Many multicast overlay networks maintain application-specific performance goals by dynamically adapting the overlay structure when the monitored performance becomes inadequate. This adaptation results in an unstructured overlay where no neighbor selection constraints are imposed. Although such networks provide resilience to benign failures, they are susceptible to attacks conducted by adversaries that compromise overlay nodes. Previous defense solutions proposed to address attacks against overlay networks rely on strong organizational constraints and are not effective for unstructured overlays.

We identify, demonstrate and mitigate insider attacks against measurement-based adaptation mechanisms in unstructured multicast overlay networks. We propose techniques to decrease the number of incorrect adaptations by using outlier detection and limit the impact of malicious nodes by aggregating local information to derive global reputation for each node. We demonstrate the attacks and mitigation techniques through Internet deployments of a mature overlay multicast system.

In addition, we also show how the mitigation techniques we have developed effectively improve the resilience of virtual coordinate systems. Virtual coordinate systems allow hosts on the Internet to determine the latency to arbitrary hosts without actively monitoring all nodes in the network and are used to optimize overlay construction and maintenance. We demonstrate the attacks and mitigation techniques in the context of a well-known distributed virtual coordinate system using simulations based on three representative, real-life Internet topologies of hosts and corresponding round trip times (RTT).

[slides]

Cristina Nita-Rotaru is an Assistant Professor in the Department of Computer Science at Purdue University where she established the Dependable and Secure Distributed Systems Laboratory, is a member of the Center for Education and Research in Information Assurance and Security (CERIAS) and is associated with the Center for Wireless Systems and Applications (CWSA). She received her Ph.D. from Johns Hopkins University in 2003. She has served on the Technical Program Committee of numerous conferences in security, networking and distributed systems. Her research interests lie in security of distributed systems and network protocols.