M. Guirguis, A. Bestavros, and I. Matta (USA)
Internet Security; Denial of Service; TCP; Performance Eval uation.
We present a scheme that enables a set of flows to acquire an unfair share of bandwidth by mounting an adversarial dis tributed Reduction of Quality (RoQ) attack on flows com peting for that bandwidth. This adversarial behavior stands in sharp contrast to other network exploits, e.g., Denial-of Service (DoS) attacks, whose aim is to simply take down a resource, or severely limit access to a service. The ex tent to which the scheme we expose is successful in slowing down competing flows determines the amount of "stolen band width." We present two schemes for the construction of a RoQ attack stream that would evade detection, and thus would chal lenge counter-DoS techniques. Our results show the vulnera bility of the Internet to the distributed nature of RoQ attacks, which could be mounted through a relatively small number of zombie clients, motivating the need for the development of counter measures. We validate our findings through simple analysis, simulations and real Internet experiments.
Important Links:
Go Back