitigation mechanisms. First, a statistically-based solution, ICAN (Intrusion detection system for CPA Attacks in NDN), is introduced. ICAN leverages key network metrics, including Cache Hit Ratio, Interest Inter-Arrival Time, hop count variation, and prefix variations, for lightweight, and accurate attack detection and mitigation. Second,
recognizing the limitations of ICAN’s reliance on predefined thresholds, a Q-Learning-based solution, Q-ICAN, is developed. Q-ICAN employs reinforcement learning agents within NDN routers to autonomously and adaptively detect and mitigate CPAs, learning from network traffic patterns and dynamically adjusting to changing conditions. This approach proactively mitigates attacks at the interest packet level, a key differentiator from existing solutions.
Finally, to further enhance performance and address the limitations of Q-ICAN in complex, high-dimensional environments, Deep Q-ICAN, a Deep Reinforcement Learning-based solution, is presented. Deep Q-ICAN utilizes Deep Neural Networks to approximate Q-values, enabling efficient handling of large state spaces and continuous action streams. Extensive simulations across various real-world topologies demonstrate the significant performance improvements achieved by Deep Q-ICAN. Specifically, Deep Q-ICAN achieves a 98% Cache Hit Ratio, reduces Average Retrieval Delay to 0.065s, and achieves a CPA detection accuracy of 98.87%, outperforming state-of-the-art solutions and representing a significant advancement in NDN security.
Abdelhak’s publications
Journal articles
- Abdelhak Hidouri, Haifa Touati, Mohamed Hadded, Nasreddine Hajlaoui, Paul Mühlethaler, et al.. Q-ICAN: A Q-learning based Cache Pollution Attack Mitigation Approach for Named Data Networking. Computer Networks, 2023, 235, pp.109998. ⟨10.1016/j.comnet.2023.109998⟩. ⟨hal-04425117⟩
- Abdelhak Hidouri, Nasreddine Hajlaoui, Haifa Touati, Mohamed Hadded, Paul Muhlethaler. A Survey on Security Attacks and Intrusion Detection Mechanisms in Named Data Networking. Computers, 2022, ⟨10.3390/computers11120186⟩. ⟨hal-03935122⟩
Conference papers
- Abdelhak Hidouri, Haifa Touati, Mohamed Hadded, Nasreddine Hajlaoui, Paul Muhlethaler, et al.. Improving NDN Resilience: A Novel Mitigation Mechanism Against Cache Pollution Attack. 2024 International Wireless Communications and Mobile Computing (IWCMC), May 2024, Ayia Napa, Cyprus. pp.1564-1569, ⟨10.1109/IWCMC61514.2024.10592566⟩. ⟨hal-04661666⟩
- Abdelhak Hidouri, Mohamed Hadded, Haifa Touati, Nasreddine Hajlaoui, Paul Muhlethaler. Attacks, Detection Mechanisms and Their Limits in Named Data Networking (NDN). ICCSA 2023 - 23rd International Conference on Computational Science and Its Applications, Jul 2022, Malaga, Spain. ⟨hal-03933012⟩
- Abdelhak Hidouri, Haifa Touati, Mohamed Hadded, Nasreddine Hajlaoui, Paul Muhlethaler. A Detection Mechanism for Cache Pollution Attack in Named Data Network Architecture. AINA 2022. - International Conference on Advanced Information Networking and Applications, Apr 2022, Sydney, Australia. pp.435-446, ⟨10.1007/978-3-030-99584-3_38⟩. ⟨hal-03933549⟩
- Abdelhak Hidouri, Mohamed Hadded, Nasreddine Hajlaoui, Haifa Touati, Paul Mühlethaler. Cache Pollution Attacks in the NDN Architecture: Impact and Analysis. SoftCOM 2021 - 29th International Conference on Software, Telecommunications and Computer Networks, Sep 2021, Hvar, Croatia. ⟨hal-03364489⟩
Powered by HAL 
