Abstract
Peer-to-Peer (P2P) overlay networks are a flexible way of creating decentralized services. Although resilient to external Denial of Service attacks, overlay networks can be rendered inoperable by simple flooding attacks generated from insider nodes.
In this paper, we study detection and containment mechanisms against insider Denial of Service (DoS) attacks for overlay networks. To counter such attacks, we introduce novel mechanisms for protecting overlay networks that exhibit well defined properties due to their structure against non-conforming (abnormal) behavior of participating nodes. We use a lightweight distributed detection mechanism that exploits inherent structural invariants of DHTs to ferret out anomalous flow behavior.
We evaluate our mechanism’s ability to detect attackers using our prototype implementation on web traces from IRCache served by a DHT network. Our results show that our system can detect a simple attacker whose attack traffic deviates by as little as 5% from average traffic. We also demonstrate the resiliency of our mechanism against coordinated distributed flooding attacks that involve up to 15% of overlay nodes. In addition, we verify that our detection algorithms work well, producing a low false positive rate (< 2%) when used in a system that serves normal web traffic.
This work was supported by the National Science Foundation under NSF grant CNS-07-14277. Any opinions, findings, conclusions, or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Ircache web trace repository, http://www.ircache.net
Andersen, D., Balakrishnan, H., Kaashoek, M., Morris, R.: Resilient Overlay Networks. In: SOSP (October 2001)
Banerjee, S., Kommareddy, C., Kar, K., Bhattacharjee, B., Khuller, S.: Construction of an efficient overlay multicast infrastructure for real-time applications. In: INFOCOM (April 2003)
Castro, M., Drushel, P., Ganesh, A., Rowstron, A., Wallach, D.: Secure routing for structured peer-to-peer overlay networks. In: OSDI (2002)
Chen-Nee Chuah, R.H.K., Subramanian, L.: DCAP: Detecting Misbehaving Flows via Collaborative Aggregate Policing, vol. 33(5) ( October 2003)
Dabek, F., Kaashoek, F., Morris, R., Karger, D., Stoica, I.: Wide-area cooperative storage with cfs. In: SOSP (October 2001)
Dabek, F., Kaashoek, M.F., Karger, D., Morris, R., Stoica, I.: Wide-area cooperative storage with CFS. In: SOSP (October 2001)
Zhao, B.Y., et al.: Tapestry: A Global-scale Overlay for Rapid Service Deployment. IEEE Journal on Selected Areas in Communications, Special Issue on Service Overlay Networks (January 2004)
Kubiatowicz, J., et al.: OceanStore: An Architecture for Global-scale Persistent Storage. In: ASPLOS (November 2000)
Ioannidis, J., Bellovin, S.M.: Implementing Pushback: Router-Based Defense Against DDoS Attacks. In: Proceedings of the Network and Distributed System Security Symposium (NDSS) (February 2002)
Jannotti, J., Gifford, D.K., Johnson, K.L., Kaashoek, M.F., O’Toole Jr., J.W.: Overcast: Reliable multicasting with an overlay network. In: OSDI, October 2000, pp. 197–212 (2000)
Keromytis, A.D., Misra, V., Rubenstein, D.: SOS: Secure Overlay Services. In: SIGCOMM, pp. 61–72 (August 2002)
Li, Z., Mohapatra, P.: QRON: QoS-aware routing in overlay networks. IEEE Journal on Selected Areas in Communications, Special Issue on Service Overlay Networks (January 2004)
Matrawy, A., Oorschot, P.C.: v., Somayaji, A.: Mitigating Network Denial-of-Service Through Diversity-Based Traffic Management. In: Ioannidis, J., Keromytis, A.D., Yung, M. (eds.) ACNS 2005. LNCS, vol. 3531, pp. 104–121. Springer, Heidelberg (2005)
Maymounkov, P., Mazieres, D.: Kademlia: A peer-to-peer information system based on the xor metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, Springer, Heidelberg (2002)
Ratnasamy, S., Francis, P., Handley, M., Karp, R., Shenker, S.: A Scalable Content-Addressable Network. In: SIGCOMM (August 2001)
Rowstron, A., Druschel, P.: Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems. In: Guerraoui, R. (ed.) Middleware 2001. LNCS, vol. 2218, pp. 329–350. Springer, Heidelberg (2001)
Rowstron, A.I.T., Druschel, P.: Storage Management and Caching in PAST, A Large-scale, Persistent Peer-to-peer Storage Utility. In: SOSP, pp. 188–201 (October 2001)
Stoica, I., Adkins, D., Zhuang, S., Shenker, S., Surana, S.: Internet indirection infrastructure. IEEE/ACM Trans. Netw. 12(2), 205–218 (2004)
Tran, D.A., Hua, K., Do., T.: A peer-to-peer architecture for media streaming. IEEE Journal on Selected Areas in Communications, Special Issue on Service Overlay Networks (January 2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Stavrou, A., Locasto, M.E., Keromytis, A.D. (2008). Pushback for Overlay Networks: Protecting Against Malicious Insiders. In: Bellovin, S.M., Gennaro, R., Keromytis, A., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2008. Lecture Notes in Computer Science, vol 5037. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-68914-0_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-68914-0_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68913-3
Online ISBN: 978-3-540-68914-0
eBook Packages: Computer ScienceComputer Science (R0)