Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic,...
-
date post
21-Dec-2015 -
Category
Documents
-
view
220 -
download
3
Transcript of Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic,...
Internet Cache Pollution Attacks and Countermeasures
Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen
Electrical Engineering and Computer Science Department
Northwestern University
2
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
3
Motivation• Caching has been widely applied in the
Internet– Decrease the amount of requests in server side– Reduce the amount of traffic in the network– Improve the client-perceived latency
• Open proxy caches are used for various abuse-related activities
• Proxy caches themselves become victims– Little attention given to such attacks– Existing pollution attacks mostly on content
pollutions on P2P systems
4
Contributions• Propose a class of pollution attacks targeted
against Internet proxy caches– Locality-disruption (LD) attacks – False-locality (FL) attacks
• Analyze the resilience of the current cache replacement algorithms to pollution attacks
• Propose two cache pollution detection mechanisms– Detect LD, FL attacks, and their combination– Leverage data streaming computation techniques
5
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
6
Pollution Attack Scenarios (I)
Campus networkInternet
CacheCache
ISP1 ISP2
Downloaded traffic
Content Server
C lient
Requests
Attacking a web cache Attacking an ISP cache
7
Pollution Attack Scenarios (II)
L o ca l D N S S erv er
R o o t D N S S erv er
T L D D N S S erv er
A u th o rita tiv eD N S S erv er
P o llu tio n A tta ck
E n d U ser
......
①
② ③ ④
⑤
⑥
⑦
⑧
Pollution attack against a local DNS server
8
Pollution Attack: Locality Disruption
…...
. …...
.
Cache
…...
. …...
.
Cache
Before attack After attack
Popular filesNew
unpopular files
• Goal: degrade cache efficiency by ruining its file locality
• Activities: continuously generate requests for new unpopular files
9
Pollution Attack: False Locality
…...
. …...
.
Cache
…...
. …...
.
Cache
Before attack After attack
Popular filesBogus
popular files
• Goal: degrade the hit ratio by creating false file locality
• Activities: repeatedly request the same set of unpopular files
10
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
11
Evaluation Methodology
• Discrete-event simulator – Multiple DoS behaviors– Multiple workload characterizing behaviors– Effects of access and local network capacities
• Workloads– P2P [K. Gummadi et al. ACM SOSP 03]– Web [F. Smith et al. SIGMETRICS 01]– NAT effects
12
Cache Replacement Algorithms
• Least Recently Used (LRU) algorithm – Evict the least recently accessed document first
• Least Frequently Used (LFU) algorithm – Evict the least frequently accessed document first
• Greedy Dual-Sized Frequency (GDSF) algorithm– Consider the frequency of the documents– Allow smaller document to be cached first– Use dynamic aging policy
13
Baseline Experiments• Locality-disruption attacks
Small percent of malicious requests can significantly degrade the overall hit ratio
Total hit ratio = requests_total#
requests_hit#
Including attackers’ requests and regular users’ requests
Stealthy! (4%)
15
BHR(n)BHR(a)BHR(n)
BHR(n)—byte hit ratio of regular clients without attacks
BHR(a)—byte hit ratio of regular clients with attacks
Byte damage ratio =
16
Replacement Algorithms • Locality-disruption attacks
LRU and LFU are more resilient to attacks, but still can not protect cache from pollution
17
Outline
• Motivation• Pollution Attacks• Evaluation of Pollution Effects• Counter-Pollution Techniques &
Evaluation• Conclusion
18
Detecting Locality Disruption Attacks
• Observations:
– Low total hit ratio
– Short average life-time of all cached files
• Design:
– Detection: compute the average durations for all files in the cache
– Mitigation: recognize the attackers
19
Detecting False Locality Attacks• Observations:
– Clients who request a similar set of files residing in the cache
– The repeated requests from the same IP to cached files
• Design:– Large number of repeated requests– Large percent of repeated requests
• Scalability:– Attacker-based detection: Bloom filter– Object-based detection: Probabilistic Counting with
Stochastic Averaging (PCSA)
cachetheinhitsrequeststotalrequestsrepeated
20
Evaluation of Pollution Detection• Results for false-locality attacks, more in paper
For attacker’s file detection:
True positive ratio =
filessker'attactotal#methodourbyecteddetfilesker'attac#
21
• Realize the counter-pollution mechanisms
• Code and more details
http://networks.cs.northwestern.edu/AE/
Implementation
22
Conclusions
• Propose and evaluate two classes of attacks: locality-disruption and false-locality attacks
• Show that pollution attacks are stealthy, but powerful, and different replacement algorithms have different resiliency
• Propose and evaluate a set of scalable and effective counter-pollution mechanisms