Exploiting the transients of adaptation for RoQ attacks on Internet resources

We expose an unorthodox adversarial attack that exploits the transients of a system's adaptive behavior, as opposed to its limited steady-state capacity. We show that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. This type of attack stands in sharp contrast to traditional brute-force, sustained high-rate DoS attacks, as well as recently proposed attacks that exploit specific protocol settings such as TCP timeouts. We exemplify what we term as reduction of quality (RoQ) attacks by exposing the vulnerabilities of common adaptation mechanisms. We develop control-theoretic models and associated metrics to quantify these vulnerabilities. We present numerical and simulation results, which we validate with observations from real Internet experiments. Our findings motivate the need for the development of adaptation mechanisms that are resilient to these new forms of attacks.

[1]  Philip N. Klein,et al.  Using router stamping to identify the source of IP packets , 2000, CCS.

[2]  Steven H. Low,et al.  REM: active queue management , 2001, IEEE Netw..

[3]  Catherine A. Meadows,et al.  A formal framework and evaluation method for network denial of service , 1999, Proceedings of the 12th IEEE Computer Security Foundations Workshop.

[4]  Peter Reiher,et al.  A taxonomy of DDoS attack and DDoS defense mechanisms , 2004, CCRV.

[5]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[6]  Sally Floyd,et al.  HighSpeed TCP for Large Congestion Windows , 2003, RFC.

[7]  Kevin J. Houle,et al.  Trends in Denial of Service Attack Technology , 2001 .

[8]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[9]  Cheng Jin FAST TCP for High-Speed Long-Distance Networks , 2003 .

[10]  Scott Shenker,et al.  A theoretical analysis of feedback flow control , 1990, SIGCOMM '90.

[11]  John Heidemann,et al.  A Framework for Classifying DoS Attacks , 2003 .

[12]  Robert Tappan Morris,et al.  Dynamics of random early detection , 1997, SIGCOMM '97.

[13]  Sally Floyd,et al.  Adap-tive RED: An algorithm for increasing the robustness of RED , 2001 .

[14]  George Varghese,et al.  New directions in traffic measurement and accounting , 2002, CCRV.

[15]  Stefan Savage,et al.  Inferring Internet denial-of-service activity , 2001, TOCS.

[16]  Donald F. Towsley,et al.  On designing improved controllers for AQM routers supporting TCP flows , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[17]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[18]  Scott Shenker,et al.  A Theoretical Analysis of Feedback Flow Control , 1990, SIGCOMM.

[19]  Sally Floyd,et al.  Adaptive RED: An Algorithm for Increasing the Robustness of RED's Active Queue Management , 2001 .

[20]  Yuting Zhang,et al.  Reduction of quality (RoQ) attacks on Internet end-systems , 2005, Proceedings IEEE 24th Annual Joint Conference of the IEEE Computer and Communications Societies..

[21]  Fernando Paganini,et al.  Dynamics of TCP/RED and a scalable control , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[22]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[23]  Vern Paxson,et al.  How to Own the Internet in Your Spare Time , 2002, USENIX Security Symposium.

[24]  Frank Kelly,et al.  Mathematical Modelling of the Internet , 2001 .

[25]  T. V. Lakshman,et al.  SRED: stabilized RED , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[26]  Frank Kelly,et al.  Rate control for communication networks: shadow prices, proportional fairness and stability , 1998, J. Oper. Res. Soc..

[27]  Donald F. Towsley,et al.  A control theoretic analysis of RED , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[28]  P. N. Paraskevopoulos,et al.  Modern Control Engineering , 2001 .

[29]  Ratul Mahajan,et al.  Controlling high-bandwidth flows at the congested router , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[30]  Deepak Bansal,et al.  Binomial congestion control algorithms , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[31]  John S. Heidemann,et al.  A framework for classifying denial of service attacks , 2003, SIGCOMM '03.

[32]  David E. Culler,et al.  USENIX Association Proceedings of USITS ’ 03 : 4 th USENIX Symposium on Internet Technologies and Systems , 2003 .