An Adversarial Evaluation of Network Signaling and Control Mechanisms

  • Kangkook Jee
  • Stelios Sidiroglou-Douskos
  • Angelos Stavrou
  • Angelos Keromytis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6829)


Network signaling and control mechanisms are critical to coordinate such diverse defense capabilities as honeypots and honeynets, host-based defenses, and online patching systems, any one of which might issue an actionable alert and provide security-critical data. Despite considerable work in exploring the trust requirements of such defenses and in addressing the distribution speed of alerts, little work has gone into identifying how the underlying transport systems behave under adversarial scenarios.

In this paper, we evaluate the reliability and performance trade-offs for a variety of control channel mechanisms that are suitable for coordinating large-scale collaborative defenses when under attack. Our results show that the performance and reliability characteristics change drastically when one evaluates the systems under attack by a sophisticated and targeted adversary. Based on our evaluation, we explore available design choices to reinforce the reliability of the control channel mechanisms. To that end, we propose ways to construct a control scheme to improve network coverage without imposing additional overhead.


Cluster Size Attack Rate Control Channel Hybrid Network Attack Scenario 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aspnes, J., Rustagi, N., Saia, J.: Worm versus alert: Who wins in a battle for control of a large-scale network? In: Tovar, E., Tsigas, P., Fouchal, H. (eds.) OPODIS 2007. LNCS, vol. 4878, pp. 443–456. Springer, Heidelberg (2007)CrossRefGoogle Scholar
  2. 2.
    Awerbuch, B., Scheideler, C.: Towards a scalable and robust dht. Theory of Computing Systems (2009)Google Scholar
  3. 3.
    Baumgart, I., Heep, B., Krause, S.: Oversim: A flexible overlay network simulation framework. In: Proc. of IEEE GI (2007)Google Scholar
  4. 4.
    Bharambe, A., Herley, C., Padmanabhan, V.: Analyzing and improving a bittorrent network’s performance mechanisms. In: Proc. IEEE INFOCOM (2006)Google Scholar
  5. 5.
    Costa, M., Crowcroft, J., Castro, M., Rowstron, A., Zhou, L., Zhang, L., Barham, P.: Vigilante: end-to-end containment of internet worms. In: Proc. of SOSP (2005)Google Scholar
  6. 6.
    Dabek, F., Zhao, B., Druschel, P., Kubiatowicz, J., Stoica, I.: Towards a common api for structured peer-to-peer overlays. In: Kaashoek, M.F., Stoica, I. (eds.) IPTPS 2003. LNCS, vol. 2735, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  7. 7.
    Gkantsidis, C., Karagiannis, T., VojnoviC, M.: Planet scale software updates. In: Proc. of SIGCOMM (2006)Google Scholar
  8. 8.
    Hui-shan, L., Ke, X., Ming-wei, X., Yong, C.: S-chord: Hybrid topology makes chord efficient. In: Lorenz, P., Dini, P. (eds.) ICN 2005. LNCS, vol. 3421, pp. 480–487. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  9. 9.
    Karger, D., Lehman, E., Leighton, T., Panigrahy, R., Levine, M., Lewin, D.: Consistent hashing and random trees: distributed caching protocols for relieving hot spots on the world wide web. In: Proc. of STOC (1997)Google Scholar
  10. 10.
    Ktari, S., Hecker, A., Labiod, H.: Exploiting power-law node degree distribution in chord overlays. In: Proc. of NGI (2009)Google Scholar
  11. 11.
    Li, J., Stribling, J., Morris, R., Kaashoek, M., Gil, T.: A performance vs. cost framework for evaluating dht design tradeoffs under churn. In: Proc. IEEE INFOCOM (2005)Google Scholar
  12. 12.
    Loo, B., Huebsch, R., Stoica, I., Hellerstein, J.: The case for a hybrid P2P search infrastructure. In: Voelker, G.M., Shenker, S. (eds.) IPTPS 2004. LNCS, vol. 3279, pp. 141–150. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  13. 13.
    Maymounkov, P., Mazieres, D.: Kademlia: A peer-to-peer information system based on the XOR metric. In: Druschel, P., Kaashoek, M.F., Rowstron, A. (eds.) IPTPS 2002. LNCS, vol. 2429, p. 53. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  14. 14.
    Menasche, D., Rocha, A., Li, B., Towsley, D., Venkataramani, A.: Modeling content availability in peer-to-peer swarming systems. SIGMETRICS Perform. Eval. Rev. (2009)Google Scholar
  15. 15.
    Mitra, B., Peruani, F., Ghose, S., Ganguly, N.: Analyzing the vulnerability of superpeer networks against attack. In: Proc. of CCS (2007)Google Scholar
  16. 16.
    Neglia, G., Reina, G., Zhang, H., Towsley, D., Venkataramani, A., Danaher, J.: Availability in bittorrent systems. In: Proc. IEEE INFOCOM (2007)Google Scholar
  17. 17.
    Piatek, M., Isdal, T., Anderson, T., Krishnamurthy, A., Venkataramani, A.: Do incentives build robustness in bittorrent. In: Proc. of NSDI (2007)Google Scholar
  18. 18.
    Pittel, B.: On spreading a rumor. SIAM Journal on Applied Mathematics (1987)Google Scholar
  19. 19.
    Qiu, D., Srikant, R.: Modeling and performance analysis of bittorrent-like peer-to-peer networks. In: Proc. of SIGCOMM (2004)Google Scholar
  20. 20.
    Rhea, S., Chun, B., Kubiatowicz, J., Shenker, S.: Fixing the embarrassing slowness of opendht on planetlab. In: Proc. of WORLDS (2005)Google Scholar
  21. 21.
    Rhea, S., Geels, D., Roscoe, T., Kubiatowicz, J.: Handling churn in a dht. In: Proc. of the USENIX Annual Technical Conference (2004)Google Scholar
  22. 22.
    Rowstron, A., Druschel, P.: Pastry: Scalable, distributed object location and routing for large-scale peer-to-peer systems. In: IFIP/ACM International Conference on Distributed Systems Platforms, Middleware (2001)Google Scholar
  23. 23.
    Serenyi, D., Witten, B.: Rapidupdate: Peer-assisted distribution of security content. In: Proc. IPTPS (2008)Google Scholar
  24. 24.
    Shakkottai, S., Srikant, R.: Peer to peer networks for defense against internet worms. In: Proc. of Inter-Perf (2006)Google Scholar
  25. 25.
    Stoica, I., Morris, R., Karger, D., Kaashoek, M., Balakrishnan, H.: Chord: A scalable peer-to-peer lookup service for internet applications. SIGCOMM Comput. Commun. Rev. (2001)Google Scholar
  26. 26.
    VojnoviC, M., Ganesh, A.: On the race of worms, alerts, and patches. IEEE/ACM Transactions on Networking (2008)Google Scholar
  27. 27.
    Yang, B., Garcia-Molina, H.: Designing a super-peer network. In: Proc. of ICDE (2003)Google Scholar
  28. 28.
    Zaharia, M., Keshav, S.: Gossip-based search selection in hybrid peer-to-peer networks. In: Proc. of IPTPS (2006)Google Scholar
  29. 29.
    Zhu, Y., Wang, H., Hu, Y.: A super-peer based lookup in structured peer-to-peer systems. In: Proc. of PDCS (2003)Google Scholar
  30. 30.
    Zou, C., Gong, W., Towsley, D.: Worm propagation modeling and analysis under dynamic quarantine defense. In: Proc. of WORM (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Kangkook Jee
    • 1
  • Stelios Sidiroglou-Douskos
    • 2
  • Angelos Stavrou
    • 3
  • Angelos Keromytis
    • 1
  1. 1.Department of Computer ScienceColumbia UniversityUSA
  2. 2.Computer Science and Artificial Intelligence LaboratoryMITUSA
  3. 3.Department of Computer ScienceGeorge Mason UniversityUSA

Personalised recommendations