OceanStore: an architecture for global-scale persistent storage
ASPLOS IX Proceedings of the ninth international conference on Architectural support for programming languages and operating systems
A scalable content-addressable network
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Storage management and caching in PAST, a large-scale, persistent peer-to-peer storage utility
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Wide-area cooperative storage with CFS
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
Proceedings of the 2002 conference on Applications, technologies, architectures, and protocols for computer communications
Kademlia: A Peer-to-Peer Information System Based on the XOR Metric
IPTPS '01 Revised Papers from the First International Workshop on Peer-to-Peer Systems
Pastry: Scalable, Decentralized Object Location, and Routing for Large-Scale Peer-to-Peer Systems
Middleware '01 Proceedings of the IFIP/ACM International Conference on Distributed Systems Platforms Heidelberg
DCAP: detecting misbehaving flows via collaborative aggregate policing
ACM SIGCOMM Computer Communication Review
Internet indirection infrastructure
IEEE/ACM Transactions on Networking (TON)
Secure routing for structured peer-to-peer overlay networks
OSDI '02 Proceedings of the 5th symposium on Operating systems design and implementationCopyright restrictions prevent ACM from being able to make the PDFs for this conference available for downloading
Overcast: reliable multicasting with on overlay network
OSDI'00 Proceedings of the 4th conference on Symposium on Operating System Design & Implementation - Volume 4
Mitigating network denial-of-service through diversity-based traffic management
ACNS'05 Proceedings of the Third international conference on Applied Cryptography and Network Security
QRON: QoS-aware routing in overlay networks
IEEE Journal on Selected Areas in Communications
Tapestry: a resilient global-scale overlay for service deployment
IEEE Journal on Selected Areas in Communications
A peer-to-peer architecture for media streaming
IEEE Journal on Selected Areas in Communications
| Hi-index | 0.00 |
Peer-to-Peer (P2P) overlay networks are a flexible way of creating decentralized services. Although resilient to external Denial of Service attacks, overlay networks can be rendered inoperable by simple flooding attacks generated from insider nodes. In this paper, we study detection and containment mechanisms against insider Denial of Service (DoS) attacks for overlay networks. To counter such attacks, we introduce novel mechanisms for protecting overlay networks that exhibit well defined properties due to their structure against non-conforming (abnormal) behavior of participating nodes. We use a lightweight distributed detection mechanism that exploits inherent structural invariants of DHTs to ferret out anomalous flow behavior. We evaluate our mechanism's ability to detect attackers using our prototype implementation on web traces from IRCache served by a DHT network. Our results show that our system can detect a simple attacker whose attack traffic deviates by as little as 5% from average traffic.We also demonstrate the resiliency of our mechanism against coordinated distributed flooding attacks that involve up to 15% of overlay nodes. In addition, we verify that our detection algorithms work well, producing a low false positive rate (