1 / 34

Query-Flood DoS Attacks In Gnutella

Query-Flood DoS Attacks In Gnutella. Neil Daswani and Hector Garcia-Molina Stanford University Department of Computer Science. Problem & Approach. Problem Gnutella: multiplicative query broadcast Application-layer denial-of-service Approach Load balancing / provide fairness.

menefer
Download Presentation

Query-Flood DoS Attacks In Gnutella

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Query-Flood DoS Attacks In Gnutella Neil Daswani and Hector Garcia-Molina Stanford University Department of Computer Science

  2. Problem & Approach • Problem • Gnutella: multiplicative query broadcast • Application-layer denial-of-service • Approach • Load balancing / provide fairness

  3. How does Gnutella Work? Remote Peers • Super-nodes • Messages • Ping / Pong • Query / QueryHit • Push • Already Seen • Time To Live • File X-fer: HTTP Local Peers

  4. Questions • Which queries to drop? • Traffic management policies? • Effect of topology? • How is “damage” distributed?=> Need Traffic Model & Metrics

  5. Gnutella Traffic Model Remote Peers • Discrete-event • Only super-nodes explicitly modeled • Only queries are modeled • q=(origin,ttl) • Max capacity: C = 6 queries / time unit Local Peers

  6. Gnutella Traffic Model • Local Work ={q1,q2,q3} B C A q1 q3 q2

  7. Gnutella Traffic Model • Local Work ={q1,q2,q3} • Remote Work = {q4,…,q9} {q10,q11} B q5 q7 q4 q9 q6 q8 C q11 A q10 q1 q2 q3

  8. Gnutella Traffic Model • Local vs. Remote Work: • Reservation Ratio () • Remote Work: • How many? (IAS) • Which ones? (DS) B C q5 q6 q4 q9 q7 q10 q8 q1 q11 q2 q3

  9. Gnutella Traffic Model • Local Work ={q1,q2,q3} • Remote Work = {q4,…,q9} {q10,q11} • Local Work Accepted = {q1} • Remote Work Accepted = • IB,A(1)={q4,q5} • IC,A(1)={q10,q11} B C q5 q6 q4 q9 q7 q10 q8 q1 q11 q2 q3

  10. q5 q11 q4 q10 q1 Gnutella Traffic Model • Local Work ={q1,q2,q3} • Remote Work = {q4,…,q9} {q10,q11} • Local Work Accepted = {q1} • Remote Work Accepted = • IB,A(1)={q4,q5} • IC,A(1)={q10,q11} • Work Broadcasted ={q1,q4,q5,q10,q11} B C A

  11. Reservation Ratio () • Only used in high load situations. • Max C queries from local peers. • Max (1-)C queries from remote peers. • If =1/3 and C=6, C=(1/3)(6)=2 Local B C A q1 q2 q3

  12. Incoming Alloc. Strategy • (1-)C=(4/6)(6)=4 Remote • IAS Possibilities: • Fractional:2 from B2 from C • Weighted:3 from B1 from C B q5 q7 q4 q9 q6 q8 C q11 q10 A q1 q2

  13. Drop Strategy Which queries to drop? D E H B F G q5 q7 q4 q9 q6 q8 A q11 C q1 q10 q2

  14. Drop Strategy Which queries to drop? q6 D E q9 H q4 q8 q5 q7 B F G A q11 C q1 q10 q2

  15. Drop Strategy Equal q6 q9 D E H q4 q8 q5 q7 B F G A q11 C q1 q10 q2

  16. Drop Strategy Proportional q6 D E q9 H q4 q8 q5 B q7 F G A q11 C q1 q10 q2

  17. Drop Strategy PreferHighTTL q6 D E q9 H q4 q8 q5 q7 B F G A q11 C q1 q10 q2

  18. Drop Strategy PreferLowTTL q6 q9 D E H q4 q8 q5 q7 B F G A q11 C q1 q10 q2

  19. Good & Malicious Nodes • Good nodes:  =   = 1/3 • In general, for symmetric networks: = 1 / (D() + 1) • Malicious nodes: m = 1 K3; =2 B Total Remote Queries Processed A C 0  1

  20. 5 0 M D 4 6 B B A A C C Damage • Service Guarantee: Sj(t), Sj(t) • Damage for node j (at time t): Dj(t) = (Sj(t) – Sj(t)) / Sj(t) • Cumulative Network Damage:D(t) = “bad” queries / “total” queries SA(t)=8 SA(t)=16 5 4 DA(t)=(16-8)/16=0.5

  21. Simulations • Various Representative Topologies: K14, C14, G16, L14, P16, S14, W14 • All IAS/DS described earlier • Single malicious node /various placements • Fundamental effects / trade-offs • C=10,000;  = ; m = 1; =7; t=100

  22. Results/Observations

  23. Results/Observations • IAS/DS vs. Damage • Which IAS/DS minimizes damage? • Depends upon topology? • Topology vs. Damage • Some topologies better than others? • Some nodes particularly vulnerable to attack? • Damage Distribution • How is damage distributed? • Flood vs. Structural damage

  24. IAS/DS vs. Damage • O1: Fractional IAS + Equal or PreferHighTTL DS optimal

  25. IAS/DS vs. Damage • O2: Weighted/Prop always worse than Fractional/Equal by about 2x or more

  26. IAS/DS vs. Damage • O3: PreferLowTTL incurs (at least as much or) more damage than other DSs

  27. Results/Observations • IAS/DS vs. Damage • Which IAS/DS minimizes damage? • Depends upon topology? • Topology vs. Damage • Some topologies better than others? • Some nodes particularly vulnerable to attack? • Damage Distribution • How is damage distributed? • Flood vs. Structural damage

  28. Topology vs. Damage • O4: Complete topology (K) under Frac/Eq IAS/DS least prone to damage & insensitive to malicious node position. Damage Topology Topologies K=Complete C=Cycle G=Grid L=Line Malicious Node Positions Ce=Center Co=Corner Ed=Edge H=Highly-connected L=Lowly-connected P=Power-Law S=Star W=Wheel

  29. Topology vs. Damage • O5: Good topology is not enough. Must use good policies too.

  30. Results/Observations • IAS/DS vs. Damage • Which IAS/DS minimizes damage? • Depends upon topology? • Topology vs. Damage • Some topologies better than others? • Some nodes particularly vulnerable to attack? • Damage Distribution • How is damage distributed? • Flood vs. Structural damage

  31. C14 Damage Distribution (Cycle) • O6: Nodes should distance themselves from untrusted nodes. • Damage decreases as distance from malicious node increases.

  32. Damage Distribution(Cycle) • O7: Disconnect protocols must be used to prevent “structural” damage. • Fractional/Equal IAS/DS minimizes “flood” damage in cycle topology. Weighted/Proportional Fractional/Equal

  33. Conclusion • Defined model & metrics; Evaluation • 7 observations: • Fractional IAS + Equal or PreferHighTTL DS optimal • Weighted IAS always worse than Fractional IAS by ~ 2x • PreferLowTTL incurs more damage than other DSs (or at least as much) • Complete topology (K) under Frac/Eq IAS/DS least prone to damage & insensitive to malicious node position. • Good topology is not enough. Must use good policy too. • Nodes should distance themselves from untrusted nodes. • Disconnect protocols must be used to prevent “structural” damage.

  34. Q & A • Paper & slides available at:http://www.stanford.edu/~daswani

More Related