edge-based inference, control, and dos resilience for the internet
DESCRIPTION
Edge-based Inference, Control, and DoS Resilience for the Internet. Ph.D. Thesis Presentation Aleksandar Kuzmanovic. 1969. 2004. The Internet. The system of astonishing scale and complexity. Internet Design Principles. Network as a black-box. Implications Easy to upgrade the network - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/1.jpg)
Ph.D. Thesis Presentation
Aleksandar Kuzmanovic
Edge-based Inference, Control, and DoS Resilience
for the Internet
![Page 2: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/2.jpg)
Aleksandar Kuzmanovic
The Internet
1969
The system of astonishing scale and complexity
2004
UTAH
UCLAUCS B
S R
![Page 3: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/3.jpg)
Aleksandar Kuzmanovic
Internet Design Principles
Network as a black-box
End-to-end argument [Clark84]– The core is simple
– Intelligence at the
endpoints
Implications– Easy to upgrade the
network– Easy to incrementally
deploy new services
![Page 4: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/4.jpg)
Aleksandar Kuzmanovic
Why End-Point Approach Today?
Scalability
e2e scalability
Deployability– IP and network core are not extensible and
are slowly evolving: IPv6 (10 years) IP Multicast (domain dependent)
Goal: Improve network performance right here – right now!
![Page 5: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/5.jpg)
Aleksandar Kuzmanovic
Network Performance
Internet traffic– HTTP (web browsing)– FTP (file transfer)
Fact: 95% of the traffic today is TCP-based
Performance– QoS differentiation
Net win for both HTTP and FTP flows End-point-based two-level differentiation scheme
– Denial of Service DoS attacks can demolish network performance Prevent DoS attacks via a robust end-point protocol
design
![Page 6: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/6.jpg)
Aleksandar Kuzmanovic
End-Point Service Differentiation
TCP-Low Priority– Utilizes only the excess network bandwidth
Key mechanism– Early congestion indications: one-way packet delay
Performance– Can improve the HTTP file transfers for more than 90%
when FTP flows use TCP-LP Deployability
– no changes in the network core– sender side modification of TCP
High-speed version developed in cooperation with SLAC– tested over Gb/s networks in US
http://www.ece.rice.edu/networks/TCP-LP
![Page 7: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/7.jpg)
Aleksandar Kuzmanovic
Denial of Service
A malicious way to consume resources in a network, a server cluster or in an end host, thereby denying service to other legitimate users
Example– Well-known TCP’s
vulnerability to
high-rate
non-responsive flows
Victim
Attacker
![Page 8: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/8.jpg)
Aleksandar Kuzmanovic
Design Principles - Revisited Design Principles
– Intelligence at the endpoints
– The core is simple– Trust and cooperation
among the endpoints
Implications– Easy to incrementally
implement new services.– Easy to upgrade the
network.– Large-scale system
Implement more intelligence at routers?– Scalability issue– Detect misbehaving flows
in routers is a hard problem
Needle in a haystack
Core Routers
![Page 9: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/9.jpg)
Aleksandar Kuzmanovic
Design Principles - Revisited Design Principles
– Intelligence at the endpoints
– The core is simple– Trust and cooperation
among the endpoints
Implications– Malicious clients may
misuse the intelligence.– Easy to upgrade the
network.– Large-scale system
Core Routers Implement more intelligence at routers?– Scalability issue– Detect misbehaving flows
in routers is a hard problem
Needle in a haystack
![Page 10: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/10.jpg)
Aleksandar Kuzmanovic
Design Principles - Revisited Design Principles
– Intelligence at the endpoints
– The core is simple– Trust and cooperation
among the endpoints
.– Hard to detect endpoint
misbehavior.– Large-scale system
– Malicious clients may misuse the intelligence
Implications
Core Routers Implement more intelligence at routers?– Scalability issue– Detect misbehaving flows
in routers is a hard problem
Needle in a haystack
![Page 11: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/11.jpg)
Aleksandar Kuzmanovic
Design Principles - Revisited Design Principles
– Intelligence at the endpoints
– The core is simple– Trust and cooperation
among the endpoints
.– Hard to detect endpoint
misbehavior.– Large-scale system
– Malicious clients may misuse the intelligence
Implications
Core Routers Implement more intelligence at routers?– Scalability issue– Detect misbehaving flows
in routers is a hard problem
Needle in a haystack
![Page 12: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/12.jpg)
Aleksandar Kuzmanovic
End-Point Protocol Design
Performance vs. Security– End-point protocols are designed to maximize
performance, but ignore security– 95% of the Internet traffic is TCP traffic
Can have catastrophic consequences
DoS-resilient protocol design– Jointly optimize
performance
and security– Outperforms the
core-based solutions
Endpoints
![Page 13: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/13.jpg)
Aleksandar Kuzmanovic
Remaining Outline
End-point protocol vulnerabilities– Low-rate TCP-targeted DoS attacks– Receiver-based TCP stacks with a misbehaving
receiver
Limitations of network-based solutions
DoS-resilient end-point protocol design
![Page 14: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/14.jpg)
Aleksandar Kuzmanovic
Low-Rate Attacks
TCP is vulnerable to low-rate DoS attacks
DoSRate
DoS I nter- burst Period
TC P
DoS
![Page 15: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/15.jpg)
Aleksandar Kuzmanovic
TCP: a Dual Time-Scale Perspective
Two time-scales fundamentally required– RTT time-scales (~10-100 ms)
AIMD control
– RTO time-scales (RTO=SRTT+4*RTTVAR) Avoid congestion collapse
Lower-bounding the RTO parameter:– [AllPax99]: minRTO = 1 sec
to avoid spurious retransmissions
– RFC2988 recommends minRTO = 1 sec
Discrepancy between RTO and RTT tim e- scales isa key source of vulnerability to low rate attacks
![Page 16: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/16.jpg)
Aleksandar Kuzmanovic
The Low-Rate Attack
Victim
Attacker
TC
P S
en
din
g R
ate
Time
Do
S R
ate
Tim e
![Page 17: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/17.jpg)
Aleksandar Kuzmanovic
The Low-Rate Attack
At a random initial time A short burst (~RTT)
sufficient to create outage– Outage – event of
correlated packet losses that forces TCP to enter RTO mechanism
The impact of outage is distributed to all TCP flows
Victim
Attacker
Do
S R
ate
Tim e
short burst (~RTT)
random initial phase
TC
P S
en
din
g R
ate
Tim e
outage
![Page 18: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/18.jpg)
Aleksandar Kuzmanovic
The Low-Rate Attack
The outage synchronizes all TCP flows– All flows react
simultaneously and identically
backoff for minRTO The attacker stops
transmitting to elude detection
Victim
Attacker
TC
P S
en
din
g R
ate
Tim e
minRTO
Do
S R
ate
Tim erandom initial phase
![Page 19: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/19.jpg)
Aleksandar Kuzmanovic
The Low-Rate Attack
Once the TCP flows try to recover – hit them again
Exploit protocol determinism
Victim
AttackerTC
P S
en
din
g R
ate
Time
minRTO
Do
S R
ate
Tim erandom initial phase
![Page 20: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/20.jpg)
Aleksandar Kuzmanovic
The Low-Rate Attack
And keep repeating…
RTT-time-scale outages inter-spaced on minRTO periods can deny service to TCP traffic
Victim
Attacker
TC
P S
en
din
g R
ate
Tim e
minRTO minRTO
Do
S R
ate
Tim erandom initial phase
![Page 21: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/21.jpg)
Aleksandar Kuzmanovic
Low-Rate Attacks
TCP is vulnerable to low-rate DoS attacks
DoSRate
DoS I nter- burst Period
TC P
DoS
![Page 22: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/22.jpg)
Aleksandar Kuzmanovic
Vulnerability of Receiver-Based TCP to Misbehaviors
Sender-based TCP– Control functions given to the sender
RWND
CWND
SND.NXTSND.UNA
FlowControl
Re liability
Conge stion Contro l
SendMuchNextSend
Loss/Progress
se nd buffe r
SEG.ACK
SEG.WND
SEG.SEQ
SEG.ACKSEQ.WND
SEG.SEQ
RCV.NXTRCV.WNDResequencing
re cv buffe r
TC P SENDER
TC P REC EI VER
![Page 23: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/23.jpg)
Aleksandar Kuzmanovic
Receiver-Based TCP
Receiver decides how much data can be sent, and which data should be sent by the sender
DATA – ACK communication becomes REQ - DATA
Example protocols– TFRC [RFC3448], WebTP, and RCP
RCV.NXTSEG.WNDREQ.NXT
FlowControl
Reliability
Congestion Control
ReqMuchNextReq
Loss/Progress
rec v /req buf f er
SEG.REQ
SEG.DEQ
SEG.SEQ
SND.NXT Send
s end buf f er
RC P REC EI VER
RC P SENDERCWND
RWND
SEG.SEQ
SEG.REQSEG.DEQ
ReqMuch
![Page 24: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/24.jpg)
Aleksandar Kuzmanovic
Why Receiver-Based TCP?
Example: Busy web server– Receiver-based TCP distributes the state management
across a large number of clients Generally
– Whenever a feedback is needed from the receiver, receiver-based TCP has advantage over sender-based schemes due to the locality of information
Benefits [RCP03]
Performance Functionality
- Loss recovery - Seamless handoffs
- Congestion control - Server migration
- Power management for - Bandwidth aggregation
mobile devices - Web response times
- Network-specific congestion control
![Page 25: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/25.jpg)
Aleksandar Kuzmanovic
Vulnerability
Receivers decide which packets and when to be sent– Receivers remotely control servers
Receivers have both means and incentive to manipulate the congestion control algorithm – Means: open source OS– Incentive: faster web browsing & file download
Server(Sender)
Client(Receiver)
request
data?
![Page 26: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/26.jpg)
Aleksandar Kuzmanovic
Receiver-Induced DoS Attacks
Request flood attack– A misbehaving receiver floods the server with requests, which replies and congests the network
Goals– Evaluate network-based schemes
– Develop end-point solutions
Server
Requests
Malicious Client
![Page 27: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/27.jpg)
Aleksandar Kuzmanovic
Remaining Outline
End-Point protocol vulnerabilities
Limitations of network-based solutions– Low rate attacks– Misbehaving receivers
DoS-resilient end-point protocol design
Core Routers
![Page 28: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/28.jpg)
Aleksandar Kuzmanovic
Random Early Detection with Preferential Dropping
RED-PD [MFW01] designed to detect and thwart non-responsive flows– Monitors only a subset of flows at the router and
compares their rates to the targeted bandwidth (TB)
TB is computed as a TCP-fair throughput for » Observed Ploss & RTT=40ms
If Ti > TB => flow i malicious
Key questions– Can algorithms intended to find high-rate attacks
detect low-rate attacks?– Could we tune the algorithms to detect low-rate
attacks without having too many false alarms?
![Page 29: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/29.jpg)
Aleksandar Kuzmanovic
The Time-Scale Issue
Scenario: 9 TCP Sack flows with RED and RED-PD
– RED-PD detects high bandwidth flows
DoS inter-burst period < 500 ms
![Page 30: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/30.jpg)
Aleksandar Kuzmanovic
The Time-Scale Issue
Scenario: 9 TCP Sack flows with RED and RED-PD
– RED-PD detects high but fails to detect low-rate attacks bandwidth flows DoS inter-burst period > 500 ms
DoS inter-burst period < 500 ms
![Page 31: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/31.jpg)
Aleksandar Kuzmanovic
CHOKe
CHOKe [PPP00] controls misbehaving flows by preventing a flow to monopolize buffer resources
=
= Question:
– Why don’t we use CHOKe against low-rate attacks?
![Page 32: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/32.jpg)
Aleksandar Kuzmanovic
Flow Filtering Scenario
Heterogeneous RTT environment:– Short-RTT flows are the most vulnerable to low-
rate attacks
RTT
flow passno passcut- off tim e scale
outage length
Implications:– Long-RTT flows
‘collaborate’ in the attack
– Less-than bottleneck rates needed to attack short-RTT flows
![Page 33: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/33.jpg)
Aleksandar Kuzmanovic
CHOKe and Flow Filtering
C
TC P ( s ho r t-R TT)
TC P ( lo ng-R TT)
D o S DoS flow utilizes only
3.3% of the bottleneck capacity
CHOKe fails to throttle the low-rate attack against short-RTT flows
![Page 34: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/34.jpg)
Aleksandar Kuzmanovic
Request Flooding DoS Attack
Pushback [RFC3168]– Network nodes coordinate efforts to detect a
malicious (flooding) node
But in the request flooding scenario, the flooding machine is not malicious – moreover, it is a victim…
S erverMisbehaving Client
![Page 35: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/35.jpg)
Aleksandar Kuzmanovic
Bandwidth Stealing
Fact– Network-based schemes lack
the exact knowledge of end-point parameters
Example– RED-PD doesn’t know about
RTT: TB=f(Ploss, RTT=40ms)
Implication– Clients with RTT > 40 ms can
exploit this vulnerability
Algorithmic misbehavior– We generalized the TCP
formula T=f(Ploss, RTT, a, b)
– Our algorithm tells how to re-tune AIMD parameters to steal bandwidth, yet elude detection
S erverMisbehaving Client
![Page 36: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/36.jpg)
Aleksandar Kuzmanovic
Summary of Limitations
Low rate attacks– RED-PD: issue of time-scales– CHOKe: flow filtering
Misbehaving receivers– Pushback: No distinction of causes and effects– RED-PD: No knowledge of endpoint parameters
Can we do better from the endpoints?– End-point parameter randomization– End-point TCP-fairness verification
Endpoints
![Page 37: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/37.jpg)
Aleksandar Kuzmanovic
End-point minRTO Randomization
Observe: – Low-rate attacks exploit protocol determinism
minRTO=1sec Question:
– Can minRTO randomization alleviate the problem?
Approach:– Randomize the minRTO parameter –
Insight:– The most vulnerable time-scale is T=b
Wait for flows to recover and then hit them again
),(min bauniformRTO
![Page 38: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/38.jpg)
Aleksandar Kuzmanovic
End-point minRTO Randomization
TCP throughput formula on T=b time-scale of the low-rate attack
n - num ber of TCP flowsa,b - param . of unif. dist.b
ab
n
nbT
1
)(
lowaggregation
highaggregation
Spuriousre- transm issions [ AllPax99]
)1;( bbT
a
1/ 2
1
1
lowaggregation
highaggregation
Bad for short- lived ( HTTP) traffi c
)1;( abT
b
1/ 2
1
1 2
![Page 39: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/39.jpg)
Aleksandar Kuzmanovic
End-point minRTO Randomization
TCP throughput formula on T=b time-scale of the Shrew attack
Randomizing the minRTO parameter shifts and smoothes TCP’s null time-scales
Fundamental tradeoff between TCP performance and vulnerability to low-rate DoS attacks remains
n - num ber of TCP flowsa,b - param . of unif. dist.b
ab
n
nbT
1
)(
![Page 40: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/40.jpg)
Aleksandar Kuzmanovic
An End-Point Solution
Sender-side verification:– Ping Agent:
Measures RTT without a cooperation from the receiver
– TFRC Agent: Computes “TCP-
fair” rate
– Control Agent: Enforces the
sending rate
SND.NXT Send
s end buf f er
SEG.SEQ
SEG.REQSEG.DEQ
PingAgent
PNG.SND
PNG.RCV
TFRCAgent
Control Agent
RTT
Ploss
Measured Throughput
ComputedThroughput
![Page 41: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/41.jpg)
Aleksandar Kuzmanovic
Evaluation
Scenarios:– with behaving receiver (to study false positives)– with misbehaving receivers (to study detection)
End-point scheme is able to detect even very moderate misbehaviors
Slight inaccuracy for higher packet loss ratios (due to TFRC conservatism)
![Page 42: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/42.jpg)
Aleksandar Kuzmanovic
Summary
Denial of Service attacks represent a fundamental threat to today’s Internet
Network-based solutions are necessary, yet are quite often very limited
End-point protocols optimized for performance, not security
DoS-resilient protocol design Parameter randomization Ability to control the other end-point
![Page 43: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/43.jpg)
Aleksandar Kuzmanovic
Conclusions
Improve network performance via – End-point QoS differentiation– DoS-resilient protocol design
QoS differentiation– Developed, implemented, and tested TCP-LP – Can significantly improve the network performance
Denial of Service – Pro-active approach – Jointly consider both performance and security
aspects
![Page 44: Edge-based Inference, Control, and DoS Resilience for the Internet](https://reader036.vdocuments.us/reader036/viewer/2022070410/5681466b550346895db38fc4/html5/thumbnails/44.jpg)
Aleksandar Kuzmanovic
Publications
[1] Measuring Service in Multi-Class Networks, In IEEE INFOCOM 2001.
[2] Measurement Based Characterization and Classification of QoS-Enhanced Systems, In IEEE TPDS, 14(7): 671-685, 2003.
[3] TCP-LP: A Distributed Algorithm for Low Priority Data Transfer, In IEEE INFOCOM 2003.
[4] TCP-LP: Low-Priority Service via End-Point Congestion Control, To appear in IEEE/ACM ToN.
[5]* HSTCP-LP: A Protocol for Low-Priority Bulk Data Transfer in High-Speed High-RTT Networks, In PFLDnet 2004.
[6] Low-Rate TCP-Targeted Denial of Service Attacks (The Shrew vs. the Mice and Elephants), In ACM SIGCOMM 2003.
[7] Low-Rate TCP-Targeted Denial of Service Attacks and Counter Strategies, Submitted to IEEE/ACM ToN.
[8] A Performance vs. Trust Perspective in the Design of End-Point Congestion Control Protocols, In IEEE ICNP 2004.
[9] Receiver-based Congestion Control with a Misbehaving Receiver: Vulnerabilities and End-Point Solutions, Submitted to IEEE/ACM ToN.
* With R. Les Cottrell, SLAC.