Query-Flood DoS Query-Flood DoS Attacks In GnutellaAttacks In Gnutella
Neil Daswani and Hector Garcia-Neil Daswani and Hector Garcia-MolinaMolina
Stanford UniversityStanford University
Department of Computer ScienceDepartment of Computer Science
Problem & ApproachProblem & Approach
ProblemProblem– Gnutella: multiplicative query Gnutella: multiplicative query
broadcastbroadcast– Application-layerApplication-layer denial-of-service denial-of-service
ApproachApproach– Load balancing / provide fairnessLoad balancing / provide fairness
How does Gnutella How does Gnutella Work?Work? Super-nodesSuper-nodes MessagesMessages
– Ping / PongPing / Pong– Query / QueryHitQuery / QueryHit– PushPush
Already SeenAlready Seen Time To Live Time To Live File X-fer: HTTPFile X-fer: HTTP
Local Peers
Remote Peers
QuestionsQuestions
Which queries to drop?Which queries to drop? Traffic management policies?Traffic management policies? Effect of topology?Effect of topology? How is “damage” distributed?How is “damage” distributed?
=> Need Traffic Model & Metrics=> Need Traffic Model & Metrics
Gnutella Traffic ModelGnutella Traffic Model
Discrete-eventDiscrete-event Only super-nodes Only super-nodes
explicitly modeled explicitly modeled Only queries are Only queries are
modeledmodeled q=(origin,ttl)q=(origin,ttl) Max capacity: Max capacity:
C = 6 queries / time C = 6 queries / time unitunit
Local Peers
Remote Peers
Gnutella Traffic ModelGnutella Traffic Model
Local Work ={q1,q2,q3}Local Work ={q1,q2,q3}
Aq1
q2
q3
B
C
Gnutella Traffic ModelGnutella Traffic Model
Local Work ={q1,q2,q3}Local Work ={q1,q2,q3} Remote Work = Remote Work =
{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} q6q7
q8q9
q11q10
q4q5
q1q2q3
B
CA
Gnutella Traffic ModelGnutella Traffic Model
Local vs. Remote Local vs. Remote Work:Work:– Reservation Reservation
Ratio (Ratio () ) Remote Work:Remote Work:
– How many? (IAS)How many? (IAS)– Which ones? (DS)Which ones? (DS)
q1q2q3
q4q5 q6
q7q8
q9q10q11
C
B
Gnutella Traffic ModelGnutella Traffic Model
Local Work ={q1,q2,q3}Local Work ={q1,q2,q3} Remote Work = Remote Work =
{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} Local Work Accepted = Local Work Accepted =
{q1}{q1} Remote Work Accepted Remote Work Accepted
==
– IIB,AB,A(1)={q4,q5}(1)={q4,q5}
– IIC,AC,A(1)={q10,q11}(1)={q10,q11}
q1q2q3
q4q5 q6
q7q8
q9q10q11
B
C
Gnutella Traffic ModelGnutella Traffic Model
Local Work ={q1,q2,q3}Local Work ={q1,q2,q3} Remote Work = Remote Work =
{q4,…,q9} {q4,…,q9} {q10,q11} {q10,q11} Local Work Accepted = Local Work Accepted =
{q1}{q1} Remote Work Accepted Remote Work Accepted
==– IIB,AB,A(1)={q4,q5}(1)={q4,q5}– IIC,AC,A(1)={q10,q11} (1)={q10,q11}
Work Broadcasted =Work Broadcasted ={q1,q4,q5,q10,q11}{q1,q4,q5,q10,q11}
q10q11
C
B
Aq1q4
q5
A
Reservation Ratio (Reservation Ratio ())
Only used in high load situations.Only used in high load situations. Max Max C queries from local peers.C queries from local peers. Max (1-Max (1-)C queries from remote )C queries from remote
peers.peers. If If =1/3 and C=6,=1/3 and C=6,
C=(1/3)(6)=2 LocalC=(1/3)(6)=2 Localq1q2q3
B
C
A
Incoming Alloc. Incoming Alloc. StrategyStrategy (1-(1-)C=(4/6)(6)=4 Remote)C=(4/6)(6)=4 Remote IAS Possibilities:IAS Possibilities:
– Fractional:Fractional:2 from B2 from B2 from C2 from C
– Weighted:Weighted:3 from B3 from B1 from C1 from C q1
B
Cq6
q7
q8q9q4
q5
q11q10
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F G
Which queries Which queries to drop?to drop?
E H
q6q7
q8q9q4
q5
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F
q4
q5
q6
q7
G
q8
q9
Which queries Which queries to drop?to drop?
E H
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F
q4
q5
q6
q7
G
q8
q9EqualEqual
E H
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F
q4
q5
q6
q7
G
q8
q9
ProportionalProportional
E H
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F
q4
q5
q6
q7
G
q8
q9
PreferHighTTLPreferHighTTL
E H
q2
A
Drop StrategyDrop Strategy
q1
B
Cq11
q10
D
F
q4
q5
q6
q7
G
q8
q9PreferLowTTLPreferLowTTL
E H
q2
Good & Malicious Good & Malicious NodesNodes Good nodes: Good nodes: = =
= 1/3= 1/3
In general, for symmetric networks:In general, for symmetric networks: = 1 / (D( = 1 / (D() + 1)) + 1)
Malicious nodes: Malicious nodes: mm = 1 = 1
B
CA
Tota
l R
em
ote
Q
ueri
es P
rocessed
0 1
K3; =2
DamageDamage
Service Guarantee: SService Guarantee: Sjj(t), S(t), Sjj(t)(t) Damage for node j (at time t): Damage for node j (at time t):
DDjj(t) = (S(t) = (Sjj(t) – S(t) – Sjj(t)) / S(t)) / Sjj(t)(t) Cumulative Network Damage:Cumulative Network Damage:
D(t) = “bad” queries / “total” queriesD(t) = “bad” queries / “total” queries
5A
B
C
D65
4A
B
C
M40
SSAA(t)=16(t)=16 SSAA(t)=8(t)=8
DDAA(t)=(16-8)/16=0.5(t)=(16-8)/16=0.5
SimulationsSimulations
Various Representative Topologies: Various Representative Topologies: KK1414, C, C1414, G, G1616, L, L1414, P, P1616, S, S1414, W, W1414
All IAS/DS described earlierAll IAS/DS described earlier Single malicious node /Single malicious node /
various placementsvarious placements Fundamental effects / trade-offsFundamental effects / trade-offs C=10,000; C=10,000; = = ; ; mm = 1; = 1; =7; t=100 =7; t=100
Results/ObservationsResults/Observations
FractionalFractional WeightedWeighted
Top(LocTop(Loc))
PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL
CompletCompletee
0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545
CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695
Grid Grid (Ctr)(Ctr)
0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569
Grid Grid (Co)(Co)
0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570
Grid Grid (Ed)(Ed)
0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553
Line Line (Ctr)(Ctr)
0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609
Line Line (Ed)(Ed)
0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346
Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612
Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534
Star Star (Ce)(Ce)
1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000
Star Star (Ed)(Ed)
0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545
Whl (Ce)Whl (Ce) 0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751
Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573
Results/ObservationsResults/Observations
IAS/DS vs. DamageIAS/DS vs. Damage– Which IAS/DS minimizes damage?Which IAS/DS minimizes damage?– Depends upon topology?Depends upon topology?
Topology vs. DamageTopology vs. Damage– Some topologies better than others?Some topologies better than others?– Some nodes particularly vulnerable to Some nodes particularly vulnerable to
attack?attack? Damage DistributionDamage Distribution
– How is damage distributed?How is damage distributed?– Flood vs. Structural damageFlood vs. Structural damage
IAS/DS vs. DamageIAS/DS vs. Damage
FractionalFractional WeightedWeighted
Top(Loc)Top(Loc) PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL
CompleteComplete 0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545
CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695
Grid (Ctr)Grid (Ctr) 0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569
Grid (Co)Grid (Co) 0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570
Grid (Ed)Grid (Ed) 0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553
Line (Ctr)Line (Ctr) 0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609
Line (Ed)Line (Ed) 0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346
Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612
Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534
Star (Ce)Star (Ce) 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000 1.0001.000
Star (Ed)Star (Ed) 0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545
Whl (Ce)Whl (Ce) 0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751
Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573
O1: Fractional IAS + O1: Fractional IAS + Equal or PreferHighTTL DS optimalEqual or PreferHighTTL DS optimal
IAS/DS vs. DamageIAS/DS vs. Damage
O2: Weighted/Prop always worse than O2: Weighted/Prop always worse than Fractional/Equal by about 2x or moreFractional/Equal by about 2x or moreTopology Topology (Location)(Location)
Fractional/Fractional/EqualEqual
Weighted/Weighted/ProportionalProportional
Damage Damage ReductionReduction
CompletCompletee
0.1430.143 0.5450.545 3.83.8
CycleCycle 0.3140.314 0.5270.527 1.71.7
Grid (C)Grid (C) 0.2270.227 0.4540.454 2.02.0
Line (C)Line (C) 0.2480.248 0.4280.428 1.71.7
Power Power (H)(H)
0.2620.262 0.5390.539 2.12.1
Wheel Wheel (C)(C)
0.3860.386 0.7260.726 1.91.9
IAS/DS vs. DamageIAS/DS vs. Damage
FractionalFractional WeightedWeighted
Top(LocTop(Loc))
PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL
PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL
CompletCompletee
0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545
CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695
Grid Grid (Ctr)(Ctr)
0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569
Grid Grid (Co)(Co)
0.2250.225 0.1700.170 0.1870.187 0.2860.286 0.3710.371 0.2700.270 0.2470.247 0.5700.570
Grid Grid (Ed)(Ed)
0.2820.282 0.1910.191 0.2080.208 0.3780.378 0.4120.412 0.3060.306 0.2940.294 0.5530.553
Line Line (Ctr)(Ctr)
0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609
Line Line (Ed)(Ed)
0.1750.175 0.1480.148 0.1430.143 0.2750.275 0.2190.219 0.1840.184 0.1650.165 0.3460.346
Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612
Pwr (L)Pwr (L) 0.2010.201 0.1690.169 0.1930.193 0.2670.267 0.4430.443 0.3670.367 0.3860.386 0.5340.534
Star Star (Ed)(Ed)
0.1420.142 0.1430.143 0.1420.142 0.1430.143 0.5260.526 0.5060.506 0.5420.542 0.5450.545
Whl Whl (Ce)(Ce)
0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751
Whl (Ed)Whl (Ed) 0.3350.335 0.3370.337 0.3540.354 0.3880.388 0.5050.505 0.4440.444 0.5100.510 0.5730.573
O3: PreferLowTTL incurs (at least as O3: PreferLowTTL incurs (at least as much or) more damage than other DSsmuch or) more damage than other DSs
Results/ObservationsResults/Observations
IAS/DS vs. DamageIAS/DS vs. Damage– Which IAS/DS minimizes damage?Which IAS/DS minimizes damage?– Depends upon topology?Depends upon topology?
Topology vs. DamageTopology vs. Damage– Some topologies better than others?Some topologies better than others?– Some nodes particularly vulnerable to Some nodes particularly vulnerable to
attack?attack? Damage DistributionDamage Distribution
– How is damage distributed?How is damage distributed?– Flood vs. Structural damageFlood vs. Structural damage
Topology vs. DamageTopology vs. Damage
O4: Complete topology (K) under O4: Complete topology (K) under Frac/Eq IAS/DS least prone to damage Frac/Eq IAS/DS least prone to damage & insensitive to malicious node & insensitive to malicious node position.position.
0
0.05
0.1
0.15
0.2
0.25
0.3
0.35
0.4
K C G(Ce) G(Co) G(Ed) L(Ce) L(Ed) P(H) P(L) S(Ed) W(Ce) W(Ed)
Dam
ag
e
TopologyMalicious Node Malicious Node Positions Ce=CenterPositions Ce=CenterCo=CornerCo=CornerEd=EdgeEd=EdgeH=Highly-connectedH=Highly-connectedL=Lowly-connectedL=Lowly-connected
TopologiesTopologiesK=CompleteK=CompleteC=CycleC=CycleG=GridG=GridL=LineL=Line
P=Power-LawP=Power-LawS=StarS=StarW=WheelW=Wheel
Topology vs. DamageTopology vs. Damage
O5: Good topology is not enough. O5: Good topology is not enough. Must use good policies too.Must use good policies too.
FractionalFractional WeightedWeighted
Top(LocTop(Loc))
PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTLPfLwTTL PropProp EqualEqual PfHgTTLPfHgTTL PfLwTTPfLwTTLL
CompletCompletee
0.1430.143 0.1430.143 0.1430.143 0.1430.143 0.5450.545 0.5450.545 0.5450.545 0.5450.545
CycleCycle 0.3880.388 0.3140.314 0.3120.312 0.5330.533 0.5270.527 0.4590.459 0.3870.387 0.6950.695
Grid Grid (Ctr)(Ctr)
0.2730.273 0.2270.227 0.2740.274 0.2920.292 0.4540.454 0.3630.363 0.4220.422 0.5690.569
Line Line (Ctr)(Ctr)
0.3240.324 0.2480.248 0.3300.330 0.5150.515 0.4280.428 0.3060.306 0.3980.398 0.6090.609
Pwr (H)Pwr (H) 0.2720.272 0.2620.262 0.2840.284 0.3240.324 0.5390.539 0.5050.505 0.4840.484 0.6120.612
Whl Whl (Ce)(Ce)
0.3860.386 0.3860.386 0.3860.386 0.3860.386 0.7260.726 0.7510.751 0.7170.717 0.7510.751
Results/ObservationsResults/Observations
IAS/DS vs. DamageIAS/DS vs. Damage– Which IAS/DS minimizes damage?Which IAS/DS minimizes damage?– Depends upon topology?Depends upon topology?
Topology vs. DamageTopology vs. Damage– Some topologies better than others?Some topologies better than others?– Some nodes particularly vulnerable to Some nodes particularly vulnerable to
attack?attack? Damage DistributionDamage Distribution
– How is damage distributed?How is damage distributed?– Flood vs. Structural damageFlood vs. Structural damage
Damage Distribution Damage Distribution (Cycle)(Cycle) O6: Nodes should distance themselves O6: Nodes should distance themselves
from untrusted nodes.from untrusted nodes.
Damage decreases as distance from Damage decreases as distance from malicious node increases.malicious node increases.
CC1414
Damage DistributionDamage Distribution(Cycle)(Cycle) O7: Disconnect protocols must be O7: Disconnect protocols must be
used to prevent “structural” damage.used to prevent “structural” damage.
Fractional/Equal IAS/DS minimizes Fractional/Equal IAS/DS minimizes “flood” damage in cycle topology. “flood” damage in cycle topology.
Weighted/Proportional Fractional/Equal
ConclusionConclusion
Defined model & metrics; EvaluationDefined model & metrics; Evaluation 7 observations:7 observations:
1.1. Fractional IAS + Equal or PreferHighTTL DS optimalFractional IAS + Equal or PreferHighTTL DS optimal2.2. Weighted IAS always worse than Fractional IAS by ~ 2xWeighted IAS always worse than Fractional IAS by ~ 2x3.3. PreferLowTTL incurs more damage than other DSs (or at PreferLowTTL incurs more damage than other DSs (or at
least as much)least as much)4.4. Complete topology (K) under Frac/Eq IAS/DS least prone to Complete topology (K) under Frac/Eq IAS/DS least prone to
damage & insensitive to malicious node position.damage & insensitive to malicious node position.5.5. Good topology is not enough. Must use good policy too.Good topology is not enough. Must use good policy too.6.6. Nodes should distance themselves from untrusted nodes.Nodes should distance themselves from untrusted nodes.7.7. Disconnect protocols must be used to prevent “structural” Disconnect protocols must be used to prevent “structural”
damage.damage.
Q & AQ & A
Paper & slides available at:Paper & slides available at:http://www.stanford.edu/~daswanhttp://www.stanford.edu/~daswanii
Top Related