Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science.

Slides:

Advertisements

Similar presentations

Cost-Based Cache Replacement and Server Selection for Multimedia Proxy Across Wireless Internet Qian Zhang Zhe Xiang Wenwu Zhu Lixin Gao IEEE Transactions.

Advertisements

A Survey of Web Cache Replacement Strategies Stefan Podlipnig, Laszlo Boszormenyl University Klagenfurt ACM Computing Surveys, December 2003 Presenter:

Predicting Tor Path Compromise by Exit Port IEEE WIDA 2009December 16, 2009 Kevin Bauer, Dirk Grunwald, and Douglas Sicker University of Colorado Client.

What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.

Cache Memory By JIA HUANG. "Computer Science has only three ideas: cache, hash, trash.“ - Greg Ganger, CMU.

Cloud Download : Using Cloud Utilities to Achieve High-quality Content Distribution for Unpopular Videos Yan Huang, Tencent Research, Shanghai, China Zhenhua.

Caching Strategies in Transcoding-Enabled Proxy System for Streaming Media Distribution Networks Bo Shen Sung-Ju Lee Sujoy Basu IEEE Transactions On Multimedia,

1 School of Computing Science Simon Fraser University, Canada Modeling and Caching of P2P Traffic Mohamed Hefeeda Osama Saleh ICNP’06 15 November 2006.

Spring 2003CS 4611 Content Distribution Networks Outline Implementation Techniques Hashing Schemes Redirection Strategies.

SCAN: A Dynamic, Scalable, and Efficient Content Distribution Network Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy,

October 14, 2002MASCOTS Workload Characterization in Web Caching Hierarchies Guangwei Bai Carey Williamson Department of Computer Science University.

An Analysis of Internet Content Delivery Systems Stefan Saroiu, Krishna P. Gommadi, Richard J. Dunn, Steven D. Gribble, and Henry M. Levy Proceedings of.

1 A Framework for Lazy Replication in P2P VoD Bin Cheng 1, Lex Stein 2, Hai Jin 1, Zheng Zhang 2 1 Huazhong University of Science & Technology (HUST) 2.

Improving Proxy Cache Performance: Analysis of Three Replacement Policies Dilley, J.; Arlitt, M. A journal paper of IEEE Internet Computing, Volume: 3.

1 Denial-of-Service Resilience in P2P File Sharing Systems Dan Dumitriu (EPFL) Ed Knightly (Rice) Aleksandar Kuzmanovic (Northwestern) Ion Stoica (Berkeley)

Improving Proxy Cache Performance: Analysis of Three Replacement Policies John Dilley and Martin Arlitt IEEE internet computing volume3 Nov-Dec 1999 Chun-Fu.

Web Caching Robert Grimm New York University. Before We Get Started  Interoperability testing  Type theory 101.

Exploiting Content Localities for Efficient Search in P2P Systems Lei Guo 1 Song Jiang 2 Li Xiao 3 and Xiaodong Zhang 1 1 College of William and Mary,

1 Drafting Behind Akamai (Travelocity-Based Detouring) AoJan Su, David R. Choffnes, Aleksandar Kuzmanovic, and Fabian E. Bustamante Department of Electrical.

Countering Large-Scale Internet Pollution and Poisoning Aleksandar Kuzmanovic Northwestern University

Web Caching Robert Grimm New York University. Before We Get Started  Illustrating Results  Type Theory 101.

A Hybrid Caching Strategy for Streaming Media Files Jussara M. Almeida Derek L. Eager Mary K. Vernon University of Wisconsin-Madison University of Saskatchewan.

Measurement Based Intelligent Prefetch and Cache Technique & Intelligent Proxy Techniques in Plasma Physics LAboratories Yantai Shu, Gang Zhang, Zheng.

A Case for Delay-conscious Caching of Web Documents Peter Scheuermann, Junho Shim, Radek Vingralek Department of Electrical and Computer Engineering Northwestern.

Evaluating Content Management Techniques for Web Proxy Caches Martin Arlitt, Ludmila Cherkasova, John Dilley, Rich Friedrich and Tai Jin Hewlett-Packard.

Unconstrained Endpoint Profiling (Googling the Internet)‏ Ionut Trestian Supranamaya Ranjan Aleksandar Kuzmanovic Antonio Nucci Northwestern University.

Least Popularity-per-Byte Replacement Algorithm for a Proxy Cache Kyungbaek Kim and Daeyeon Park. Korea Advances Institute of Science and Technology (KAIST)

Personalized Ontologies for Web Search and Caching Susan Gauch Information and Telecommunications Technology Center Electrical Engineering and Computer.

By Ravi Shankar Dubasi Sivani Kavuri A Popularity-Based Prediction Model for Web Prefetching.

1 Ekow J. Otoo Frank Olken Arie Shoshani Adaptive File Caching in Distributed Systems.

Achieving Load Balance and Effective Caching in Clustered Web Servers Richard B. Bunt Derek L. Eager Gregory M. Oster Carey L. Williamson Department of.

Advanced Network Architecture Research Group 2001/11/149 th International Conference on Network Protocols Scalable Socket Buffer Tuning for High-Performance.

Defining Anomalous Behavior for Phase Change Memory

A Hardware-based Cache Pollution Filtering Mechanism for Aggressive Prefetches Georgia Institute of Technology Atlanta, GA ICPP, Kaohsiung, Taiwan,

Web Cache Replacement Policies: Properties, Limitations and Implications Fabrício Benevenuto, Fernando Duarte, Virgílio Almeida, Jussara Almeida Computer.

Using the Small-World Model to Improve Freenet Performance Hui Zhang Ashish Goel Ramesh Govindan USC.

Segment-Based Proxy Caching of Multimedia Streams Authors: Kun-Lung Wu, Philip S. Yu, and Joel L. Wolf IBM T.J. Watson Research Center Proceedings of The.

« Performance of Compressed Inverted List Caching in Search Engines » Proceedings of the International World Wide Web Conference Commitee, Beijing 2008)

TinyLFU: A Highly Efficient Cache Admission Policy

Design and Analysis of Advanced Replacement Policies for WWW Caching Kai Cheng, Yusuke Yokota, Yahiko Kambayashi Department of Social Informatics Graduate.

ECO-DNS: Expected Consistency Optimization for DNS Chen Stephanos Matsumoto Adrian Perrig © 2013 Stephanos Matsumoto1.

Advanced Network Architecture Research Group 2001/11/74 th Asia-Pacific Symposium on Information and Telecommunication Technologies Design and Implementation.

An Effective Disk Caching Algorithm in Data Grid Why Disk Caching in Data Grids?  It takes a long latency (up to several minutes) to load data from a.

Multicache-Based Content Management for Web Caching Kai Cheng and Yahiko Kambayashi Graduate School of Informatics, Kyoto University Kyoto JAPAN.

System Software Lab 1 Enhancement and Validation of Squid ’ s Cache Replacement Policy John Delley Martin Arlitt Stephane Perret WCW99 김 재 섭 EECS System.

Efficient P2P Search by Exploiting Localities in Peer Community and Individual Peers A DISC’04 paper Lei Guo 1 Song Jiang 2 Li Xiao 3 and Xiaodong Zhang.

PROP: A Scalable and Reliable P2P Assisted Proxy Streaming System Computer Science Department College of William and Mary Lei Guo, Songqing Chen, and Xiaodong.

Performance of Web Proxy Caching in Heterogeneous Bandwidth Environments IEEE Infocom, 1999 Anja Feldmann et.al. AT&T Research Lab 발표자 : 임 민 열, DB lab,

Improving Disk Throughput in Data-Intensive Servers Enrique V. Carrera and Ricardo Bianchini Department of Computer Science Rutgers University.

Evaluating Content Management Techniques for Web Proxy Caches Martin Arlitt, Ludmila Cherkasova, John Dilley, Rich Friedrich and Tai Jin Proceeding on.

August 23, 2001ITCom2001 Proxy Caching Mechanisms with Video Quality Adjustment Masahiro Sasabe Graduate School of Engineering Science Osaka University.

An Overview of Proxy Caching Algorithms Haifeng Wang.

MiddleMan: A Video Caching Proxy Server NOSSDAV 2000 Brian Smith Department of Computer Science Cornell University Ithaca, NY Soam Acharya Inktomi Corporation.

Evaluating Content Management Technique for Web Proxy Cache M. Arlitt, L. Cherkasova, J. Dilley, R. Friedrich and T. Jin MinSu Shin.

Transforming Policies into Mechanisms with Infokernel Andrea C. Arpaci-Dusseau, Remzi H. Arpaci-Dusseau, Nathan C. Burnett, Timothy E. Denehy, Thomas J.

Network-based and Attack-resilient Length Signature Generation for Zero-day Polymorphic Worms Zhichun Li 1, Lanjia Wang 2, Yan Chen 1 and Judy Fu 3 1 Lab.

Video Caching in Radio Access network: Impact on Delay and Capacity

On the Placement of Web Server Replicas Yu Cai. Paper On the Placement of Web Server Replicas Lili Qiu, Venkata N. Padmanabhan, Geoffrey M. Voelker Infocom.

#16 Application Measurement Presentation by Bobin John.

Modeling and Caching of P2P Traffic Osama Saleh Thesis Defense and Seminar 21 November 2006.

On Caching Search Engine Query Results Evangelos Markatos Evangelos Markatoshttp://archvlsi.ics.forth.gr/OS/os.html Computer Architecture and VLSI Systems.

Does Internet media traffic really follow the Zipf-like distribution? Lei Guo 1, Enhua Tan 1, Songqing Chen 2, Zhen Xiao 3, and Xiaodong Zhang 1 1 Ohio.

Internet Quarantine: Requirements for Containing Self-Propagating Code

The Impact of Replacement Granularity on Video Caching

On the Scale and Performance of Cooperative Web Proxy Caching

Evaluating Proxy Caching Algorithms in Mobile Environments

Anupam Das , Nikita Borisov

ICIEV 2014 Dhaka, Bangladesh

Web Proxy Caching Model

Unconstrained Endpoint Profiling (Googling the Internet)‏

Presentation transcript:

Internet Cache Pollution Attacks and Countermeasures Yan Gao, Leiwen Deng, Aleksandar Kuzmanovic, and Yan Chen Electrical Engineering and Computer Science Department Northwestern University

2 Outline Motivation Pollution Attacks Evaluation of Pollution Effects Counter-Pollution Techniques & Evaluation Conclusion

3 Motivation Caching has been widely applied in the Internet –Decrease the amount of requests in server side –Reduce the amount of traffic in the network –Improve the client-perceived latency Open proxy caches are used for various abuse-related activities Proxy caches themselves become victims –Little attention given to such attacks –Existing pollution attacks mostly on content pollutions on P2P systems

4 Contributions Propose a class of pollution attacks targeted against Internet proxy caches –Locality-disruption (LD) attacks –False-locality (FL) attacks Analyze the resilience of the current cache replacement algorithms to pollution attacks Propose two cache pollution detection mechanisms –Detect LD, FL attacks, and their combination –Leverage data streaming computation techniques

5 Outline Motivation Pollution Attacks Evaluation of Pollution Effects Counter-Pollution Techniques & Evaluation Conclusion

6 Pollution Attack Scenarios (I) Attacking a web cache Attacking an ISP cache

7 Pollution Attack Scenarios (II) ① ② ③ ④ ⑤ ⑥ ⑦ ⑧ Pollution attack against a local DNS server

8 Pollution Attack: Locality Disruption ….... Cache ….... Cache Before attackAfter attack Popular files New unpopular files Goal: degrade cache efficiency by ruining its file locality Activities: continuously generate requests for new unpopular files

9 Pollution Attack: False Locality ….... Cache ….... Cache Before attackAfter attack Popular files Bogus popular files Goal: degrade the hit ratio by creating false file locality Activities: repeatedly request the same set of unpopular files

10 Outline Motivation Pollution Attacks Evaluation of Pollution Effects Counter-Pollution Techniques & Evaluation Conclusion

11 Evaluation Methodology Discrete-event simulator –Multiple DoS behaviors –Multiple workload characterizing behaviors –Effects of access and local network capacities Workloads –P2P [K. Gummadi et al. ACM SOSP 03] –Web [F. Smith et al. SIGMETRICS 01] –NAT effects

12 Cache Replacement Algorithms Least Recently Used (LRU) algorithm –Evict the least recently accessed document first Least Frequently Used (LFU) algorithm –Evict the least frequently accessed document first Greedy Dual-Sized Frequency (GDSF) algorithm –Consider the frequency of the documents –Allow smaller document to be cached first –Use dynamic aging policy

13 Baseline Experiments Locality-disruption attacks Small percent of malicious requests can significantly degrade the overall hit ratio Total hit ratio = Including attackers’ requests and regular users’ requests Stealthy! (4%)

14 Baseline Experiments False-locality attacks Total hit ratio is not a good indicator for attacks

15 BHR(n)—byte hit ratio of regular clients without attacks BHR(a)—byte hit ratio of regular clients with attacks Byte damage ratio =

16 Replacement Algorithms Locality-disruption attacks LRU and LFU are more resilient to attacks, but still can not protect cache from pollution

17 Outline Motivation Pollution Attacks Evaluation of Pollution Effects Counter-Pollution Techniques & Evaluation Conclusion

18 Detecting Locality Disruption Attacks Observations: –Low total hit ratio –Short average life-time of all cached files Design: –Detection: compute the average durations for all files in the cache –Mitigation: recognize the attackers

19 Detecting False Locality Attacks Observations: –Clients who request a similar set of files residing in the cache –The repeated requests from the same IP to cached files Design: –Large number of repeated requests –Large percent of repeated requests Scalability: –Attacker-based detection: Bloom filter –Object-based detection: Probabilistic Counting with Stochastic Averaging (PCSA)

20 Evaluation of Pollution Detection Results for false-locality attacks, more in paper For attacker’s file detection: True positive ratio =

21 Realize the counter-pollution mechanisms Code and more details Implementation

22 Conclusions Propose and evaluate two classes of attacks: locality-disruption and false- locality attacks Show that pollution attacks are stealthy, but powerful, and different replacement algorithms have different resiliency Propose and evaluate a set of scalable and effective counter-pollution mechanisms