Internet Cache Pollution Attacks and Countermeasures - PowerPoint PPT Presentation

About This Presentation
Title:

Internet Cache Pollution Attacks and Countermeasures

Description:

... caches themselves become victims Little attention given to such attacks Existing pollution attacks mostly on content pollutions on P2P systems Contributions ... – PowerPoint PPT presentation

Number of Views:314
Avg rating:3.0/5.0
Slides: 23
Provided by: Zhich4
Category:

less

Transcript and Presenter's Notes

Title: Internet Cache Pollution Attacks and Countermeasures


1
Internet Cache Pollution Attacks and
Countermeasures
  • Yan Gao, Leiwen Deng,
  • Aleksandar Kuzmanovic, and Yan Chen

Electrical Engineering and Computer Science
Department Northwestern University
2
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

3
Motivation
  • Caching has been widely applied in the Internet
  • Decrease the amount of requests in server side
  • Reduce the amount of traffic in the network
  • Improve the client-perceived latency
  • Open proxy caches are used for various
    abuse-related activities
  • Proxy caches themselves become victims
  • Little attention given to such attacks
  • Existing pollution attacks mostly on content
    pollutions on P2P systems

4
Contributions
  • Propose a class of pollution attacks targeted
    against Internet proxy caches
  • Locality-disruption (LD) attacks
  • False-locality (FL) attacks
  • Analyze the resilience of the current cache
    replacement algorithms to pollution attacks
  • Propose two cache pollution detection mechanisms
  • Detect LD, FL attacks, and their combination
  • Leverage data streaming computation techniques

5
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

6
Pollution Attack Scenarios (I)
Attacking a web cache
Attacking an ISP cache
7
Pollution Attack Scenarios (II)
?
?
?
?
?
?
?
?
Pollution attack against a local DNS server
8
Pollution Attack Locality Disruption
Before attack
After attack
New unpopular files
Popular files
....
....
....
....
Cache
Cache
  • Goal degrade cache efficiency by ruining its
    file locality
  • Activities continuously generate requests for
    new unpopular files

9
Pollution Attack False Locality
Before attack
After attack
Bogus popular files
Popular files
....
....
....
....
Cache
Cache
  • Goal degrade the hit ratio by creating false
    file locality
  • Activities repeatedly request the same set of
    unpopular files

10
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

11
Evaluation Methodology
  • Discrete-event simulator
  • Multiple DoS behaviors
  • Multiple workload characterizing behaviors
  • Effects of access and local network capacities
  • Workloads
  • P2P K. Gummadi et al. ACM SOSP 03
  • Web F. Smith et al. SIGMETRICS 01
  • NAT effects

12
Cache Replacement Algorithms
  • Least Recently Used (LRU) algorithm
  • Evict the least recently accessed document first
  • Least Frequently Used (LFU) algorithm
  • Evict the least frequently accessed document
    first
  • Greedy Dual-Sized Frequency (GDSF) algorithm
  • Consider the frequency of the documents
  • Allow smaller document to be cached first
  • Use dynamic aging policy

13
Baseline Experiments
  • Locality-disruption attacks

Total hit ratio
Including attackers requests and regular users
requests
Stealthy! (4)
Small percent of malicious requests can
significantly degrade the overall hit ratio
14
Baseline Experiments
  • False-locality attacks

Total hit ratio is not a good indicator for
attacks
15
Byte damage ratio
BHR(n)byte hit ratio of regular clients without
attacks BHR(a)byte hit ratio of regular clients
with attacks
16
Replacement Algorithms
  • Locality-disruption attacks

LRU and LFU are more resilient to attacks, but
still can not protect cache from pollution
17
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

18
Detecting Locality Disruption Attacks
  • Observations
  • Low total hit ratio
  • Short average life-time of all cached files
  • Design
  • Detection compute the average durations for all
    files in the cache
  • Mitigation recognize the attackers

19
Detecting False Locality Attacks
  • Observations
  • Clients who request a similar set of files
    residing in the cache
  • The repeated requests from the same IP to cached
    files
  • Design
  • Large number of repeated requests
  • Large percent of repeated requests
  • Scalability
  • Attacker-based detection Bloom filter
  • Object-based detection Probabilistic Counting
    with Stochastic Averaging (PCSA)

20
Evaluation of Pollution Detection
  • Results for false-locality attacks, more in paper

For attackers file detection True positive
ratio
21
Implementation
  • Realize the counter-pollution mechanisms
  • Code and more details
  • http//networks.cs.northwestern.edu/AE/

22
Conclusions
  • Propose and evaluate two classes of attacks
    locality-disruption and false-locality attacks
  • Show that pollution attacks are stealthy, but
    powerful, and different replacement algorithms
    have different resiliency
  • Propose and evaluate a set of scalable and
    effective counter-pollution mechanisms
Write a Comment
User Comments (0)
About PowerShow.com