Analysis of traffic correlation attacks on router queues

Authors:
Yan Cai;Patrick P. C. Lee;Weibo Gong;Don Towsley
Affiliations:
Department of Electrical Engineering, University of Massachusetts, Amherst, USA;Department of Computer Science and Engineering, The Chinese University of Hong Kong, Hong Kong;Department of Electrical Engineering, University of Massachusetts, Amherst, USA;Department of Computer Science, University of Massachusetts, Amherst, USA
Venue:
Computer Networks: The International Journal of Computer and Telecommunications Networking
Year:
2011

Citing 13
Cited 0

Observations on the dynamics of a congestion control algorithm: the effects of two-way traffic

SIGCOMM '91 Proceedings of the conference on Communications architecture & protocols
Heavy Tails and Long Range Dependence in On/Off Processes and Associated Fluid Models

Mathematics of Operations Research
Fluid-based analysis of a network of AQM routers supporting TCP flows with an application to RED

Proceedings of the conference on Applications, Technologies, Architectures, and Protocols for Computer Communication
Network support for IP traceback

IEEE/ACM Transactions on Networking (TON)
On the Specification of NS and Other Known On-Off Sources

On the Specification of NS and Other Known On-Off Sources
Sizing router buffers

Proceedings of the 2004 conference on Applications, technologies, architectures, and protocols for computer communications
Defending against distributed denial-of-service attacks with max-min fair server-centric router throttles

IEEE/ACM Transactions on Networking (TON)
Distributed mechanism in detecting and defending against the low-rate TCP attack

Computer Networks: The International Journal of Computer and Telecommunications Networking
Low-rate TCP-targeted denial of service attacks and counter strategies

IEEE/ACM Transactions on Networking (TON)
A queueing-theoretic foundation of available bandwidth estimation: single-hop analysis

IEEE/ACM Transactions on Networking (TON)
Botnet Research Survey

COMPSAC '08 Proceedings of the 2008 32nd Annual IEEE International Computer Software and Applications Conference
An Advanced Hybrid Peer-to-Peer Botnet

IEEE Transactions on Dependable and Secure Computing
Effect of malicious synchronization

ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Traffic burstiness is known to be undesirable for a router as it increases the router's queue length and hence the queueing delays of data flows. This poses a security problem in which an attacker intentionally introduces traffic burstiness into routers. We consider a correlation attack, whose fundamental characteristic is to correlate multiple attack flows to generate synchronized small attack bursts, in an attempt to aggregate the bursts into a large burst at a target router. In this paper, we develop an analytical, fluid-based framework that models how the correlation attack disrupts router queues and how it can be mitigated. Using Poisson Counter Stochastic Differential Equations (PCSDEs), our framework captures the dynamics of a router queue for special cases and gives the closed-form average router queue length as a function of the inter-flow correlation. To mitigate the correlation attack, we apply our analytical framework to model different pacing schemes including Markov ON-OFF pacing and rate limiting, which are respectively designed to break down the inter-flow correlation and suppress the peak rates of bursts. We verify that our fluid models conform to packet-level ns2 simulation results.