when seeing isn t believing
play

When Seeing Isnt Believing: On Feasibility and Detectability of - PowerPoint PPT Presentation

Nov 11, 2022 •360 likes •651 views

When Seeing Isnt Believing: On Feasibility and Detectability of Scapegoating in Network Tomography Shangqing Zhao , University of South Florida Zhuo Lu, University of South Florida Cliff Wang,

  1. When Seeing Isn’t Believing: On Feasibility and Detectability of Scapegoating in Network Tomography Shangqing Zhao , University of South Florida Zhuo Lu, University of South Florida Cliff Wang, North Carolina State University

  2. Move to Network Tomography  Motivation: If we can’t see what’s going on in a network directly, how to measure the network performance? Brain Tomography Directly access is difficult

  3. Move to Network Tomography  Motivation: If we can’t see what’s going on in a network directly, how to measure the network performance? Network Tomography Network Directly access is difficult

  4. Move to Network Tomography  Definition: Study internal characteristics (e.g. link delay) of the network from external measurements (e.g. path delay). • infer the link performance from end-to-end path measurements.  Formulation: Given 0   1 1 0    − : Routing matrix (e.g. ) R R   1 0 1 x 1 y − : Observed path measurement metrics y y 1 2 1 Based on x x y  3 2 Rx 2 3 Infer link metrics x   ˆ T 1 T x ( R R ) R y

  5. Security Concerns  Method of Network Tomography: Use the end-to-end path measurements to estimate the link metrics.  Assumption: seeing-is-believing Measurements indeed reflect the real performance aggregates over individual links.  Such assumption does not always hold in the presence of malicious nodes !!!

  6. Traditional Attack  Packet dropping attack: Intentionally drop or delay packets routed to the malicious nodes.  Black hole attack  Grey hole attack  Weak Point Very easy to be detected.  Find out the links which always suffer bad performance under network tomography.

  7. Scapegoating Attack  Key Idea: Attackers cooperatively delay or drop packets to manipulate end-to-end measurements such that a legitimate node is incorrectly identified by network tomography as the root cause of the problem.  Methodology 1. Attacks only damage the path which contains the victim. 2. Attacks be cooperative (delay or drop no packets) on other paths.

  8. Scapegoating Attack  Formulation:  Definition: link state   normal x b i l      S ( l ) uncertain b x b i l i u    abnormal x b i u o x is the performance of link . i i o b and are the lower and upper bound. b l u  Definition: link set o is the victim link set.

  9. Scapegoating Attack  Formulation:  Definition: damage   y ' y m y ' o is the measurements with Scapegoating. y o is the measurements without Scapegoating. o m is the damage caused by attacker

  10. Scapegoating Attack  Strategies: 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3  Chosen-Victim Attack • Victim set is already given.  Maximum-Damage Attack • Maximum damage to the network without knowing . m 1  Obfuscation • Make every link look mostly similar without evident outliers.

  11. Scapegoating Attack  Strategies: 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3 Example of three attacks Delay Maximum- Damage Obfuscation Chosen- Victim Link Index 1 2 3 4 5 6 7 8 9 10

  12. Scapegoating Attack  Chosen-Victim Attack: scapegoat 1 2 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3  Objective: max m 1  Subject to:   abnormal i 1   S l ( ) i  normal others

  13. Scapegoating Attack B: Drop !! M1: I can’t reach M2 through A! 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 10: M 1 - M 3 : 8 6 6 9 11: M 1 - M 3 : 8 7 9 12: M 1 - M 3 : 1 4 6 13: M 1 - M 3 : 1 4 7 9 14: M 1 - M 3 : 1 2 5 9 1: M 1 - M 2 : 1 2 3 15: M 1 - M 3 : 1 2 5 7 6 M 3 2: M 1 - M 2 : 1 2 5 10 16: M 1 - M 3 : 1 2 3 10 9 3: M 1 - M 2 : 1 4 7 10 17: M 2 - M 3 : 10 9  4: M 1 - M 2 : 1 4 7 5 3 18: M 2 - M 3 : 10 7 6 Monitors: M 1 , M 2 ,M 3 5: M 1 - M 2 : 1 4 6 9 10 19: M 2 - M 3 : 3 5 9  Attackers: B, C 6: M 1 - M 2 : 8 7 10 20: M 2 - M 3 : 3 5 7 6 7: M 1 - M 2 : 8 7 5 3 21: M 2 - M 3 : 3 2 4 6  Victim: A 8: M 1 - M 2 : 8 6 9 10 22: M 2 - M 3 : 3 2 4 7 9 9: M 1 - M 2 : 8 6 9 5 3 23: M 2 - M 3 : 3 2 1 8 6

  14. Scapegoating Attack M1: I can’t reach M3 through A! 2 1 3 M 1 M 2 A B 10 8 4 5 7 B: Drop !! C D 10: M 1 - M 3 : 8 6 6 9 11: M 1 - M 3 : 8 7 9 12: M 1 - M 3 : 1 4 6 13: M 1 - M 3 : 1 4 7 9 14: M 1 - M 3 : 1 2 5 9 1: M 1 - M 2 : 1 2 3 15: M 1 - M 3 : 1 2 5 7 6 M 3 2: M 1 - M 2 : 1 2 5 10 16: M 1 - M 3 : 1 2 3 10 9 3: M 1 - M 2 : 1 4 7 10 17: M 2 - M 3 : 10 9  4: M 1 - M 2 : 1 4 7 5 3 18: M 2 - M 3 : 10 7 6 Monitors: M 1 , M 2 ,M 3 5: M 1 - M 2 : 1 4 6 9 10 19: M 2 - M 3 : 3 5 9  Attackers: B, C 6: M 1 - M 2 : 8 7 10 20: M 2 - M 3 : 3 5 7 6  7: M 1 - M 2 : 8 7 5 3 21: M 2 - M 3 : 3 2 4 6 Victim: A 8: M 1 - M 2 : 8 6 9 10 22: M 2 - M 3 : 3 2 4 7 9 9: M 1 - M 2 : 8 6 9 5 3 23: M 2 - M 3 : 3 2 1 8 6

  15. Scapegoating Attack M1: I can reach M3 through C! 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 10: M 1 - M 3 : 8 6 6 9 11: M 1 - M 3 : 8 7 9 12: M 1 - M 3 : 1 4 6 13: M 1 - M 3 : 1 4 7 9 14: M 1 - M 3 : 1 2 5 9 1: M 1 - M 2 : 1 2 3 15: M 1 - M 3 : 1 2 5 7 6 M 3 2: M 1 - M 2 : 1 2 5 10 16: M 1 - M 3 : 1 2 3 10 9 3: M 1 - M 2 : 1 4 7 10 17: M 2 - M 3 : 10 9  4: M 1 - M 2 : 1 4 7 5 3 18: M 2 - M 3 : 10 7 6 Delivered Monitors: M 1 , M 2 ,M 3 5: M 1 - M 2 : 1 4 6 9 10 19: M 2 - M 3 : 3 5 9  Attackers: B, C 6: M 1 - M 2 : 8 7 10 20: M 2 - M 3 : 3 5 7 6 7: M 1 - M 2 : 8 7 5 3 21: M 2 - M 3 : 3 2 4 6  Victim: A 8: M 1 - M 2 : 8 6 9 10 22: M 2 - M 3 : 3 2 4 7 9 9: M 1 - M 2 : 8 6 9 5 3 23: M 2 - M 3 : 3 2 1 8 6

  16. Scapegoating Attack 2 1 3 M 1 M 2 A B 10 8 4 5 All packets through A are blocked. 7 C D All packets do not pass A are delivered. A must have some problems. 10: M 1 - M 3 : 8 6 6 9 11: M 1 - M 3 : 8 7 9 12: M 1 - M 3 : 1 4 6 13: M 1 - M 3 : 1 4 7 9 14: M 1 - M 3 : 1 2 5 9 1: M 1 - M 2 : 1 2 3 15: M 1 - M 3 : 1 2 5 7 6 M 3 2: M 1 - M 2 : 1 2 5 10 16: M 1 - M 3 : 1 2 3 10 9 3: M 1 - M 2 : 1 4 7 10 17: M 2 - M 3 : 10 9  4: M 1 - M 2 : 1 4 7 5 3 18: M 2 - M 3 : 10 7 6 Monitors: M 1 , M 2 ,M 3 5: M 1 - M 2 : 1 4 6 9 10 19: M 2 - M 3 : 3 5 9  Attackers: B, C 6: M 1 - M 2 : 8 7 10 20: M 2 - M 3 : 3 5 7 6 7: M 1 - M 2 : 8 7 5 3 21: M 2 - M 3 : 3 2 4 6  Victim: A 8: M 1 - M 2 : 8 6 9 10 22: M 2 - M 3 : 3 2 4 7 9 9: M 1 - M 2 : 8 6 9 5 3 23: M 2 - M 3 : 3 2 1 8 6

  17. Feasibility Analysis  Definition  Perfect cut: For any measurement path P containing a victim link, there always exists at least one malicious node present on P.  Imperfect cut: For at least one path P containing a victim link, there is no malicious one present on P M 2 M 2 M 1 … M 1 … M 4 … Victim … A 1 A 1 link B B D D C C … M 3 … M 3 A 2 A 2 Victim E E link (a) Perfect Cut (b) Imperfect Cut

  18. Feasibility Analysis M 2 M 1 … … A 1 B D C … M 3 A 2 E (a) Perfect Cut Theorem 1 (Feasibility under perfect cut): Scapegoating is always feasible if the set of malicious nodes can perfectly cut the set of victim links from all measurements paths.

  19. Feasibility Analysis M 2 … M 1 M 4 … A 1 B D C … M 3 A 2 E (b) Imperfect Cut Theorem 2 (Scapegoating Success Probability under Imperfect Cut): Under generic random assumptions, the scapegoating success probability is an increasing function of the number of measurement paths that include at least one victim link and at least one attacker.

  20. Detectability Analysis  Detection mechanism   ˆ exists, if Rx y',  scapegoating= ˆ  doesnot exist, if Rx=y'.  Theorem 3 (Detectability): Scapegoating is undetectable if attackers can perfectly cut victim links from measurement paths or is a square matrix; R and is detectable otherwise.

  21. Experimental Evaluation  Feasibility evaluation 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3 Chosen-Victim Attack  Link 10 has a very high delay.

  22. Experimental Evaluation  Feasibility evaluation 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3 Maximum-Damage Attack  Delay of both link 1 and 9 are high.

  23. Experimental Evaluation  Feasibility evaluation 2 1 3 M 1 M 2 A B 10 8 4 5 7 C D 6 9 M 3 Obfuscation  Delay of all links are similar.

  24. Experimental Evaluation  Success probabilities evaluation  Use the Rocketfuel datasets as topologies for wireline networks.  Use random geometric graph to generate wireless network topologies. The success probability increases as the attack presence ratio increases under Chosen-victim scapegoating.

  25. Experimental Evaluation  Success probabilities evaluation  Use the Rocketfuel datasets as topologies for wireline networks.  Use random geometric graph to generate wireless network topologies. Even one single attacker is likely to succeed, and maximum-damage attacks are always more likely than chosen-victim attacks.

  26. Experimental Evaluation  Detection evaluation Perfect attack is undetectable.

  27. Summary  All three attack strategies are practical threats in network tomography scenarios.  Perfect cut scenario is undetectable.  We should not simply trust measurements.

  28. Q&A Thanks

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Believing in God is not nearly as fanatical as the alternative. Evolution is much more

Believing in God is not nearly as fanatical as the alternative. Evolution is much more

Believing in God is not nearly as fanatical as the alternative. Evolution is much more extreme than the idea that an orderly, fully- functioning universe has a Designer Believing in the infallible word does not sound so extreme, either.

106 views • 10 slides
Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing

Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing

Walk. Train. Fight. Grow. Understanding New Testament Sanctification 1. Legalism: Believing that your acceptance with God is based upon your effort & obedience. 2. Antinomianism: Believing that your acceptance with God makes your

423 views • 15 slides
Why forecasting? Forecasting is a natural first step to decision-making Believing we know what

Why forecasting? Forecasting is a natural first step to decision-making Believing we know what

Why forecasting? Forecasting is a natural first step to decision-making Believing we know what will happen helps making decisions but mainly, makes us more confident about it! Key application areas include: weather and climate economics and

327 views • 10 slides
THE THREE VIRTUES Faith believing in something, in a grand project ; Hope desire, trust and

THE THREE VIRTUES Faith believing in something, in a grand project ; Hope desire, trust and

THE THREE VIRTUES Faith believing in something, in a grand project ; Hope desire, trust and pursuit of happiness ; Charity a labor of love, knowing how to take care of others ; What we do every day! HISTORY AND TERRITORY Tenuta Le Tre Virt is

631 views • 9 slides
Knowledge and Skepticism The Many forms of Skepticism Being skeptical means not believing

Knowledge and Skepticism The Many forms of Skepticism Being skeptical means not believing

Knowledge and Skepticism The Many forms of Skepticism Being skeptical means not believing things too easily. It involves repeated iterations of the question is that right? or how do we know that? As such, we are often told to be

347 views • 18 slides
Cataract risk at low radiation dose: Seeing is believing 1 Cataract risk at low radiation dose:

Cataract risk at low radiation dose: Seeing is believing 1 Cataract risk at low radiation dose:

Cataract risk at low radiation dose: Seeing is believing 1 Cataract risk at low radiation dose: Seeing is believing Paul Jonkergouw Radboud University Nijmegen 2 ICRP recommendations (2007) 3 ICRP recommendations (2007) 4 5 ICRP

277 views • 24 slides
OSA - LAITY AUSTRALIA 2019 Kieran J. OMahony, OSA / www.tarsus.ie JOY IN BELIEVING (1)

OSA - LAITY AUSTRALIA 2019 Kieran J. OMahony, OSA / www.tarsus.ie JOY IN BELIEVING (1)

OSA - LAITY AUSTRALIA 2019 Kieran J. OMahony, OSA / www.tarsus.ie JOY IN BELIEVING (1) Seeds of joy Realism Resources Philippians The secret And so. SEEDS OF JOY Simchat Torah The Bible St Paul And

1k views • 50 slides
keeping alert in it with an attitude of thanksgiving Colossians 4:2 Pray, believing And without

keeping alert in it with an attitude of thanksgiving Colossians 4:2 Pray, believing And without

Devote yourselves to prayer, keeping alert in it with an attitude of thanksgiving Colossians 4:2 Pray, believing And without faith it is impossible to please Him, for he who comes to God must believe that He is and that He is a rewarder of

503 views • 36 slides
Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter

Source: [5] Seeing is Believing: Proximity-based Authentication Peter Pilgerstorfer | | Peter Pilgerstorfer 03.03.2015 1 Motivation Pairing without user interaction Traditional authentication E.g. enter/confirm shared PIN

270 views • 26 slides
Ultrasound and Arthropod Pest Control: Hearing is Believing! Bhadriraju Subramanyam (Subi)

Ultrasound and Arthropod Pest Control: Hearing is Believing! Bhadriraju Subramanyam (Subi)

Ultrasound and Arthropod Pest Control: Hearing is Believing! Bhadriraju Subramanyam (Subi) Department of Grain Science and Industry Kansas State University Manhattan, KS 66506 bhs@wheat.ksu.edu Seminar outline Introduction Summary of

1.27k views • 103 slides
Th The benefit of believing in God? A A relationship with the Only, Holy, living God 1. Cant

Th The benefit of believing in God? A A relationship with the Only, Holy, living God 1. Cant

Th The benefit of believing in God? A A relationship with the Only, Holy, living God 1. Cant give what you do not have 2. Do not give what you promised God : I do and I will St Standing on on the pr promises of God 1. Put the

639 views • 19 slides
Prom 2018 9 Steps to success 1. Believing in yourself 2. Effective time management 3. Growth

Prom 2018 9 Steps to success 1. Believing in yourself 2. Effective time management 3. Growth

Prom 2018 9 Steps to success 1. Believing in yourself 2. Effective time management 3. Growth mind set 4. Innovate 5. Not holding back 6. Study hard 7. Not comparing to others 8. Opportunities 9. Wanting to do well 9.The Wilmslow Way 1. B

562 views • 16 slides
+ Religion and Belief in Workplaces and Civil Society: reimagining for 21 st Century Policy and

+ Religion and Belief in Workplaces and Civil Society: reimagining for 21 st Century Policy and

+ Religion and Belief in Workplaces and Civil Society: reimagining for 21 st Century Policy and Practice Adam Dinham + Old binaries; powerful paradigms Secular vs sacred Believing without belonging Belonging without believing Change,

414 views • 7 slides
RONNIE LETEN Atlas Copcos Annual General Meeting 26 April 2016 ONE STRONG GROUP BELIEVING

RONNIE LETEN Atlas Copcos Annual General Meeting 26 April 2016 ONE STRONG GROUP BELIEVING

RONNIE LETEN Atlas Copcos Annual General Meeting 26 April 2016 ONE STRONG GROUP BELIEVING IN DIVERSITY MANAGERS FROM ALL OVER THE WORLD Seventeen percent of managers are women SAFETY AND HEALTH Work-related accidents, number per Sick

642 views • 41 slides
Seeing is believing Food waste in the Hospitality and Food Service Sector in NI Kathryn Tims,

Seeing is believing Food waste in the Hospitality and Food Service Sector in NI Kathryn Tims,

Seeing is believing Food waste in the Hospitality and Food Service Sector in NI Kathryn Tims, KT Environmental Overview Food waste costs the business case WRAP & The Hospitality and Food Service Sector Voluntary Agreement

358 views • 23 slides
Don't Stop Believing: Saint Louis University's Journey with CONTENTdm Drew Kupsky Lori Kupsky

Don't Stop Believing: Saint Louis University's Journey with CONTENTdm Drew Kupsky Lori Kupsky

Don't Stop Believing: Saint Louis University's Journey with CONTENTdm Drew Kupsky Lori Kupsky October 7, 2010 CONTENTdm: Some technical terms Collection - the main organizational unit for CONTENTdm. Each collection can be configured with

175 views • 17 slides
An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang

An Abstract Stack Based Approach to Verified Compositional Compilation to Machine Code Yuting Wang 1 , Pierre Wilke 1 , 2 , Zhong Shao 1 Yale University 1 , CentraleSuplec 2 19 January 18 th , 2019 POPL Yuting Wang, Pierre Wilke , Zhong

251 views • 21 slides
Processing Recap Processing is a language a library an environment Variables A

Processing Recap Processing is a language a library an environment Variables A

Module 01 Processing Recap Processing is a language a library an environment Variables A variable is a named value. It has a type (which cant change) and a current value (which can change). Variables A declaration introduces

735 views • 58 slides
On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez

On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez

On Banach spaces which are weak sequentially dense in its bidual Jos e Rodr guez Universidad de Murcia Workshop on Banach spaces and Banach lattices Madrid, September 9, 2019 Research supported by Agencia Estatal de Investigaci

808 views • 44 slides
SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction

SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction

SYSC3601 Microprocessor Systems Unit 3: The Intel 8086 Addressing Modes & Instruction Encoding Topics/Reading 1. Addressing modes (Brey Ch 3) 2. Assembly and Machine Language Instruction Encoding (Brey Ch 4-7 and Appendix B) SYSC3601 2

651 views • 36 slides
? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4 5 6 7 8 9 10 11

? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4 5 6 7 8 9 10 11

Recall: Line drawing algorithm Programmer specifies (x,y) of end pixels Need algorithm to determine pixels on line path 8 Line: (3,2) -> (9,6) 7 (9,6) 6 5 ? Which intermediate 4 pixels to turn on? 3 (3,2) 2 1 0 1 2 3 4

374 views • 34 slides
Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University

Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University

Operational Semantics Coalgebraically Bartek Klin University of Cambridge, Warsaw University CMCS, Paphos, 27/03/10 Summary Structural Operational Semantics is about Defining transition relations by induction CMCS, Paphos, 27/03/10 2 / 37

1.28k views • 124 slides
Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster

Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster

Econ 350 Gorman-Lancaster Approach to Estimating Demand for New Good Gorman (1956, 1980) and Lancaster (1966, 1971) consider the problem of estimat- ing the demand for a new good. Goods X Characteristics Z Goods are packages of underlying

663 views • 28 slides
TaCLe Learning constraints in spreadsheets and tabular data Samuel Kolb, Sergey Paramonov, Tias

TaCLe Learning constraints in spreadsheets and tabular data Samuel Kolb, Sergey Paramonov, Tias

TaCLe Learning constraints in spreadsheets and tabular data Samuel Kolb, Sergey Paramonov, Tias Guns, Luc De Raedt September 6, 2017 1 / 29 Inspiration: Flash-fill 2 / 29 Inspiration: Flash-fill 2 / 29 Inspiration: Flash-fill 2 / 29

808 views • 51 slides

More recommend