Securing Application-Level Topology Estimation Networks: Facing the Frog-Boiling Attack

  • Sheila Becker
  • Jeff Seibert
  • Cristina Nita-Rotaru
  • Radu State
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6961)


Peer-to-peer real-time communication and media streaming applications optimize their performance by using application-level topology estimation services such as virtual coordinate systems. Virtual coordinate systems allow nodes in a peer-to-peer network to accurately predict latency between arbitrary nodes without the need of performing extensive measurements. However, systems that leverage virtual coordinates as supporting building blocks, are prone to attacks conducted by compromised nodes that aim at disrupting, eavesdropping, or mangling with the underlying communications.

Recent research proposed techniques to mitigate basic attacks (inflation, deflation, oscillation) considering a single attack strategy model where attackers perform only one type of attack. In this work we explore supervised machine learning techniques to mitigate more subtle yet highly effective attacks (frog-boiling, network-partition) that are able to bypass existing defenses. We evaluate our techniques on the Vivaldi system against a more complex attack strategy model, where attackers perform sequences of all known attacks against virtual coordinate systems, using both simulations and Internet deployments.


Support Vector Machine Time Slot True Positive Rate Outlier Detection Malicious Node 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Libsvm – a library for support vector machines,
  2. 2.
    p2psim: A simulator for peer-to-peer protocols,
  3. 3.
    Planetlab: An open platform for developing, deploying, and accessing planetary-scale services,
  4. 4.
    Weka—machine learning software in java,
  5. 5.
    Aggarwal, V., Feldmann, A., Scheideler, C.: Can ISPs and P2P systems co-operate for improved performance? ACM SIGCOMM Computer Communications Review (CCR) 37(3), 29–40 (2007)CrossRefGoogle Scholar
  6. 6.
    Kaafar, M.A., Mathy, L., Turletti, T., Dabbous, W.: Real attacks on virtual networks: Vivaldi out of tune. In: Proc. of LSAD (2006)Google Scholar
  7. 7.
    Bolzoni, D., Etalle, S., Hartel, P.H.: Panacea: Automating attack classification for anomaly-based network intrusion detection systems. In: Proceedings of the 12th International Symposium on Recent Advances in Intrusion Detection, RAID 2009, pp. 1–20 (2009)Google Scholar
  8. 8.
    Breiman, L., Friedman, J.H., Olshen, R.A., Stone, C.J.: Classification and Regression Trees. Wadsworth International Group, Belmont (1984)zbMATHGoogle Scholar
  9. 9.
    Burges, C.J.C.: A tutorial on support vector machines for pattern recognition. Data mining and knowledge discovery 2(2), 121–167 (1998)CrossRefGoogle Scholar
  10. 10.
    Chan-tin, E., Feldman, D., Kim, Y.: The frog-boiling attack: Limitations of anomaly detection for secure network coordinate systems. In: Chen, Y., Dimitriou, T.D., Zhou, J. (eds.) SecureComm 2009. LNICST, vol. 19, pp. 448–458. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  11. 11.
    Chan-Tin, E., Hopper, N.: Accurate and provably secure latency estimation with treeple. In: NDSS (2011)Google Scholar
  12. 12.
    Cohen, B.: Incentives build robustness in BitTorrent. In: Proc. of P2P Economics (2003)Google Scholar
  13. 13.
    Costa, M., Castro, M., Rowstron, R., Key, P.: PIC: practical Internet coordinates for distance estimation. In: Proc. of ICDCS (2004)Google Scholar
  14. 14.
    Cretu-Ciocarlie, G.F., Stavrou, A., Locasto, M.E., Stolfo, S.J.: Adaptive anomaly detection via self-calibration and dynamic updating. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 41–60. Springer, Heidelberg (2009)Google Scholar
  15. 15.
    Dabek, F., Cox, R., Kaashoek, F., Morris, R.: Vivaldi: a decentralized network coordinate system. In: Proc. of ACM SIGCOMM (2004)Google Scholar
  16. 16.
    Donnet, B., Gueye, B., Kaafar, M.A.: A survey on network coordinates systems, design and security. IEEE Communications Surveys and Tutorials (2009)Google Scholar
  17. 17.
    Francis, P., Jamin, S., Jin, C., Jin, Y., Raz, D.y., Shavitt, Y., Zhang, L.: IDMaps: A Global Internet Host Distance Estimation Service. IEEE/ACM Trans. Netw. 9, 525 (2001)CrossRefGoogle Scholar
  18. 18.
    Gummadi, K.P., Saroiu, S., Gribble, S.D.: King: Estimating latency between arbitrary internet end hosts. In: Proc. of ACM SIGCOMM-IMW (2002)Google Scholar
  19. 19.
    Haq, I.U., Ali, S., Khan, H., Khayam, S.A.: What is the impact of p2p traffic on anomaly detection? In: Jha, S., Sommer, R., Kreibich, C. (eds.) RAID 2010. LNCS, vol. 6307, pp. 1–17. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  20. 20.
    Kaafar, M.A., Mathy, L., Barakatand Kave Salamatian, C., Turletti, T., Dabbous, W.: Securing internet coordinate embedding systems. In: Proc. of SIGCOMM (2007)Google Scholar
  21. 21.
    Kaafar, M.A., Mathy, L., Turletti, T., Dabbous, W.: Virtual networks under attack: Disrupting internet coordinate systems. In: Proc. of CoNext (2006)Google Scholar
  22. 22.
    Lakhina, A., Crovella, M., Diot, C.: Diagnosing network-wide traffic anomalies. In: SIGCOMM (2004)Google Scholar
  23. 23.
    Lehman, L., Lerman, S.: Pcoord: Network position estimation using peer-to-peer measurements. In: Proc. of NCA (2004)Google Scholar
  24. 24.
    Lehman, L., Lerman, S.: A decentralized network coordinate system for robust internet distance. In: Proc. of ITNG (2006)Google Scholar
  25. 25.
    Maggi, F., Robertson, W., Kruegel, C., Vigna, G.: Protecting a moving target: Addressing web application concept drift. In: Balzarotti, D. (ed.) RAID 2009. LNCS, vol. 5758, pp. 21–40. Springer, Heidelberg (2009)Google Scholar
  26. 26.
    Ng, E., Zhang, H.: Predicting internet network distance with coordinates-based approaches. In: Proc. of INFOCOM (2002)Google Scholar
  27. 27.
    Ng, T.S.E., Zhang, H.: A network positioning system for the internet. In: Proc. of USENIX (2004)Google Scholar
  28. 28.
    Pias, M., Crowcroft, J., Wilbur, S., Bhatti, S., Harris, T.: Lighthouses for scalable distributed location. In: Kaashoek, M.F., Stoica, I. (eds.) IPTPS 2003. LNCS, vol. 2735, Springer, Heidelberg (2003)CrossRefGoogle Scholar
  29. 29.
    Quinlan, J.R.: C4.5: programs for machine learning. Morgan Kaufmann Publishers Inc., San Francisco (1993)Google Scholar
  30. 30.
    Rimac, I., Hilt, V., Tomsu, M., Gurbani, V., Marocco, E.: A Survey on Research on the Application-Layer Traffic Optimization (ALTO) Problem. RFC 6029 (Informational) (October 2010)Google Scholar
  31. 31.
    Rubinstein, B.I.P., Nelson, B., Huang, L., Joseph, A.D., Lau, S., Rao, S., Taft, N., Tygar, J.D.: Antidote: understanding and defending against poisoning of anomaly detectors. In: IMC (2009)Google Scholar
  32. 32.
    Sherr, M., Blaze, M., Thau Loo, B.: Veracity: Practical secure network coordinates via vote-based agreements. In: Proc. of USENIX ATC (2009)Google Scholar
  33. 33.
    Sommer, R., Paxson, V.: Outside the closed world: On using machine learning for network intrusion detection. In: IEEE Symposium on Security and Privacy, pp. 305–316 (2010)Google Scholar
  34. 34.
    Steiner, M., Biersack, E.W.: Where is my peer? evaluation of the vivaldi network coordinate system in azureus. In: Fratta, L., Schulzrinne, H., Takahashi, Y., Spaniol, O. (eds.) NETWORKING 2009. LNCS, vol. 5550, pp. 145–156. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  35. 35.
    Tang, L., Crovella, M.: Virtual landmarks for the internet. In: Proc. of SIGCOMM (2003)Google Scholar
  36. 36.
    Vapnik, V., Lerner, A.: Pattern recognition using generalized portrait method. Automation and Remote Control 24(6), 774–780 (1963)Google Scholar
  37. 37.
    Zage, D., Nita-Rotaru, C.: On the accuracy of decentralized network coordinate systems in adversarial networks. In: Proc. of CCS (2007)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Sheila Becker
    • 1
  • Jeff Seibert
    • 2
  • Cristina Nita-Rotaru
    • 2
  • Radu State
    • 1
  1. 1.University of Luxembourg - SnTL-1359Luxembourg
  2. 2.Purdue UniversityWest LafayetteUSA

Personalised recommendations