Measurement Integrity Attacks Against Network Tomography: Feasibility and Defense

Network tomography is an important tool to estimate link metrics from end-to-end network measurements. An implicit assumption in network tomography is that observed measurements indeed reflect the aggregate of link performance (i.e., seeing is believing ). However, it is not guaranteed today that th...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on dependable and secure computing 2021-11, Vol.18 (6), p.2617-2630
Main Authors: Zhao, Shangqing, Lu, Zhuo, Wang, Cliff
Format: Article
Language:English
Subjects:
attack detection and localization
attack feasibility
Cyberattack
Damage
Integrity
measurement integrity
Monitoring
Network tomography
Nodes
Routing
scapegoating
Security
Tomography
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Network tomography is an important tool to estimate link metrics from end-to-end network measurements. An implicit assumption in network tomography is that observed measurements indeed reflect the aggregate of link performance (i.e., seeing is believing ). However, it is not guaranteed today that there exists no anomaly (e.g., malicious autonomous systems and insider threats) in large-scale networks. Malicious nodes can intentionally manipulate link metrics via delaying or dropping packets to affect measurements. Will such an assumption render a vulnerability when facing attackers? The problem is of essential importance in that network tomography is developed towards effective network diagnostics and failure recovery. In this article, we demonstrate that the vulnerability is real and propose a new attack strategy, called measurement integrity attack , in which malicious nodes can substantially damage a network (e.g., delaying packets) and at the same time maliciously manipulate end-to-end measurement results such that a legitimate node is misleadingly identified as the root cause of the damage (thereby becoming a scapegoat) under network tomography. We formulate three basic attack approaches and show under what conditions attacks can be successful. We also reveal conditions to detect and locate such attacks in a network. Our theoretical and experimental results show that simply trusting measurements leads to measurement integrity vulnerabilities. Thus, existing methods should be revisited accordingly for security in various applications.
ISSN:1545-5971
1941-0018
DOI:10.1109/TDSC.2019.2958934