Final published version
Research output: Contribution to Journal/Magazine › Journal article › peer-review
Research output: Contribution to Journal/Magazine › Journal article › peer-review
}
TY - JOUR
T1 - P2P routing table poisoning: A quorum-based sanitizing approach
AU - Ismail, H.
AU - Germanus, D.
AU - Suri, Neeraj
PY - 2017/3/1
Y1 - 2017/3/1
N2 - Peer-to-Peer (P2P) protocols underlie multiple networked applications given that the P2P decentralized design inherently fosters scalability and robustness. While distributiveness and scalability are attractive features, these facets also increase exposure to malicious peers which can propagate malicious routing information. Accordingly, a diverse set of continuously evolving attacks can be mounted that can cause severe service impairments over the entire overlay network. Most proposed countermeasures focus on providing diversity or redundancy to overcome malicious routing information with their emphasis on periodic detection/removal mechanisms done locally within a peer as continuous monitoring or global sharing of peer status entails high costs. However, a local approach naturally also limits the global effectiveness prompting the need for distributed solutions. In this work, we build upon contemporary distributed solutions (that developed specific attack detection and mitigation techniques for specific overlay types and specific attacks), to propose a generalized attack detection and mitigation approach applicable to varied overlay and attack models. Consequently, we propose a novel and efficient routing table sanitizing approach that (a) is independent of a specific attack variant, lookup approach or a specific victim set, (b) continuously detects and subsequently removes malicious routing information based on distributed quorum decisions, and (c) efficiently forwards malicious information findings to other peers which allows for progressive global sanitizing. The generalized mechanism shows a high sanitizing accuracy of up to 90% when evaluated against a generalized attack scenario with various adversarial behaviors.
AB - Peer-to-Peer (P2P) protocols underlie multiple networked applications given that the P2P decentralized design inherently fosters scalability and robustness. While distributiveness and scalability are attractive features, these facets also increase exposure to malicious peers which can propagate malicious routing information. Accordingly, a diverse set of continuously evolving attacks can be mounted that can cause severe service impairments over the entire overlay network. Most proposed countermeasures focus on providing diversity or redundancy to overcome malicious routing information with their emphasis on periodic detection/removal mechanisms done locally within a peer as continuous monitoring or global sharing of peer status entails high costs. However, a local approach naturally also limits the global effectiveness prompting the need for distributed solutions. In this work, we build upon contemporary distributed solutions (that developed specific attack detection and mitigation techniques for specific overlay types and specific attacks), to propose a generalized attack detection and mitigation approach applicable to varied overlay and attack models. Consequently, we propose a novel and efficient routing table sanitizing approach that (a) is independent of a specific attack variant, lookup approach or a specific victim set, (b) continuously detects and subsequently removes malicious routing information based on distributed quorum decisions, and (c) efficiently forwards malicious information findings to other peers which allows for progressive global sanitizing. The generalized mechanism shows a high sanitizing accuracy of up to 90% when evaluated against a generalized attack scenario with various adversarial behaviors.
KW - Attacks
KW - Detection
KW - P2P
KW - Sanitizing
KW - Security
KW - Error detection
KW - Scalability
KW - Continuous monitoring
KW - Generalized mechanisms
KW - Mitigation techniques
KW - Networked applications
KW - Peer-to-peer protocols
KW - Peer to peer networks
U2 - 10.1016/j.cose.2016.12.007
DO - 10.1016/j.cose.2016.12.007
M3 - Journal article
VL - 65
SP - 283
EP - 299
JO - Computers and Security
JF - Computers and Security
SN - 0167-4048
ER -