Detection of cache pollution attacks using randomness checks

The Internet plays an increasing role in content dissemination as user-generated contents have exploded recently. Cache servers have been deployed to bypass bottlenecks in the network so that contents can be delivered to end users more efficiently. With caches becoming more embedded in the networks, emerging threats follow naturally. A cache pollution attack is one of the most serious threats on caching networks including the current Internet and emerging caching networks such as Content Centric Networking (CCN). In this paper, we propose a detection approach against cache pollution attacks using randomness checks of a matrix. We apply an effective filtering approach and a statistical sequential analysis for detecting low-rate attacks. The results of our experiments show that our approach can detect a cache pollution attack with attack rate of only a few percent of the overall rate.

[1]  Alberto Dainotti,et al.  Wavelet-based Detection of DoS Attacks. , 2006 .

[2]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, GLOBECOM.

[3]  Van Jacobson,et al.  Networking named content , 2009, CoNEXT '09.

[4]  Min Sik Kim,et al.  Real-Time Detection of Stealthy DDoS Attacks Using Time-Series Decomposition , 2010, 2010 IEEE International Conference on Communications.

[5]  Aleksandar Kuzmanovic,et al.  Internet Cache Pollution Attacks and Countermeasures , 2006, Proceedings of the 2006 IEEE International Conference on Network Protocols.

[6]  Heejo Lee,et al.  Is early warning of an imminent worm epidemic possible? , 2009, IEEE Network.

[7]  Hyundo Park,et al.  Distinguishing between FE and DDoS Using Randomness Check , 2008, ISC.

[8]  Li Fan,et al.  Web caching and Zipf-like distributions: evidence and implications , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[9]  Antonio Pescapè,et al.  NIS04-1: Wavelet-based Detection of DoS Attacks , 2006, IEEE Globecom 2006.

[10]  G. Marsaglia,et al.  Matrices and the structure of random number sequences , 1985 .

[11]  Thomas Shrimpton,et al.  Cryptographic Hash-Function Basics: Definitions, Implications, and Separations for Preimage Resistance, Second-Preimage Resistance, and Collision Resistance , 2004, FSE.

[12]  H. Venkateswaran,et al.  Attack resistant cache replacement for survivable services , 2003, SSRS '03.