Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers

Research Article

The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems

Download180 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-05284-2_26,
        author={Eric Chan-Tin and Daniel Feldman and Nicholas Hopper and Yongdae Kim},
        title={The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems},
        proceedings={Security and Privacy in Communication Networks. 5th International ICST Conference, SecureComm 2009, Athens, Greece, September 14-18, 2009, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2012},
        month={5},
        keywords={Vivaldi Anomaly Detection Network Coordinate Systems},
        doi={10.1007/978-3-642-05284-2_26}
    }
    
  • Eric Chan-Tin
    Daniel Feldman
    Nicholas Hopper
    Yongdae Kim
    Year: 2012
    The Frog-Boiling Attack: Limitations of Anomaly Detection for Secure Network Coordinate Systems
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-05284-2_26
Eric Chan-Tin1,*, Daniel Feldman1,*, Nicholas Hopper1,*, Yongdae Kim1,*
  • 1: University of Minnesota
*Contact email: dchantin@cs.umn.edu, feldman@cs.umn.edu, hopper@cs.umn.edu, kyd@cs.umn.edu

Abstract

A network coordinate system assigns Euclidean “virtual” coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Azureus/Vuze BitTorrent client. Zage and Nita-Rotaru (CCS 2007) and independently, Kaafar (SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. We propose a new attack, Frog-Boiling, that defeats anomaly-detection based defenses in the context of network coordinate systems, and demonstrate empirically that Frog-Boiling is more disruptive than the previously known attacks. Our results suggest that a new approach is needed to solve this problem: outlier detection alone cannot be used to secure network coordinate systems.