Abstract
Peer-to-peer real-time communication and media streaming applications optimize their performance by using application-level topology estimation services such as virtual coordinate systems. Virtual coordinate systems allow nodes in a peer-to-peer network to accurately predict latency between arbitrary nodes without the need of performing extensive measurements. However, systems that leverage virtual coordinates as supporting building blocks, are prone to attacks conducted by compromised nodes that aim at disrupting, eavesdropping, or mangling with the underlying communications.
Recent research proposed techniques to mitigate basic attacks (inflation, deflation, oscillation) considering a single attack strategy model where attackers perform only one type of attack. In this work we explore supervised machine learning techniques to mitigate more subtle yet highly effective attacks (frog-boiling, network-partition) that are able to bypass existing defenses. We evaluate our techniques on the Vivaldi system against a more complex attack strategy model, where attackers perform sequences of all known attacks against virtual coordinate systems, using both simulations and Internet deployments.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Libsvm – a library for support vector machines, http://www.csie.ntu.edu.tw/~cjlin/libsvm/
p2psim: A simulator for peer-to-peer protocols, http://pdos.csail.mit.edu/p2psim/
Planetlab: An open platform for developing, deploying, and accessing planetary-scale services, http://www.planet-lab.org
Weka—machine learning software in java, http://sourceforge.net/projects/weka/
Aggarwal, V., Feldmann, A., Scheideler, C.: Can ISPs and P2P systems co-operate for improved performance? ACM SIGCOMM Computer Communications Review (CCR) 37(3), 29–40 (2007)
Kaafar, M.A., Mathy, L., Turletti, T., Dabbous, W.: Real attacks on virtual networks: Vivaldi out of tune. In: Proc. of LSAD (2006)
Bolzoni, D., Etalle, S., Hartel, P.H.: Panacea: Automating attack classification for anomaly-based network intrusion detection systems. In: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009, pp. 1–20 (2009)
Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Wadsworth International Group, Belmont (1984)
Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data mining and knowledge discovery 2(2), 121–167 (1998)
Chan-tin, E., Feldman, D., Kim, Y.: The frog-boiling attack: Limitations of anomaly detection for secure network coordinate systems. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 448–458. Springer, Heidelberg (2009)
Chan-Tin, E., Hopper, N.: Accurate and provably secure latency estimation with treeple. In: NDSS (2011)
Cohen, B.: Incentives build robustness in BitTorrent. In: Proc. of P2P Economics (2003)
Costa, M., Castro, M., Rowstron, R., Key, P.: PIC: practical Internet coordinates for distance estimation. In: Proc. of ICDCS (2004)
Cretu-Ciocarlie, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J.: Adaptive anomaly detection via self-calibration and dynamic updating. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 41–60. Springer, Heidelberg (2009)
Dabek, F., Cox, R., Kaashoek, F., Morris, R.: Vivaldi: a decentralized network coordinate system. In: Proc. of ACM SIGCOMM (2004)
Donnet, B., Gueye, B., Kaafar, M.A.: A survey on network coordinates systems, design and security. IEEE Communications Surveys and Tutorials (2009)
Francis, P., Jamin, S., Jin, C., Jin, Y., Raz, D.y., Shavitt, Y., Zhang, L.: IDMaps: A Global Internet Host Distance Estimation Service. IEEE/ACM Trans. Netw. 9, 525 (2001)
Gummadi, K.P., Saroiu, S., Gribble, S.D.: King: Estimating latency between arbitrary internet end hosts. In: Proc. of ACM SIGCOMM-IMW (2002)
Haq, I.U., Ali, S., Khan, H., Khayam, S.A.: What is the impact of p2p traffic on anomaly detection? In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 1–17. Springer, Heidelberg (2010)
Kaafar, M.A., Mathy, L., Barakatand Kave Salamatian, C., Turletti, T., Dabbous, W.: Securing internet coordinate embedding systems. In: Proc. of SIGCOMM (2007)
Kaafar, M.A., Mathy, L., Turletti, T., Dabbous, W.: Virtual networks under attack: Disrupting internet coordinate systems. In: Proc. of CoNext (2006)
Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: SIGCOMM (2004)
Lehman, L., Lerman, S.: Pcoord: Network position estimation using peer-to-peer measurements. In: Proc. of NCA (2004)
Lehman, L., Lerman, S.: A decentralized network coordinate system for robust internet distance. In: Proc. of ITNG (2006)
Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: Addressing web application concept drift. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 21–40. Springer, Heidelberg (2009)
Ng, E., Zhang, H.: Predicting internet network distance with coordinates-based approaches. In: Proc. of INFOCOM (2002)
Ng, T.S.E., Zhang, H.: A network positioning system for the internet. In: Proc. of USENIX (2004)
Pias, M., Crowcroft, J., Wilbur, S., Bhatti, S., Harris, T.: Lighthouses for scalable distributed location. In: Kaashoek, M.F., Stoica, I. (eds.) IPTPS 2003. LNCS, vol. 2735, Springer, Heidelberg (2003)
Quinlan, J.R.: C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)
Rimac, I., Hilt, V., Tomsu, M., Gurbani, V., Marocco, E.: A Survey on Research on the Application-Layer Traffic Optimization (ALTO) Problem. RFC 6029 (Informational) (October 2010)
Rubinstein, B.I.P., Nelson, B., Huang, L., Joseph, A.D., Lau, S., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: IMC (2009)
Sherr, M., Blaze, M., Thau Loo, B.: Veracity: Practical secure network coordinates via vote-based agreements. In: Proc. of USENIX ATC (2009)
Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)
Steiner, M., Biersack, E.W.: Where is my peer? evaluation of the vivaldi network coordinate system in azureus. In: Fratta, L., Schulzrinne, H., Takahashi, Y., Spaniol, O. (eds.) NETWORKING 2009. LNCS, vol. 5550, pp. 145–156. Springer, Heidelberg (2009)
Tang, L., Crovella, M.: Virtual landmarks for the internet. In: Proc. of SIGCOMM (2003)
Vapnik, V., Lerner, A.: Pattern recognition using generalized portrait method. Automation and Remote Control 24(6), 774–780 (1963)
Zage, D., Nita-Rotaru, C.: On the accuracy of decentralized network coordinate systems in adversarial networks. In: Proc. of CCS (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Becker, S., Seibert, J., Nita-Rotaru, C., State, R. (2011). Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack. In: Sommer, R., Balzarotti, D., Maier, G. (eds) Recent Advances in Intrusion Detection. RAID 2011. Lecture Notes in Computer Science, vol 6961. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-23644-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-642-23644-0_11
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-23643-3
Online ISBN: 978-3-642-23644-0
eBook Packages: Computer ScienceComputer Science (R0)