Message dropping attacks in overlay networks: Attack detection and attacker identification

Overlay multicast networks are used by service providers to distribute contents such as web pages, streaming multimedia data, or security updates to a large number of users. However, such networks are extremely vulnerable to message dropping attacks by malicious or selfish nodes that intentionally drop packets they are required to forward. It is difficult to detect such attacks both efficiently and effectively, not mentioning to further identify the attackers, especially when members in the overlay switch between online/offline statuses frequently. We propose a random-sampling-based scheme to detect such attacks, and a path-resolving-based scheme to identify the attack nodes. Our schemes work for dynamic overlay networks and do not assume the global knowledge of the overlay hierarchy. Analysis and simulation results show that our schemes are bandwidthefficient and they both have high detection/identification rates but low false positive rates.