Interest ﬂooding attack mitigation in a vehicular named data network

Vehicular named data network (VNDN) is the next-generation network architecture for intelligent transportation system. Contrary to the conventional transmission control pro-tocol/internet protocol (TCP/IP) communication model, VNDN follows a data-centric approach where the user is interested in ‘WHAT’ instead of ‘WHERE’. Interest ﬂooding attack (IFA) is one of the prominent security concerns in VNDNs. In IFA, attackers request for non-existent content to exhaust network resources and cause Interest packet ﬂooding across the network. A novel attack mitigation scheme to counter IFA in VNDN has been proposed in this study. The proposed priority-based per-ﬂow Interest rate monitoring (PP-FIRM) scheme determines the suspicious ﬂow of malicious incoming Interest packets in attacked vehicles. A priority ﬂag is assigned to the incoming ﬂow of Interest packets that detects the occurrence of an attack. The priority of incoming Interest packet ﬂow is calculated using a collaborative or neighbour-assisted approach. A comparison with another attack mitigation scheme validates that the proposed scheme performs better in terms of an improved cache hit ratio and Interest satisfaction ratio during the attack window. Besides this, pending Interest table utilisation, packet collisions rate, Interest packets retransmission count, end-to-end delay, and the ratio of timed out Interest packets have also been reduced. Furthermore, the scalability of the proposed research strategy is also evaluated by changing the density of attackers


INTRODUCTION
Intelligent transportation system (ITS) [1] has proposed to cater to the need for traffic security and management in autonomous driving system [2]. Vehicular ad hoc network (VANET) [3,4] is considered a part of ITS as it delivers valuable services. In VANET, vehicles are responsible to send, receive and relay information. Vehicles are equipped with on-board unit, radio transmitter, collision avoidance sensors, and wireless transmitters for sending and receiving data [5]. A VANET provides infotainment services including multimedia data, which cannot tolerate massive delays. It is reported in the Cisco Visual Networking Index that Internet traffic will reach up to 396 exabytes per month by 2022 [6]. The use of a conventional TCP/IP model in VANET for the dissemination of bulky data is not feasible effective and reliable data dissemination for connected vehicles [10]. Rather than securing a communication channel, NDN secures data itself. Though it lacks protection against denial of service (DoS) [11] or distributed-DoS (DDoS) attacks [12]. Interest flooding attack (IFA) is one of the DDoS attacks in VNDN where the attacker sends numerous fake requests and blocks the valid requests from legitimate vehicles. The motivation behind this research work is to mitigate the IFA that leads packet broadcast storm of uncontrolled and unsolicited traffic across VNDN.
Moreover, existing IFA mitigation schemes are resource extensive, which is not a feasible option for the VNDN environment. Furthermore, in previous IFA mitigation schemes, multipath routing has been merely highlighted. Therefore, in this research work, we have proposed a novel priority-based per-flow Interest rate monitoring (PP-FIRM) strategy that efficiently detects the suspicious flow of Interest packets and triggers attack recovery mechanism to reduce the effect of IFA. Furthermore, attack prevention at intermediate nodes has also been considered in the proposed attack mitigation model. The attack prevention phase is viable in reducing the scale of IFA in a VNDN scenario. The main contributions of this research work are as follows: 1. A novel PP-FIRM is proposed to effectively mitigate IFA in a VNDN environment implementing priority-based attack detection and a collaborative approach to avoid overreaction.

The proposed scheme calculates the priority of incoming
Interests and only forwards Interests with high priority as opposed to the per-face Interests rate monitoring schemes [13][14][15][16], which only reduce the rate of incoming Interests. As a result, the proposed scheme prevents a large number of legitimate Interests with unbound delays, and the Interests drop rate is reduced as well. 3. Unlike other existing Interest rate monitoring scheme [16], the proposed scheme is resilient to flooding of unsolicited Interests. 4. Several simulations have been performed to evaluate the efficiency of PP-FIRM and congestion-based IFA mitigation [16]. The simulation results show that the proposed scheme can effectively mitigate IFA and reduce unnecessary broadcast of malicious Interest packets.
The rest of this study is organised as follows. Section 2 presents the VNDN overview and its packet forwarding daemon. Section 3 exhibits related work. The proposed PP-FIRM is described in Section 4. Experimentation and results are elaborated in Section 5. Section 6 concludes the study.

2
VEHICULAR NAMED DATA NETWORK: AN OVERVIEW NDN-enabled VANET is known as Vehicular Named Data Network (VNDN). VNDN is an extension of wired NDN architecture with certain modifications due to vehicle mobility and network scalability. Another similar architecture named data vehicular network [33] has been proposed as a conceptual model that claims to support the multicast Interest forwarding model. VNDN provides better support for vehicular environments in terms of reliable and quick message propagation. Also, VNDN decouples the underlying communication plane from location and content distribution services. Moreover, support for data dissemination through multiple radio interfaces increases reliability and data acquisition.

VNDN architecture and forwarding daemon
Data in VNDN is delivered in a pull-based fashion; hence, this scheme is also known as a data-driven approach. The data requesting node is called consumer or subscriber, and the destination node is called publisher or data/content producer. Intermediate nodes support the rapid content delivery process and perform the job of relaying vehicle and potential content source. In VNDN, a vehicular node has to maintain three data structures of pending Interest table (PIT), content store (CS), and forwarding information base (FIB). PIT is a table containing a list of unsatisfied pending Interest packets followed by the incoming interface(s) [33]. CS performs the task of in-network caching and contains a chunk of the most frequently used data. FIB maintains name prefixes followed by outgoing faces and performs packet routing and forwarding operations as in the TCP/IP model [34,35]. Figure 1 depicts all three data structures being maintained in intermediate nodes.

Interest flooding attack
IFA is a type of DoS attack, where the attacker(s) send malicious requests to all neighbouring nodes [36]. These malicious requests fill up buffer space of vehicular node(s), and as a result, valid requests are discarded. Sometimes these malicious Interest packets collude with the server to attack any victim router (i.e. collusive-IFA) [37]. DoS attack in VNDN is quite different as compared to native TCP/IP architecture. Usually, in a hostcentric approach, a DoS attack is generated to target a specific server or network device. The consequences of a DoS attack in VNDN are more severe since the attack not only compromises a specific content source but all the intermediate nodes along its path as shown in Figure 2. The goal of the malicious node is to flood a large number of Interest packets with valid prefix but invalid suffix. These malicious Interest packets are created in the PIT of every intermediate node [38]. Eventually, the PIT of compromised intermediate nodes reaches its capacity and ultimately drop packets.

Related Work
This section reviews some existing attack mitigation solutions designed for named-centric networks. Countermeasures of IFA in named-centric networks comprise two phases, namely, detection and recovery. The detection phase identifies the malicious face or targeted prefix, whereas the recovery phase either limits the ratio of incoming Interest packets at a suspicious face or blocks entire traffic arriving on that suspicious face(s). Initially, per-face rate monitoring, statistical and hypothetical testingbased approaches have been adapted to limit the rate of malicious Interest packets. ISR is one of the detection mechanisms used to cope with IFA. ISR is the ratio of data packets sent and the number of incoming Interest packets received. Upon detection of an attack, the routing node limits Interest arrival rate on the suspicious interface. Authors in [13] have developed an IFA mitigation scheme based upon the PIT utilisation rate. However, there is no standard to set the threshold value for ISR. PIT size monitoring needs distributed content nodes for computation. This causes dependency and if any of the content router malfunctions, the technique under execution cannot produce any fruitful results. Authors in [14] have used Theil-based countermeasure to mitigate IFA. Theil index is calculated based upon the uneven distribution of incoming Interest packets through the interface(s). Intra-and inter-group are formed for incoming Interest packets. When an attacker generates IFA, the frequency of forged names increases immensely. The purpose behind grouping is to evaluate the distribution of incoming Interest packets and the contribution of group differences. When an attacker launches an attack, it sends a large number of malicious Interest packets that ultimately disturbs the distribution of Interest packets. As a result, Thiel's entropy value will go beyond the pre-determined normal range, which signifies that the system is under attack. Similarly, in [15], authors have used entropy value along with ISR and PIT utilisation ratio that reflects variation caused by an attack. An attack detector is deployed as a classifier to predict suspicious behaviour of the network using collected parameters. Additionally, support vector machine (SVM) has been used to learn network anomalies. SVM is a supervised learning model used to train systems for classification and regression analysis. Another IFA mitigation method based on incoming Interest packet flow and PIT consumption rate has been proposed in [16]. The authors have introduced the congestion parameter to ensure the valid detection of the attack. ISR and the congestion value of each interface are considered to detect IFA. Whenever specified values of the node's incoming face exceed a threshold value, intermediate nodes consider that flow as suspicious and eventually limit the rate of incoming traffic.
The statistical approach is reactive and relies on network values based upon PIT expiration rate and PIT occupancy rate to identify any abnormal traffic pattern. In [17], the authors used node's reputation value (RV) as a metric that is calculated by each intermediate node to either accept or reject the incoming Interest packet. RV calculated using a collaborative approach is shared between neighbours. The authors have used a statistical-based hypothetical testing theory with Neyman-Pearson dual-criteria methodology. This approach does not depend on the router's calculated statistical values and provides a consistent solution for IFA mitigation, though in the composite hypothesis approach, scalability issues are present. In [18], the authors proposed the IFA detection and prevention mechanism based upon a centralised controller. In this network topology, nodes are directly connected with access routers, which detect the abnormal behaviour of incoming packets passing through radio interfaces of the node(s). The authors have classified their attack mitigation scheme as local and global IFA detection. Whenever an access router finds any unusual traffic flow at a certain face(s) of a node, it immediately notifies the central controller about any possible attack. Finally, access routers block the malicious traffic as directed by the access router. This mechanism does not guarantee that legitimate Interest packets will never be discarded. Likewise, in [19], a threshold value is set for many suspicious (Y s ) and timed out Interests (Y t ). Access routers intimate the central controller as Y s exceeds Y t . Statistical-based solutions are effective; however, they require high computational resources that are scarce in a VNDN scenario. Table 1 depicts various statistical and per-face Interest rate monitoring schemes for IFA mitigation in NDN.  In-network caching is supported in NDN to enable instant content delivery and to avoid packet redundancy. Primarily, the Interest packet is only flooded when the requested content is unavailable in the CS, so there is a requirement to deploy an effective and adaptive caching policy in mobile nodes. In a VNDN, the mobility of vehicles reduces the efficiency of the caching mechanism. In [20], the authors proposed cooperative caching with mobility prediction, which undergoes the clustering of vehicles having similar mobility patterns. In [21], the authors proposed neighbourhood selective caching (NSC) based on distributed proactive caching. The idea behind NSC is to cache content one hop away from the content source. In [22], opportunistic caching has been adopted for caching popular data at intermediate nodes. Each intermediate node maintains its content popularity statistics that help to increase the cache hit ratio (CHR). The aim is to enhance content delivery services. In [23], authors have proposed a machine learningbased solution called deep-cache framework. In this method, long short-term memory encoder-decoder is implemented to determine the rate of the requested content. The authors in [24] have proposed 'mobility aware edge caching' by incorporating an age threshold scheme to cache the right content at the right time, otherwise the essence of in-network caching becomes useless. In [25], the authors introduced a probabilistic caching approach based upon cache occupancy and link stability between the sender and receiver. Cache occupancy defines the probability of requested content, whereas relative movements decide link stability between communicating vehicles. Moreover, cached content is distributed relative to the application type of requested data. Caching schemes are essential to limit the flood-ing of malicious Interest packets. A comparison of various innetwork caching approaches is presented in Table 2.
To reduce the scale of IFA and packet broadcast storming, efficient packet forwarding is required. NDN deploys separate routing and forwarding plane for efficient dissemination of Interest and data packets. Ad hoc networks can encounter various packet relaying challenges that invoke IFA and ultimately affect the propagation of packets [26]. Several packet forwarding techniques have been proposed to handle the flooding of unsolicited packets. In [27], the authors have optimised multipath packet forwarding to support seamless packet transmission. The proposed scheme consumes low bandwidth using a global optimisation problem. In [28], the authors proposed a distance-based IFA mitigation scheme known as intersectionbased forward selection (IBFS) that is more effective than an individual level mitigation strategy. In IBFS, trajectory information of each vehicle is shared with its neighbours across the radio range. By doing this, the location of the potential data producer or consumer is determined. A relay or forwarding node is selected to avoid flooding of Interest and data packets. Distributed interest forwarder selection [29], is one of the packet forwarder selection mechanisms where two forwarding nodes are selected. This is done to cover a large transmission area and less propagation delay. The selection of two forwarders also alleviates hop-by-hop transmission. In [30], the authors proposed a novel statistical approach based on collaborative mitigation algorithms for the detection of IFA. The proposed mechanism relies on a charging and rewarding mechanism. Virtual money has been assigned to every intermediate or forwarding node. The charging mechanism deals with charging users Distinct from the aforementioned countermeasures, the proposed IFA mitigation method known as a PP-FIRM efficiently identifies suspicious flow of Interest packets and triggers attack recovery mechanism to reduce the effect of IFA. Each flow of incoming Interest packets has been assigned priority according to the cumulative network statistics. The interface(s) with low priority has been declared as suspicious. Furthermore, attack prevention at intermediate nodes has also been considered in the proposed attack mitigation model. Table 3 shows various packet forwarding schemes in NDN for IFA prevention.

PP-FIRM SCHEME
The drawback of per-face limiting schemes is that along with malicious Interest packets, legitimate Interest packets are also dropped, which compromises the ISR of the network. We have implemented a novel (PP-FIRM strategy that efficiently identifies the suspicious flow of Interest packets in multipath routing scenarios. It then triggers the attack recovery mechanism to reduce the effect of IFA. Furthermore, attack reaction at intermediate nodes has also been considered. Moreover, the proposed attack mitigation scheme has introduced the attack prevention phase, where uncontrolled flooding of Interest packets has been handled. This phase is viable in reducing the scale of IFA in a VNDN scenario. This section presents the proposed PP-FIRM scheme to mitigate IFA in NDN-enabled vehicular environment. The basic idea of the proposed strategy is to reduce the flow of malicious Interest packets. The priority of an incoming Interest packet

Architecture of the proposed scheme
The primary module of the proposed scheme is an Interest packet flow monitor. This module considers the flow of Interest packets as a single object. Primarily, Interests flow is monitored via a radio interface to make sure to which flow it belongs. Two fields, that is, priority flag and hop count have been appended in the Interest packet. Priority flag is used to avoid transmission of malicious Interest packets, whereas hop count value is helpful to limit further dissemination across the network. A per-flow monitoring module is introduced that encapsulates the basic PIT structure as shown in Figure 3. As the normal flow of the Interest packet is determined, the packet flow is passed to this flow monitoring module, which is responsible for collecting the per-flow state of Interest packets. The flow monitoring module handles the transmission of incoming Interest packets from each face of the vehicular node. This flow of incoming Interest packets arriving from different faces is taken as a single flow object, to differentiate previously known and unknown flow. Flow monitoring module keeps track of departures and drops of Interest packets, collected count of Interest packet and byte arrivals. The per-flow monitor has four components, that is,

Priority checker
The priority checker serves as an essential parameter to predict the system under attack. Whenever the unknown flow of Interest packets enters through the radio face, priority is assigned to each flow. After a few iterations, the Interest packet flow that has the lowest priority level is suspended and moved to a suspicious list. It is worth mentioning here that ISR, packet drop rate, cache hit/miss ratio, and hop count values are considered to avoid the probability of false alarms during the attack detection process. Values of ISR, CHR, the number of hops traversed, delay, and the number of legitimate Interest packets have been used for assigning priority to incoming Interest packet flow.

Suspicious list
This component has been introduced to discard the flow of incoming Interest packets before the PIT lockstep process. Suspicious prefixes list helps in the early detection of IFA, and thus reduces the PIT utilisation ratio. False detection of IFA and discarding of legitimate Interest packets alongside malicious ones results in low ISR value. A suspicious list contains a set of incoming Interest packets that are declared as suspicious during the IFA detection phase. The proposed system uses a collaborative approach to validate the suspicious flow of incoming Interest packets. For this reason, the proposed system undergoes multiple iterations to correctly determine the suspicious flow of incoming Interest packets. We have set the threshold value for Interest packet flow as 0.5 to determine suspicious transmission. After several simulations, it is found that a threshold value greater than 0.5 allows more malicious Interest packets to reside in PIT that ultimately reduces ISR.

Prefix scheduler
As the name suggests, this module is responsible to sort the flow of incoming Interest packet(s) prefixes according to the assigned priority. This increases the probability of a legitimate flow of Interest packets. Moreover, least chance is given to the malicious flow of Interest packets that ultimately reduces ISR and increases Interest retransmission count.

Detection phase algorithm
The overall procedure of attack detection is illustrated in Algorithm 1. Whenever a vehicle receives Interest packet(s), it executes the following checks

9.
DECREMENT P, 10.  (1) Second, the prefix is analysed to validate the prefix format of incoming Interest packet(s). This is done to protect the NONCE list from storing invalid Interest prefix.
(i) After that, the metrics collection process is initiated that completes in five cycles. In the beginning, priority (P i ) is checked for a previously known flow. If priority is found below 0.5, that flow is declared as suspicious and moved to a suspicious PL. P i is decremented and neighbours get intimation of attack (lines 5-10). (ii) The proposed system triggers false attack detection if the threshold value is kept below 0.5; hence, the defined threshold value gives the most optimal results. (iii) Before transmitting Interest packets to PIT lookup, scheduling is performed to forward high-priority Interest packets. (iv) Then, a suspicious list check is processed to instantly discard the prioritised incoming flow of Interest packets if the threshold value is found below 0.5 (line 11). Finally, the flow of Interest packets having a threshold count of priority more than 0.5 is allowed to start the PIT and CS lookup process (lines [16][17]. For the priority assignment at each victim and normal node(s), the following calculations are needed to be performed to avoid false detection of IFA.

Number of Data packets Received i Number of Interest Packets Sent
Here, Equation (2) Likewise, in Equation (3), the aggregate value of the average incoming Interest packet rate is calculated at each interface i.
Here, trans Updated Avg n is the value of the updated rate of incoming Interest packets at n interfaces. PrevAvg i represents the newly calculated current average rate of incoming Interest packets at the ith interface, while inr i represents the incoming rate of Interest packets at the ith node to time.
A skew factor is needed that In Equation (4), N L denotes the number of legitimate Interest packets besides malicious ones under IFA. Hence, the rate of incoming Interest packets has the following effect on IFA.
Size of Data chunk [B] The delay parameter is used to calculate the estimated arrival time of the data packet. Moreover, the link capacity for the flow of the Interest packet is calculated to reduce uncontrolled flooding of malicious Interest packets. Equation (5) shows the calculation of ISD, that is, link capacity for a flow of Interest packets. The rate of Interest packet flow through each link is set as 400 ms to maximise the probability of content delivery. In VNDN, 400 ms is an optimal average time for the Interest packet to reach the nearest relay node. Ten simulations are performed to get this average value of Interest packet flow via each link.
For calculation of hop traverse (HT) value by Interest packet at an intermediate node, the following equation has been used: In Equation (6), h i is hop count at current node and B denotes marginal count to get data chunk. To prevent flooding of uncontrolled malicious Interest packets across the network, the maximum threshold value of HT is set to 5. With repeated simulations, it is observed that end-to-end delay increases if the value of HT is set above 5.
Priority value at ith node (P i ) is calculated using Equation (7): where the lower bound of P i is greater than 0, while the upper bound is set dynamically.

Malicious Interest packet processing in Recovery Phase
The recovery phase is triggered when the suspicious flow of Interest packets is discarded. For the detection of malicious sources, the Interest push back mechanism is highly preferable. The proposed scheme has implemented a priority-based Interest push back algorithm, where the backtracking process is executed based on the priority of radio interface(s). Algorithm 2 specifies the attack recovery mechanism of the proposed IFA mitigation model. Upon receiving a suspicious flow of Interest packets F(ά), the following counter steps are performed (lines 1-10): (i) Upon receiving a discarded flow of Interest Packets F(ά), the respective interface has been declared suspicious and priority is decremented. (ii) After that, fairness queues have been maintained for each face. This is done to establish fairness among radio faces. (iii) The suspicious face f i is allocated low fairness to limit the suspicious flow of incoming Interest packets. Priority (P i ) and Interest lifetime of F(ά) are also reduced to avoid PIT overflow (lines 2-3). (iv) Neighbouring vehicles get intimated about the suspicious flow of Interest packets N(ά) (line 4). (v) Finally, the backtracking process is executed to identify attacking vehicles V(ά) (lines 6-9).
In both algorithms, the time complexity is linear and calculated as O(n), where n is the flow of incoming Interests. For congestion calculation in [16], the authors take two parameters negative acknowledgment (NACK) and timed out Interests. The values of these parameters are compared to check whether the network is congested or not. The time complexity of the existing approach is O(n 2 ).

IFA prevention
The prevention phase is exclusively significant for IFA mitigation in a VNDN scenario. When an intermediate node receives malicious Interest packets and cannot find the requested chunk of data in its cache, it forwards malicious Interest packets to all the neighbouring nodes. This process continues until the Interest packets reach the content source. To reduce the damage, prevention techniques should be adopted. The prevention technique involves an adaptive and efficient Interest relay mechanism that intelligently forwards the unsatisfied Interest packet towards neighbouring vehicular nodes. Best route interest packet forwarding mechanism available in NDN forwarding daemon (NFD) has been modified in the proposed methodology. In the best route strategy, routing costs in FIB is calculated and controlled by the forwarding protocol. Costs are updated after regular intervals of time.
The priority of incoming flow of Interest packets is calculated, which is further used as a cost function. This function provides the best route based on the highest priority per outgoing face. It helps in reducing the Interest retransmission rate and uncontrolled Interest flooding across the VNDN.

Simulation setup
For implementation, analysis, and testing of the proposed research methodology, NDN simulator (ndnSIM) [39] has been used. The ndnSIM is an emulator for NS-3 [40]. The simulation scenario is based upon a built-in waypoint mobility model [41], that is, a random waypoint mobility model, where the velocity of moving vehicles changes randomly, though bounded by the network topology. Ubuntu 18.04 LTS version is used as a base operating system. Eclipse IDE version-4.12.0 is used for programming purposes. R-Studio version-1.2 and WPS Spreadsheet (designed for Linux) have been used for mapping acquired simulation results to the graphical layout. Moreover, IEEE 802.11p is used for V2V communication as shown in Table 4. This research work aims to compare the aforementioned attack mitigation methods in VNDN to quantify the rate of satisfied Interest packets for the legitimate intermediate vehicle(s) when they are under attack. The minimum and maximum range of Interest satisfaction rates for valid users under the IFA window are plotted as well.

Results and discussion
The proposed IFA mitigation scheme, that is, PP-FIRM, is compared with the existing scheme(s), namely, a per-face ratelimiting scheme known as a congestion-based Interest ratelimiting scheme [16]. An attacking window has been considered to evaluate the performance of IFA mitigation schemes under normal and abnormal circumstances. The existing scheme in a

FIGURE 5
Interest satisfaction ratio VNDN scenario is implemented and its performance is evaluated as well.

ISR
Interest Satisfaction Ratio or ISR specifies the network throughput. Figure 5 shows the ISR of the proposed IFA mitigation scheme for incoming Interest packets. During attacking window 4-11, IFA mitigation methods start countermeasures to protect PIT from malicious Interest packets. It is done to prevent PIT to reach its bottleneck. It can be seen in Figure 5 that PP-FIRM works efficiently under the attacking window. The proposed scheme is compared with the exiting attack mitigation solution to measure effectiveness and improvement concerning ISR. When the transmission of Interests leaves the attacking window (4)(5)(6)(7)(8)(9)(10)(11), IFA mitigation schemes show nearly similar performance as attacking nodes stops injecting malicious Interests. During IFA, the proposed countermeasure has produced   CHR is defined by the number of cache hits over the total number of incoming Interest packets. The phenomenon where Interest packets that find requested content chunk in the cache of an intermediate node is considered as a cache hit. During IFA, the CHR gets reduced, as Interest packets arrive with nonexistent content prefixes. The proposed scheme has used the least recently used (LRU) cache eviction policy that contains the most frequently requested content and discards unpopular cached content. In Figure 8, it can be seen that the CHR is higher during the attacking window (4)(5)(6)(7)(8)(9)(10)(11). The proposed research solution has generated a 21.4% more CHR as compared to a per-face attack limiting scheme.

6.2.4
Interest packet collision rate When many Interest packets cannot get the requested chunk of data, they are forwarded towards other potential content provider(s), and this causes collisions. As a result, legitimate Interest packets face congestion and long delays. The proposed novel attack mitigation scheme reduces the propagation of an abundant number of malicious packets. Consequently, forwarded Interest packets suffer from fewer packet collisions. In Figure 9, the proposed PP-FIRM scheme has reduced the Interest packet collision rate to 60% during the attacking window (4-11) as compared to the congestion based per-face Interest rate-limiting scheme. In NFD, when a new Interest packet arrives at an intermediate node, it waits in PIT until it gets the requested chunk of cached data. After 4 s, the entry of the waiting Interest packet is removed from PIT. The ratio of timed out Interest packets with incoming Interest packet specifies the number of unsatisfied Interest packets that face timeout in PIT. In Figure 10, it can be seen that during the attacking window (4)(5)(6)(7)(8)(9)(10)(11), the number of timed out Interest packets is huge in the absence of an attack mitigation scheme. However, when an attack mitigation strategy is applied, the ratio is quite reduced. It has been found that the proposed attack mitigation model experience 60% less timed out Interest packets as compared to the per-face congestionbased rate-limiting scheme.

Random attackers
In real-time attack scenarios, the number of malicious nodes is randomly distributed, and attackers collaboratively launch a DDoS attack. Similarly, in the VNDN environment, the number of attackers changes at different time slots of the attacking window. In Figure 11, the density of attackers changes over time. The number of attacking vehicles increases incoming malicious Interest packet transmission across the intermediate nodes. This reduces ISR and increases the packet collision ratio. Upon implementation, it has been observed that the proposed attack mitigation model gives 23.6% more ISR as compared to the per-face congestion-based Interest rate-limiting scheme. Moreover, the results show that the proposed attack mitigation scheme is robust and maintains relatively high ISR when multiple attackers disseminate malicious Interest packets.

6.2.7
End-to-end delay The time taken during transmission of an Interest packet between the source node (sender) and content provider (receiver) is calculated as an end-to-end delay. End-to-end delay between the consumer and the data producer during the attack has been depicted in Figure 12. It can be seen that end-to-end delay increases between the sender and receiver when the number of vehicular nodes increases. The proposed novel attack mitigation scheme reduces the propagation of an abundant number of malicious packets. Consequently, forwarded Interest packets suffer from fewer packet collisions and network congestion. The proposed PP-FIRM scheme has reduced end-to-end delay to 53.4% as compared to the congestion based per-face Interest rate-limiting scheme. The IFA mitigation is comprised of attack detection and recovery. The attack detection phase monitors the abnormalities in the network's behaviour, while the attack recovery phase existing IFA mitigation scheme is unable to prevent the unsolicited flooding of malicious Interests. The aim of PP-FIRM is not only the detection of malicious Interests but also the prevention of flooding of malicious Interests. Hence, we have also included the IFA prevention phase for reducing the suspicious flow of Interests. We have simulated both the congestionbased IFA mitigation scheme and the proposed scheme to evaluate their performance. The results show that the proposed PP-FIRM strategy performs better than the existing per-face congestion-based method in terms of ISR, Interest retransmission count, CHR, packet collision ratio, timed out Interest packets ratio, PIT utilisation ratio, end-to-end delay, and network scalability.