The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems

Eric Chan-Tin; Daniel Feldman; Nicholas Hopper; Yongdae Kim

doi:10.1007/978-3-642-05284-2_26

The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems

Eric Chan-Tin, Daniel Feldman, Nicholas Hopper, Yongdae Kim

Computer Science and Engineering

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

18 Scopus citations

Abstract

A network coordinate system assigns Euclidean "virtual" coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Azureus/Vuze BitTorrent client. Zage and Nita-Rotaru (CCS 2007) and independently, Kaafar et al. (SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. We propose a new attack, Frog-Boiling, that defeats anomaly-detection based defenses in the context of network coordinate systems, and demonstrate empirically that Frog-Boiling is more disruptive than the previously known attacks. Our results suggest that a new approach is needed to solve this problem: outlier detection alone cannot be used to secure network coordinate systems.

Original language	English (US)
Title of host publication	Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers
Pages	448-458
Number of pages	11
DOIs	https://doi.org/10.1007/978-3-642-05284-2_26
State	Published - 2009
Event	5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009 - Athens, Greece Duration: Sep 14 2009 → Sep 18 2009

Publication series

Name	Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering
Volume	19 LNICST
ISSN (Print)	1867-8211

Other

Other	5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009
Country/Territory	Greece
City	Athens
Period	9/14/09 → 9/18/09

Keywords

Anomaly detection
Network coordinate systems
Vivaldi

Access

10.1007/978-3-642-05284-2_26

OpenUrl availability

Full text

Cite this

Chan-Tin, E., Feldman, D., Hopper, N., & Kim, Y. (2009). The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems. In Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers (pp. 448-458). (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 19 LNICST). https://doi.org/10.1007/978-3-642-05284-2_26

The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems. / Chan-Tin, Eric; Feldman, Daniel; Hopper, Nicholas et al.
Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers. 2009. p. 448-458 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering; Vol. 19 LNICST).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Chan-Tin, E, Feldman, D, Hopper, N & Kim, Y 2009, The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems. in Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers. Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering, vol. 19 LNICST, pp. 448-458, 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009, Athens, Greece, 9/14/09. https://doi.org/10.1007/978-3-642-05284-2_26

Chan-Tin E, Feldman D, Hopper N, Kim Y. The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems. In Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers. 2009. p. 448-458. (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering). doi: 10.1007/978-3-642-05284-2_26

Chan-Tin, Eric ; Feldman, Daniel ; Hopper, Nicholas et al. / The Frog-Boiling attack : Limitations of anomaly detection for secure network coordinate systems. Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers. 2009. pp. 448-458 (Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering).

@inproceedings{5d33dbb1a7864e309ef7b18553e09cc1,

title = "The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems",

abstract = "A network coordinate system assigns Euclidean {"}virtual{"} coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Azureus/Vuze BitTorrent client. Zage and Nita-Rotaru (CCS 2007) and independently, Kaafar et al. (SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. We propose a new attack, Frog-Boiling, that defeats anomaly-detection based defenses in the context of network coordinate systems, and demonstrate empirically that Frog-Boiling is more disruptive than the previously known attacks. Our results suggest that a new approach is needed to solve this problem: outlier detection alone cannot be used to secure network coordinate systems.",

keywords = "Anomaly detection, Network coordinate systems, Vivaldi",

author = "Eric Chan-Tin and Daniel Feldman and Nicholas Hopper and Yongdae Kim",

note = "Copyright: Copyright 2013 Elsevier B.V., All rights reserved.; 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009 ; Conference date: 14-09-2009 Through 18-09-2009",

year = "2009",

doi = "10.1007/978-3-642-05284-2_26",

language = "English (US)",

isbn = "3642052835",

series = "Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering",

pages = "448--458",

booktitle = "Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers",

}

TY - GEN

T1 - The Frog-Boiling attack

T2 - 5th International ICST Conference on Security and Privacy in Communication Networks, SecureComm 2009

AU - Chan-Tin, Eric

AU - Feldman, Daniel

AU - Hopper, Nicholas

AU - Kim, Yongdae

PY - 2009

Y1 - 2009

N2 - A network coordinate system assigns Euclidean "virtual" coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Azureus/Vuze BitTorrent client. Zage and Nita-Rotaru (CCS 2007) and independently, Kaafar et al. (SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. We propose a new attack, Frog-Boiling, that defeats anomaly-detection based defenses in the context of network coordinate systems, and demonstrate empirically that Frog-Boiling is more disruptive than the previously known attacks. Our results suggest that a new approach is needed to solve this problem: outlier detection alone cannot be used to secure network coordinate systems.

AB - A network coordinate system assigns Euclidean "virtual" coordinates to every node in a network to allow easy estimation of network latency between pairs of nodes that have never contacted each other. These systems have been implemented in a variety of applications, most notably the popular Azureus/Vuze BitTorrent client. Zage and Nita-Rotaru (CCS 2007) and independently, Kaafar et al. (SIGCOMM 2007), demonstrated that several widely-cited network coordinate systems are prone to simple attacks, and proposed mechanisms to defeat these attacks using outlier detection to filter out adversarial inputs. We propose a new attack, Frog-Boiling, that defeats anomaly-detection based defenses in the context of network coordinate systems, and demonstrate empirically that Frog-Boiling is more disruptive than the previously known attacks. Our results suggest that a new approach is needed to solve this problem: outlier detection alone cannot be used to secure network coordinate systems.

KW - Anomaly detection

KW - Network coordinate systems

KW - Vivaldi

UR - http://www.scopus.com/inward/record.url?scp=84857258999&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84857258999&partnerID=8YFLogxK

U2 - 10.1007/978-3-642-05284-2_26

DO - 10.1007/978-3-642-05284-2_26

M3 - Conference contribution

AN - SCOPUS:84857258999

SN - 3642052835

SN - 9783642052835

T3 - Lecture Notes of the Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering

SP - 448

EP - 458

BT - Security and Privacy in Communication Networks - 5th International ICST Conference, SecureComm 2009, Revised Selected Papers

Y2 - 14 September 2009 through 18 September 2009

ER -

The Frog-Boiling attack: Limitations of anomaly detection for secure network coordinate systems

Abstract

Publication series

Other

Keywords

Access

OpenUrl availability

Other files and links

Fingerprint

Cite this