A framework for mitigating attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks

Many multicast overlay networks maintain application-specific performance goals by dynamically adapting the overlay structure when the monitored performance becomes inadequate. This adaptation results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays. In this work, we identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. We propose techniques to decrease the number of incorrect adaptations by using outlier detection and limit the impact of malicious nodes by aggregating local information to derive global reputation for each node. We demonstrate the attacks and mitigation techniques through real-life deployments of a mature overlay multicast system.

[1]  Vincent Roca,et al.  Impact of simple cheating in application-level multicast , 2004, IEEE INFOCOM 2004.

[2]  Ahmed Helmy,et al.  Correlation analysis for alleviating effects of inserted data in wireless sensor networks , 2005, The Second Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services.

[3]  Salvatore J. Stolfo,et al.  Anomalous Payload-Based Network Intrusion Detection , 2004, RAID.

[4]  Karl Aberer,et al.  Managing trust in a peer-2-peer information system , 2001, CIKM '01.

[5]  Donald Ervin Knuth,et al.  The Art of Computer Programming , 1968 .

[6]  Atul Singh,et al.  Eclipse Attacks on Overlay Networks: Threats and Defenses , 2006, Proceedings IEEE INFOCOM 2006. 25TH IEEE International Conference on Computer Communications.

[7]  Robert Tappan Morris,et al.  Security Considerations for Peer-to-Peer Distributed Hash Tables , 2002, IPTPS.

[8]  S. Buchegger,et al.  A Robust Reputation System for P2P and Mobile Ad-hoc Networks , 2004 .

[9]  Philip S. Yu,et al.  Cross-feature analysis for detecting ad-hoc routing anomalies , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[10]  Kirk L. Johnson,et al.  Overcast: reliable multicasting with on overlay network , 2000, OSDI.

[11]  Jean-Yves Le Boudec,et al.  Self-policing mobile ad hoc networks by reputation systems , 2005, IEEE Communications Magazine.

[12]  Ernesto Damiani,et al.  A reputation-based approach for choosing reliable resources in peer-to-peer networks , 2002, CCS '02.

[13]  Yakov Rekhter,et al.  A Border Gateway Protocol 4 (BGP-4) , 1994, RFC.

[14]  Donald Ervin Knuth,et al.  The Art of Computer Programming, 2nd Ed. (Addison-Wesley Series in Computer Science and Information , 1978 .

[15]  Hui Zhang,et al.  A case for end system multicast (keynote address) , 2000, SIGMETRICS '00.

[16]  Dan S. Wallach,et al.  A Survey of Peer-to-Peer Security Issues , 2002, ISSS.

[17]  Miguel Castro,et al.  Should we build Gnutella on a structured overlay? , 2004, Comput. Commun. Rev..

[18]  SpringNeil,et al.  Using PlanetLab for network research , 2006 .

[19]  Bobby Bhattacharjee,et al.  Scalable application layer multicast , 2002, SIGCOMM 2002.

[20]  J. Nash THE BARGAINING PROBLEM , 1950, Classics in Game Theory.

[21]  Ben Y. Zhao,et al.  Exploiting Routing Redundancy Using a Wide-area Overlay , 2002 .

[22]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[23]  Ernesto Damiani,et al.  Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems , 2006, J. Assoc. Inf. Sci. Technol..

[24]  Miguel Castro,et al.  SplitStream: high-bandwidth multicast in cooperative environments , 2003, SOSP '03.

[25]  Emin Gün Sirer,et al.  Experience with an Object Reputation System for Peer-to-Peer Filesharing , 2006, NSDI.

[26]  Chang-Tien Lu,et al.  Multivariate Spatial Outlier Detection , 2004, Int. J. Artif. Intell. Tools.

[27]  G. Cybenko,et al.  Temporal and spatial distributed event correlation for network security , 2004, Proceedings of the 2004 American Control Conference.

[28]  Abhijit Bose,et al.  Delayed Internet routing convergence , 2000, SIGCOMM.

[29]  Mudhakar Srivatsa,et al.  TrustGuard: countering vulnerabilities in reputation management for decentralized overlay networks , 2005, WWW '05.

[30]  Paolo Scotton,et al.  The Performance of Measurement-Based Overlay Networks , 2002, QofIS.

[31]  Miguel Castro,et al.  Scribe: a large-scale and decentralized application-level multicast infrastructure , 2002, IEEE J. Sel. Areas Commun..

[32]  Jibin Zhan,et al.  Early Experience with an Internet Broadcast System Based on Overlay Multicast , 2004, USENIX Annual Technical Conference, General Track.

[33]  Hector Garcia-Molina,et al.  The Eigentrust algorithm for reputation management in P2P networks , 2003, WWW '03.

[34]  Hari Balakrishnan,et al.  Resilient overlay networks , 2001, SOSP.

[35]  Srinivasan Seshan,et al.  A case for end system multicast , 2002, IEEE J. Sel. Areas Commun..

[36]  S. Buchegger,et al.  A Robust Reputation System for Mobile Ad-hoc Networks , 2003 .

[37]  Miguel Castro,et al.  Secure routing for structured peer-to-peer overlay networks , 2002, OSDI '02.

[38]  Cristina Nita-Rotaru,et al.  Mitigating Attacks Against Measurement-Based Adaptation Mechanisms in Unstructured Multicast Overlay Networks , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[39]  Peter Cheeseman,et al.  On the Representation and Estimation of Spatial Uncertainty , 1986 .

[40]  Ling Liu,et al.  A reputation-based trust model for peer-to-peer ecommerce communities , 2003, EC.

[41]  Miguel Castro,et al.  Defending against eclipse attacks on overlay networks , 2004, EW 11.

[42]  Maria Isabel Ribeiro,et al.  Gaussian Probability Density Functions: Properties and Error Characterization , 2004 .

[43]  Chunqiang Tang,et al.  GoCast: gossip-enhanced overlay multicast for fast and dependable group communication , 2005, 2005 International Conference on Dependable Systems and Networks (DSN'05).

[44]  Marvin Theimer,et al.  Feasibility of a serverless distributed file system deployed on an existing set of desktop PCs , 2000, SIGMETRICS '00.

[45]  Jaideep Srivastava,et al.  A Comparative Study of Anomaly Detection Schemes in Network Intrusion Detection , 2003, SDM.

[46]  Ernesto Damiani,et al.  Fuzzy techniques for trust and reputation management in anonymous peer-to-peer systems: Special Topic Section on Soft Approaches to Information Retrieval and Information Access on the Web , 2006 .

[47]  Larry L. Peterson,et al.  Using PlanetLab for network research: myths, realities, and best practices , 2005, OPSR.

[48]  Srinivasan Seshan,et al.  Enabling conferencing applications on the internet using an overlay muilticast architecture , 2001, SIGCOMM 2001.

[49]  Ramesh Govindan,et al.  Route flap damping exacerbates internet routing convergence , 2002, SIGCOMM 2002.