internet cache pollution attacks and countermeasures
DESCRIPTION
Internet Cache Pollution Attacks and Countermeasures. Yan Gao , Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen. Electrical Engineering and Computer Science Department Northwestern University. Outline. Motivation Pollution Attacks Evaluation of Pollution Effects - PowerPoint PPT PresentationTRANSCRIPT
Internet Cache Pollution Attacks and Countermeasures
Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen
Electrical Engineering and Computer Science Department
Northwestern University
2
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
3
Motivation• Caching has been widely applied in the
Internet– Decrease the amount of requests in server side– Reduce the amount of traffic in the network– Improve the client-perceived latency
• Open proxy caches are used for various abuse-related activities
• Proxy caches themselves become victims– Little attention given to such attacks– Existing pollution attacks mostly on content
pollutions on P2P systems
4
Contributions• Propose a class of pollution attacks targeted
against Internet proxy caches– Locality-disruption (LD) attacks – False-locality (FL) attacks
• Analyze the resilience of the current cache replacement algorithms to pollution attacks
• Propose two cache pollution detection mechanisms– Detect LD, FL attacks, and their combination– Leverage data streaming computation techniques
5
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
6
Pollution Attack Scenarios (I)
Campus networkInternet
CacheCache
ISP1 ISP2
Downloaded traffic
Content Server
C lient
Requests
Attacking a web cache Attacking an ISP cache
7
Pollution Attack Scenarios (II)
L o ca l D N S S erv er
R o o t D N S S erv er
T L D D N S S erv er
A u th o rita tiv eD N S S erv er
P o llu tio n A tta ck
E n d U ser
......
①
② ③ ④
⑤
⑥
⑦
⑧
Pollution attack against a local DNS server
8
Pollution Attack: Locality Disruption
…...
. …...
.
Cache
…...
. …...
.
Cache
Before attack After attack
Popular filesNew
unpopular files
• Goal: degrade cache efficiency by ruining its file locality
• Activities: continuously generate requests for new unpopular files
9
Pollution Attack: False Locality
…...
. …...
.
Cache
…...
. …...
.
Cache
Before attack After attack
Popular filesBogus
popular files
• Goal: degrade the hit ratio by creating false file locality
• Activities: repeatedly request the same set of unpopular files
10
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
11
Evaluation Methodology
• Discrete-event simulator – Multiple DoS behaviors– Multiple workload characterizing behaviors– Effects of access and local network capacities
• Workloads– P2P [K. Gummadi et al. ACM SOSP 03]– Web [F. Smith et al. SIGMETRICS 01]– NAT effects
12
Cache Replacement Algorithms
• Least Recently Used (LRU) algorithm – Evict the least recently accessed document first
• Least Frequently Used (LFU) algorithm – Evict the least frequently accessed document first
• Greedy Dual-Sized Frequency (GDSF) algorithm– Consider the frequency of the documents– Allow smaller document to be cached first– Use dynamic aging policy
13
Baseline Experiments• Locality-disruption attacks
Small percent of malicious requests can significantly degrade the overall hit ratio
Total hit ratio = requests_total#
requests_hit#
Including attackers’ requests and regular users’ requests
Stealthy! (4%)
14
Baseline Experiments• False-locality attacks
Total hit ratio is not a good indicator for attacks
15
BHR(n)BHR(a)BHR(n)
BHR(n)—byte hit ratio of regular clients without attacks
BHR(a)—byte hit ratio of regular clients with attacks
Byte damage ratio =
16
Replacement Algorithms • Locality-disruption attacks
LRU and LFU are more resilient to attacks, but still can not protect cache from pollution
17
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
18
Detecting Locality Disruption Attacks
• Observations:
– Low total hit ratio
– Short average life-time of all cached files
• Design:
– Detection: compute the average durations for all files in the cache
– Mitigation: recognize the attackers
19
Detecting False Locality Attacks• Observations:
– Clients who request a similar set of files residing in the cache
– The repeated requests from the same IP to cached files
• Design:– Large number of repeated requests– Large percent of repeated requests
• Scalability:– Attacker-based detection: Bloom filter– Object-based detection: Probabilistic Counting with
Stochastic Averaging (PCSA)
cachetheinhitsrequeststotalrequestsrepeated
20
Evaluation of Pollution Detection• Results for false-locality attacks, more in paper
For attacker’s file detection:
True positive ratio =
filessker'attactotal#methodourbyecteddetfilesker'attac#
21
• Realize the counter-pollution mechanisms
• Code and more details
http://networks.cs.northwestern.edu/AE/
Implementation
22
Conclusions
• Propose and evaluate two classes of attacks: locality-disruption and false-locality attacks
• Show that pollution attacks are stealthy, but powerful, and different replacement algorithms have different resiliency
• Propose and evaluate a set of scalable and effective counter-pollution mechanisms
23
Thank You !
Questions?