Pollution Resilience for Internet Caches

This research is supported by NSF Cyber Trust Program.

Motivation and Approach

  • Motivation.
    • Proxy caching servers are widely deployed in today's Internet. While cooperation among proxy caches can significantly improve a network's resilience to denial-of-service (DoS) attacks, lack of cooperation can transform such servers into viable DoS targets. We investigate a class of pollution attacks that aim to degrade a proxy's caching capabilities, either by ruining the cache file locality (locality disruption attack), or by inducing false file locality (false-locality attack).

  • Countermeasures.
    • We develop efficient methods to detect both false-locality and locality-disruption attacks, as well as a combination of the two. We leverage techniques such as bloom filter and probabilistic counting to achieve high scalability for a large number of clients/requests without sacrificing the detection accuracy. Once attacks being detected, we counter them by either blocking malicious clients or removing pollution files. We implement our countermeasures as an add-on program of Squid Web cache. We call this add-on program Anti-pollution Engine (AE) System.

People

Publications

  • Measurement and Diagnosis of Address-Misconfigured P2P Traffic
    Z. Li, A. Goyal, Y. Chen, and A. Kuzmanovic
    In Proceedings of IEEE INFOCOM 2010, San Diego, CA, March 2010.
    [ .pdf | .pdf.gz | .ppt ]

  • Thinning Akamai
    A.-J. Su and A. Kuzmanovic
    In Proceedings of USENIX/ACM SIGCOMM Internet Measurement Conference (IMC'08), Vouliagmeni, Greece, October 2008.
    [ .pdf | .pdf.gz | .ppt]

  • Pollution Attacks and Defenses for Internet Caching Systems
    L. Deng, Y. Gao, Y. Chen, and A. Kuzmanovic
    In Journal of Computer Networks, 52(5): 935-956, April 2008.
    [ .pdf | .pdf.gz ]
    An extended version of the ICNP 2006 paper.

  • A Poisoning-Resilient TCP Stack
    A. Mondal and A. Kuzmanovic
    In Proceedings of IEEE ICNP 2007, Beijing, China, October 2007.
    [ .pdf | .pdf.gz | .ppt ]

  • Internet Cache Pollution Attacks and Countermeasures
    Y. Gao, L. Deng, A. Kuzmanovic, and Y. Chen
    In Proceedings of IEEE ICNP 2006, Santa Barbara, CA, November 2006.
    [ .pdf | .pdf.gz | .ppt ]

Download Anti-pollution Engine System

An introduction and the source code of the Anti-pollution Engine System is available here.

November, 2009, Northwestern Networks Group