2nd International ICST Conference on Security and Privacy in Comunication Networks

Research Article

Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification

  • @INPROCEEDINGS{10.1109/SECCOMW.2006.359534,
        author={Liang Xie and Sencun Zhu},
        title={Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification},
        proceedings={2nd International ICST Conference on Security and Privacy in Comunication Networks},
        publisher={IEEE},
        proceedings_a={SECURECOMM},
        year={2007},
        month={5},
        keywords={Overlay networks multicast message dropping attacks network dynamics.},
        doi={10.1109/SECCOMW.2006.359534}
    }
    
  • Liang Xie
    Sencun Zhu
    Year: 2007
    Message Dropping Attacks in Overlay Networks: Attack Detection and Attacker Identification
    SECURECOMM
    IEEE
    DOI: 10.1109/SECCOMW.2006.359534
Liang Xie1,*, Sencun Zhu2,3,*
  • 1: Department of Computer Science and Engineering, The Pennsylvania State University, University Park, PA 16802
  • 2: Department of Computer Science and Engineering.
  • 3: College of Information Sciences and Technology, The Pennsylvania State University, University Park, PA 16802
*Contact email: szhu@cse.psu.edu, lxie@cse.psu.edu

Abstract

Overlay multicast networks are used by service providers to distribute contents such as Web pages, streaming multimedia data, or security updates to a large number of users. However, such networks are extremely vulnerable to message dropping attacks by malicious or selfish nodes that intentionally drop packets they are required to forward. It is difficult to detect such attacks both efficiently and effectively, not mentioning to further identify the attackers, especially when members in the overlay switch between online/offline statuses frequently. We propose a random-sampling-based scheme to detect such attacks, and a path-resolving-based scheme to identify the attack nodes. Our schemes work for dynamic overlay networks and do not assume the global knowledge of the overlay hierarchy. Analysis and simulation results show that our schemes are bandwidth-efficient and they both have high detection/identification rates but low false positive rates