Probabilistic counting algorithms for data base applications
Journal of Computer and System Sciences
Generating representative Web workloads for network and server performance evaluation
SIGMETRICS '98/PERFORMANCE '98 Proceedings of the 1998 ACM SIGMETRICS joint international conference on Measurement and modeling of computer systems
Summary cache: a scalable wide-area Web cache sharing protocol
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication
LSAM proxy cache: a multicast distributed virtual cache
Computer Networks and ISDN Systems - Selected papers of the 3rd international caching workshop
Not all hits are created equal: cooperative proxy caching over a wide-area network
Computer Networks and ISDN Systems - Selected papers of the 3rd international caching workshop
On the scale and performance of cooperative Web proxy caching
Proceedings of the seventeenth ACM symposium on Operating systems principles
Space/time trade-offs in hash coding with allowable errors
Communications of the ACM
What TCP/IP protocol headers can tell us about the web
Proceedings of the 2001 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Flash crowds and denial of service attacks: characterization and implications for CDNs and web sites
Proceedings of the 11th international conference on World Wide Web
DNS performance and the effectiveness of caching
IEEE/ACM Transactions on Networking (TON)
Measurement, modeling, and analysis of a peer-to-peer file-sharing workload
SOSP '03 Proceedings of the nineteenth ACM symposium on Operating systems principles
Using graphic turing tests to counter automated DDoS attacks against web servers
Proceedings of the 10th ACM conference on Computer and communications security
The dark side of the Web: an open proxy's view
ACM SIGCOMM Computer Communication Review
Analyzing peer-to-peer traffic across large networks
IEEE/ACM Transactions on Networking (TON)
Characterization of a large web site population with implications for content delivery
Proceedings of the 13th international conference on World Wide Web
Content availability, pollution and poisoning in file sharing peer-to-peer networks
Proceedings of the 6th ACM conference on Electronic commerce
Denial-of-service resilience in peer-to-peer file sharing systems
SIGMETRICS '05 Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds
NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Inferring internet denial-of-service activity
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Empirical study of tolerating denial-of-service attacks with a proxy network
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
A hierarchical internet object cache
ATEC '96 Proceedings of the 1996 annual conference on USENIX Annual Technical Conference
Internet Cache Pollution Attacks and Countermeasures
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
Modeling and Caching of Peer-to-Peer Traffic
ICNP '06 Proceedings of the Proceedings of the 2006 IEEE International Conference on Network Protocols
An overview of web caching replacement algorithms
IEEE Communications Surveys & Tutorials
Efficient and adaptive Web replication using content clustering
IEEE Journal on Selected Areas in Communications
Privacy risks in named data networking: what is the cost of performance?
ACM SIGCOMM Computer Communication Review
Privacy in content-oriented networking: threats and countermeasures
ACM SIGCOMM Computer Communication Review
ACM SIGCOMM Computer Communication Review
A lightweight mechanism for detection of cache pollution attacks in Named Data Networking
Computer Networks: The International Journal of Computer and Telecommunications Networking
| Hi-index | 0.00 |
Proxy caching servers are widely deployed in today's Internet. While cooperation among proxy caches can significantly improve a network's resilience to denial-of-service (DoS) attacks, lack of cooperation can transform such servers into viable DoS targets. In this paper, we investigate a class of pollution attacks that aim to degrade a proxy's caching capabilities, either by ruining the cache file locality, or by inducing false file locality. Using simulations, we propose and evaluate the effects of pollution attacks both in Web and peer-to-peer (p2p) scenarios, and reveal dramatic variability in resilience to pollution among several cache replacement policies. We develop efficient methods to detect both false-locality and locality-disruption attacks, as well as a combination of the two. To achieve high scalability for a large number of clients/requests without sacrificing the detection accuracy, we leverage streaming computation techniques, i.e., bloom filters and probabilistic counting. Evaluation results from large-scale simulations show that these mechanisms are effective and efficient in detecting and mitigating such attacks. Furthermore, a Squid-based implementation demonstrates that our protection mechanism forces the attacker to launch extremely large distributed attacks in order to succeed.