Internet Cache Pollution Attacks and Countermeasures - PowerPoint PPT Presentation

About This Presentation
Title:

Internet Cache Pollution Attacks and Countermeasures

Description:

... caches themselves become victims Little attention given to such attacks Existing pollution attacks mostly on content pollutions on P2P systems Contributions ... – PowerPoint PPT presentation

Number of Views:311
Avg rating:3.0/5.0
Slides: 23
Provided by: Zhich4
Category:

less

Transcript and Presenter's Notes

Title: Internet Cache Pollution Attacks and Countermeasures


1
Internet Cache Pollution Attacks and
Countermeasures
  • Yan Gao, Leiwen Deng,
  • Aleksandar Kuzmanovic, and Yan Chen

Electrical Engineering and Computer Science
Department Northwestern University
2
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

3
Motivation
  • Caching has been widely applied in the Internet
  • Decrease the amount of requests in server side
  • Reduce the amount of traffic in the network
  • Improve the client-perceived latency
  • Open proxy caches are used for various
    abuse-related activities
  • Proxy caches themselves become victims
  • Little attention given to such attacks
  • Existing pollution attacks mostly on content
    pollutions on P2P systems

4
Contributions
  • Propose a class of pollution attacks targeted
    against Internet proxy caches
  • Locality-disruption (LD) attacks
  • False-locality (FL) attacks
  • Analyze the resilience of the current cache
    replacement algorithms to pollution attacks
  • Propose two cache pollution detection mechanisms
  • Detect LD, FL attacks, and their combination
  • Leverage data streaming computation techniques

5
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

6
Pollution Attack Scenarios (I)
Attacking a web cache
Attacking an ISP cache
7
Pollution Attack Scenarios (II)
?
?
?
?
?
?
?
?
Pollution attack against a local DNS server
8
Pollution Attack Locality Disruption
Before attack
After attack
New unpopular files
Popular files
....
....
....
....
Cache
Cache
  • Goal degrade cache efficiency by ruining its
    file locality
  • Activities continuously generate requests for
    new unpopular files

9
Pollution Attack False Locality
Before attack
After attack
Bogus popular files
Popular files
....
....
....
....
Cache
Cache
  • Goal degrade the hit ratio by creating false
    file locality
  • Activities repeatedly request the same set of
    unpopular files

10
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

11
Evaluation Methodology
  • Discrete-event simulator
  • Multiple DoS behaviors
  • Multiple workload characterizing behaviors
  • Effects of access and local network capacities
  • Workloads
  • P2P K. Gummadi et al. ACM SOSP 03
  • Web F. Smith et al. SIGMETRICS 01
  • NAT effects

12
Cache Replacement Algorithms
  • Least Recently Used (LRU) algorithm
  • Evict the least recently accessed document first
  • Least Frequently Used (LFU) algorithm
  • Evict the least frequently accessed document
    first
  • Greedy Dual-Sized Frequency (GDSF) algorithm
  • Consider the frequency of the documents
  • Allow smaller document to be cached first
  • Use dynamic aging policy

13
Baseline Experiments
  • Locality-disruption attacks

Total hit ratio
Including attackers requests and regular users
requests
Stealthy! (4)
Small percent of malicious requests can
significantly degrade the overall hit ratio
14
Baseline Experiments
  • False-locality attacks

Total hit ratio is not a good indicator for
attacks
15
Byte damage ratio
BHR(n)byte hit ratio of regular clients without
attacks BHR(a)byte hit ratio of regular clients
with attacks
16
Replacement Algorithms
  • Locality-disruption attacks

LRU and LFU are more resilient to attacks, but
still can not protect cache from pollution
17
Outline
  • Motivation
  • Pollution Attacks
  • Evaluation of Pollution Effects
  • Counter-Pollution Techniques Evaluation
  • Conclusion

18
Detecting Locality Disruption Attacks
  • Observations
  • Low total hit ratio
  • Short average life-time of all cached files
  • Design
  • Detection compute the average durations for all
    files in the cache
  • Mitigation recognize the attackers

19
Detecting False Locality Attacks
  • Observations
  • Clients who request a similar set of files
    residing in the cache
  • The repeated requests from the same IP to cached
    files
  • Design
  • Large number of repeated requests
  • Large percent of repeated requests
  • Scalability
  • Attacker-based detection Bloom filter
  • Object-based detection Probabilistic Counting
    with Stochastic Averaging (PCSA)

20
Evaluation of Pollution Detection
  • Results for false-locality attacks, more in paper

For attackers file detection True positive
ratio
21
Implementation
  • Realize the counter-pollution mechanisms
  • Code and more details
  • http//networks.cs.northwestern.edu/AE/

22
Conclusions
  • Propose and evaluate two classes of attacks
    locality-disruption and false-locality attacks
  • Show that pollution attacks are stealthy, but
    powerful, and different replacement algorithms
    have different resiliency
  • Propose and evaluate a set of scalable and
    effective counter-pollution mechanisms
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Internet Cache Pollution Attacks and Countermeasures" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!