Query-Flood DoS Attacks In Gnutella

Query-Flood DoS Query-Flood DoS Attacks In GnutellaAttacks In Gnutella

Neil Daswani and Hector Garcia-Neil Daswani and Hector Garcia-MolinaMolina

Stanford UniversityStanford University

Department of Computer ScienceDepartment of Computer Science

Problem & ApproachProblem & Approach

ProblemProblem– Gnutella: multiplicative query Gnutella: multiplicative query

broadcastbroadcast– Application-layerApplication-layer denial-of-service denial-of-service

ApproachApproach– Load balancing / provide fairnessLoad balancing / provide fairness

How does Gnutella How does Gnutella Work?Work? Super-nodesSuper-nodes MessagesMessages

– Ping / PongPing / Pong– Query / QueryHitQuery / QueryHit– PushPush

Already SeenAlready Seen Time To Live Time To Live File X-fer: HTTPFile X-fer: HTTP

Local Peers

Remote Peers

QuestionsQuestions

Which queries to drop?Which queries to drop? Traffic management policies?Traffic management policies? Effect of topology?Effect of topology? How is “damage” distributed?How is “damage” distributed?

=> Need Traffic Model & Metrics=> Need Traffic Model & Metrics

Gnutella Traffic ModelGnutella Traffic Model

Discrete-eventDiscrete-event Only super-nodes Only super-nodes

explicitly modeled explicitly modeled Only queries are Only queries are

modeledmodeled q=(origin,ttl)q=(origin,ttl) Max capacity: Max capacity:

C = 6 queries / time C = 6 queries / time unitunit

Local Peers

Remote Peers


Local Work ={q1,q2,q3}Local Work ={q1,q2,q3}

Aq1

q2

q3

B

C


Local Work ={q1,q2,q3}Local Work ={q1,q2,q3} Remote Work = Remote Work =

{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} q6q7

q8q9

q11q10

q4q5

q1q2q3

B

CA


Local vs. Remote Local vs. Remote Work:Work:– Reservation Reservation

Ratio (Ratio () ) Remote Work:Remote Work:

– How many? (IAS)How many? (IAS)– Which ones? (DS)Which ones? (DS)

q1q2q3

q4q5 q6

q7q8

q9q10q11

C

B



{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} Local Work Accepted = Local Work Accepted =

{q1}{q1} Remote Work Accepted Remote Work Accepted

==

– IIB,AB,A(1)={q4,q5}(1)={q4,q5}

– IIC,AC,A(1)={q10,q11}(1)={q10,q11}

q1q2q3

q4q5 q6

q7q8

q9q10q11

B

C



{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} Local Work Accepted = Local Work Accepted =

{q1}{q1} Remote Work Accepted Remote Work Accepted

==– IIB,AB,A(1)={q4,q5}(1)={q4,q5}– IIC,AC,A(1)={q10,q11} (1)={q10,q11}

Work Broadcasted =Work Broadcasted ={q1,q4,q5,q10,q11}{q1,q4,q5,q10,q11}

q10q11

C

B

Aq1q4

q5

A

Reservation Ratio (Reservation Ratio ())

Only used in high load situations.Only used in high load situations. Max Max C queries from local peers.C queries from local peers. Max (1-Max (1-)C queries from remote )C queries from remote

peers.peers. If If =1/3 and C=6,=1/3 and C=6,

C=(1/3)(6)=2 LocalC=(1/3)(6)=2 Localq1q2q3

B

C

A

Incoming Alloc. Incoming Alloc. StrategyStrategy (1-(1-)C=(4/6)(6)=4 Remote)C=(4/6)(6)=4 Remote IAS Possibilities:IAS Possibilities:

– Fractional:Fractional:2 from B2 from B2 from C2 from C

– Weighted:Weighted:3 from B3 from B1 from C1 from C q1

B

Cq6

q7

q8q9q4

q5

q11q10

q2

A

Drop StrategyDrop Strategy

q1

B

Cq11

q10

D

F G

Which queries Which queries to drop?to drop?

E H

q6q7

q8q9q4

q5

q2

A


q1

B

Cq11

q10

D

F

q4

q5

q6

q7

G

q8

q9

Which queries Which queries to drop?to drop?

E H

q2

A


q1

B

Cq11

q10

D

F

q4

q5

q6

q7

G

q8

q9EqualEqual

E H

q2

A


q1

B

Cq11

q10

D

F

q4

q5

q6

q7

G

q8

q9

ProportionalProportional

E H

q2

A


q1

B

Cq11

q10

D

F

q4

q5

q6

q7

G

q8

q9

PreferHighTTLPreferHighTTL

E H

q2

A


q1

B

Cq11

q10

D

F

q4

q5

q6

q7

G

q8

q9PreferLowTTLPreferLowTTL

E H

q2

Good & Malicious Good & Malicious NodesNodes Good nodes: Good nodes: = =

= 1/3= 1/3

In general, for symmetric networks:In general, for symmetric networks: = 1 / (D( = 1 / (D() + 1)) + 1)

Malicious nodes: Malicious nodes: mm = 1 = 1

B

CA

Tota

l R

em

ote

Q

ueri

es P

rocessed

0 1

K3; =2

DamageDamage

Service Guarantee: SService Guarantee: Sjj(t), S(t), Sjj(t)(t) Damage for node j (at time t): Damage for node j (at time t):

DDjj(t) = (S(t) = (Sjj(t) – S(t) – Sjj(t)) / S(t)) / Sjj(t)(t) Cumulative Network Damage:Cumulative Network Damage:

D(t) = “bad” queries / “total” queriesD(t) = “bad” queries / “total” queries

5A

B

C

D65

4A

B

C

M40

SSAA(t)=16(t)=16 SSAA(t)=8(t)=8

DDAA(t)=(16-8)/16=0.5(t)=(16-8)/16=0.5

SimulationsSimulations

Various Representative Topologies: Various Representative Topologies: KK1414, C, C1414, G, G1616, L, L1414, P, P1616, S, S1414, W, W1414

All IAS/DS described earlierAll IAS/DS described earlier Single malicious node /Single malicious node /

various placementsvarious placements Fundamental effects / trade-offsFundamental effects / trade-offs C=10,000; C=10,000; = = ; ; mm = 1; = 1; =7; t=100 =7; t=100

Results/ObservationsResults/Observations

FractionalFractional WeightedWeighted

Top(LocTop(Loc))

PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL

CompletCompletee

0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545

CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695

Grid Grid (Ctr)(Ctr)

0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569

Grid Grid (Co)(Co)

0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570

Grid Grid (Ed)(Ed)

0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553

Line Line (Ctr)(Ctr)

0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609

Line Line (Ed)(Ed)

0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346

Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612

Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534

Star Star (Ce)(Ce)

1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000

Star Star (Ed)(Ed)

0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545

Whl (Ce)Whl (Ce) 0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751

Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573


IAS/DS vs. DamageIAS/DS vs. Damage– Which IAS/DS minimizes damage?Which IAS/DS minimizes damage?– Depends upon topology?Depends upon topology?

Topology vs. DamageTopology vs. Damage– Some topologies better than others?Some topologies better than others?– Some nodes particularly vulnerable to Some nodes particularly vulnerable to

attack?attack? Damage DistributionDamage Distribution

– How is damage distributed?How is damage distributed?– Flood vs. Structural damageFlood vs. Structural damage

IAS/DS vs. DamageIAS/DS vs. Damage


Top(Loc)Top(Loc) PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL

CompleteComplete 0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545

CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695

Grid (Ctr)Grid (Ctr) 0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569

Grid (Co)Grid (Co) 0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570

Grid (Ed)Grid (Ed) 0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553

Line (Ctr)Line (Ctr) 0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609

Line (Ed)Line (Ed) 0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346

Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612

Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534

Star (Ce)Star (Ce) 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000

Star (Ed)Star (Ed) 0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545

Whl (Ce)Whl (Ce) 0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751

Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573

O1: Fractional IAS + O1: Fractional IAS + Equal or PreferHighTTL DS optimalEqual or PreferHighTTL DS optimal


O2: Weighted/Prop always worse than O2: Weighted/Prop always worse than Fractional/Equal by about 2x or moreFractional/Equal by about 2x or moreTopology Topology (Location)(Location)

Fractional/Fractional/EqualEqual

Weighted/Weighted/ProportionalProportional

Damage Damage ReductionReduction

CompletCompletee

0.1430.143 0.5450.545 3.83.8

CycleCycle 0.3140.314 0.5270.527 1.71.7

Grid (C)Grid (C) 0.2270.227 0.4540.454 2.02.0

Line (C)Line (C) 0.2480.248 0.4280.428 1.71.7

Power Power (H)(H)

0.2620.262 0.5390.539 2.12.1

Wheel Wheel (C)(C)

0.3860.386 0.7260.726 1.91.9



Top(LocTop(Loc))

PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL

PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL

CompletCompletee

0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545

CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695


0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569

Grid Grid (Co)(Co)

0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570

Grid Grid (Ed)(Ed)

0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553


0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609

Line Line (Ed)(Ed)

0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346

Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612

Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534

Star Star (Ed)(Ed)

0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545

Whl Whl (Ce)(Ce)

0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751

Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573

O3: PreferLowTTL incurs (at least as O3: PreferLowTTL incurs (at least as much or) more damage than other DSsmuch or) more damage than other DSs






Topology vs. DamageTopology vs. Damage

O4: Complete topology (K) under O4: Complete topology (K) under Frac/Eq IAS/DS least prone to damage Frac/Eq IAS/DS least prone to damage & insensitive to malicious node & insensitive to malicious node position.position.

0

0.05

0.1

0.15

0.2

0.25

0.3

0.35

0.4

K C G(Ce) G(Co) G(Ed) L(Ce) L(Ed) P(H) P(L) S(Ed) W(Ce) W(Ed)

Dam

ag

e

TopologyMalicious Node Malicious Node Positions Ce=CenterPositions Ce=CenterCo=CornerCo=CornerEd=EdgeEd=EdgeH=Highly-connectedH=Highly-connectedL=Lowly-connectedL=Lowly-connected

TopologiesTopologiesK=CompleteK=CompleteC=CycleC=CycleG=GridG=GridL=LineL=Line

P=Power-LawP=Power-LawS=StarS=StarW=WheelW=Wheel

Topology vs. DamageTopology vs. Damage

O5: Good topology is not enough. O5: Good topology is not enough. Must use good policies too.Must use good policies too.


Top(LocTop(Loc))

PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL

CompletCompletee

0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545

CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695


0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569


0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609

Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612

Whl Whl (Ce)(Ce)

0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751






Damage Distribution Damage Distribution (Cycle)(Cycle) O6: Nodes should distance themselves O6: Nodes should distance themselves

from untrusted nodes.from untrusted nodes.

Damage decreases as distance from Damage decreases as distance from malicious node increases.malicious node increases.

CC1414

Damage DistributionDamage Distribution(Cycle)(Cycle) O7: Disconnect protocols must be O7: Disconnect protocols must be

used to prevent “structural” damage.used to prevent “structural” damage.

Fractional/Equal IAS/DS minimizes Fractional/Equal IAS/DS minimizes “flood” damage in cycle topology. “flood” damage in cycle topology.

Weighted/Proportional Fractional/Equal

ConclusionConclusion

Defined model & metrics; EvaluationDefined model & metrics; Evaluation 7 observations:7 observations:

1.1. Fractional IAS + Equal or PreferHighTTL DS optimalFractional IAS + Equal or PreferHighTTL DS optimal2.2. Weighted IAS always worse than Fractional IAS by ~ 2xWeighted IAS always worse than Fractional IAS by ~ 2x3.3. PreferLowTTL incurs more damage than other DSs (or at PreferLowTTL incurs more damage than other DSs (or at

least as much)least as much)4.4. Complete topology (K) under Frac/Eq IAS/DS least prone to Complete topology (K) under Frac/Eq IAS/DS least prone to

damage & insensitive to malicious node position.damage & insensitive to malicious node position.5.5. Good topology is not enough. Must use good policy too.Good topology is not enough. Must use good policy too.6.6. Nodes should distance themselves from untrusted nodes.Nodes should distance themselves from untrusted nodes.7.7. Disconnect protocols must be used to prevent “structural” Disconnect protocols must be used to prevent “structural”

damage.damage.

Q & AQ & A

Paper & slides available at:Paper & slides available at:http://www.stanford.edu/~daswanhttp://www.stanford.edu/~daswanii

Date post:	19-Jan-2016
Category:	Documents
Upload:	menefer
View:	43 times
Download:	0 times

Query-Flood DoS Attacks In Gnutella

Documents