The Information-Centric Network (ICN) was proposed to offer a clean state paradigm of the Internet by replacing the host-centric paradigm of today’s Internet. As one realization of the ICN, the Named Data Networking (NDN) binds the security directly to the content in a network and the pervasive cache mechanism provides better support for the content distribution. Since there is no address in NDN, attacks that target victims by addresses fail to work and the security of content is guaranteed by verifying the digital signatures of data packets. However, as proved by some previous research works, some DDoS attacks, e.g., the Interest Flooding Attack (IFA) and the Content Poisoning Attack (CPA) hazard and even paralyze the NDN. In this paper, existing DDoS attack patterns in NDN are discussed and a new attack pattern named the Random Content Poisoning Attack (RCPA) is proposed and modeled. By observing the results of simulations with a real network topology, it is found that the RCPA is more hidden than CPA for its trick attack model and passive nature. To detect the RCPA, an Information Gain Ratio-based feature selection and three machine learning algorithms are introduced in this paper. By evaluating the accuracies of predictions with selected features, it is observed that a way of offline detection works well against the RCPA.