TY - GEN
T1 - Internet cache pollution attacks and countermeasures
AU - Gao, Yan
AU - Deng, Leiwen
AU - Kuzmanovic, Aleksandar
AU - Chen, Yan
PY - 2006
Y1 - 2006
N2 - Proxy caching servers are widely deployed in today's Internet. While cooperation among proxy caches can significantly improve a network's resilience to denial-of-service (DoS) attacks, lack of cooperation can transform such servers into viable DoS targets. In this paper, we investigate a class of pollution attacks that aim to degrade a proxy's caching capabilities, either by ruining the cache file locality, or by inducing false file locality. Using simulations, we propose and evaluate the effects of pollution attacks both in web and peer-to-peer (p2p) scenarios, and reveal dramatic variability in resilience to pollution among several cache replacement policies. We develop efficient methods to detect both false-locality and locality-disruption attacks, as well as a combination of the two. To achieve high scalability for a large number of clients/requests without sacrificing the detection accuracy, we leverage streaming computation techniques, i.e., bloom filters. Evaluation results from large-scale simulations show that these mechanisms are effective and efficient in detecting and mitigating such attacks. Furthermore, a Squid-based implementation demonstrates that our protection mechanism forces the attacker to launch extremely large distributed attacks in order to succeed.
AB - Proxy caching servers are widely deployed in today's Internet. While cooperation among proxy caches can significantly improve a network's resilience to denial-of-service (DoS) attacks, lack of cooperation can transform such servers into viable DoS targets. In this paper, we investigate a class of pollution attacks that aim to degrade a proxy's caching capabilities, either by ruining the cache file locality, or by inducing false file locality. Using simulations, we propose and evaluate the effects of pollution attacks both in web and peer-to-peer (p2p) scenarios, and reveal dramatic variability in resilience to pollution among several cache replacement policies. We develop efficient methods to detect both false-locality and locality-disruption attacks, as well as a combination of the two. To achieve high scalability for a large number of clients/requests without sacrificing the detection accuracy, we leverage streaming computation techniques, i.e., bloom filters. Evaluation results from large-scale simulations show that these mechanisms are effective and efficient in detecting and mitigating such attacks. Furthermore, a Squid-based implementation demonstrates that our protection mechanism forces the attacker to launch extremely large distributed attacks in order to succeed.
UR - http://www.scopus.com/inward/record.url?scp=46149091310&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=46149091310&partnerID=8YFLogxK
U2 - 10.1109/ICNP.2006.320198
DO - 10.1109/ICNP.2006.320198
M3 - Conference contribution
AN - SCOPUS:46149091310
SN - 1424405939
SN - 9781424405930
T3 - Proceedings - International Conference on Network Protocols, ICNP
SP - 54
EP - 64
BT - Proceedings - 14th IEEE International Conference on Network Protocols, ICNP 2006
T2 - 14th IEEE International Conference on Network Protocols, ICNP 2006
Y2 - 12 November 2006 through 15 November 2006
ER -