We present a scheme that enables a set of flows to acquire an unfair share of bandwidth by mounting an adversarial distributed Reduction of Quality (RoQ) attack on flows competing for that bandwidth. This adversarial behavior stands in sharp contrast to other network exploits, e.g., Denial-of-Service (DoS) attacks, whose aim is to simply take down a resource, or severely limit access to a service. The extent to which the scheme we expose is successful in slowing down competing flows determines the amount of "stolen bandwidth." We present two schemes for the construction of a RoQ attack stream that would evade detection, and thus would challenge counter-DoS techniques. Our results show the vulnerability of the Internet to the distributed nature of RoQ attacks, which could be mounted through a relatively small number of zombie clients, motivating the need for the development of counter measures. We validate our findings through simple analysis, simulations and real Internet experiments.
展开▼
