research-article

(Self) Driving Under the Influence: Intoxicating Adversarial Network Inputs

Authors:

Thomas Holterbach,

Matthias Stähli,

Vincent Lenders,

Laurent VanbeverAuthors Info & Claims

HotNets '19: Proceedings of the 18th ACM Workshop on Hot Topics in Networks

Pages 34 - 42

https://doi.org/10.1145/3365609.3365850

Published: 14 November 2019 Publication History

Abstract

Traditional network control planes can be slow and require manual tinkering from operators to change their behavior. There is thus great interest in a faster, data-driven approach that uses signals from real-time traffic instead. However, the promise of fast and automatic reaction to data comes with new risks: malicious inputs designed towards negative outcomes for the network, service providers, users, and operators.

Adversarial inputs are a well-recognized problem in other areas; we show that networking applications are susceptible to them too. We characterize the attack surface of data-driven networks and examine how attackers with different privileges---from infected hosts to operator-level access---may target network infrastructure, applications, and protocols. To illustrate the problem, we present case studies with concrete attacks on recently proposed data-driven systems.

Our analysis urgently calls for a careful study of attacks and defenses in data-driven networking, with a view towards ensuring that their promise is not marred by oversights in robust design.

Supplementary Material

MP4 File (p34-meier.mp4)

Download
289.23 MB

References

[1]

Platform Lab. 2019. https://platformlab.Stanford.edu/platform-self-programming-networks.php.

[2]

Aditya Akella, Bruce Maggs, Srinivasan Seshan, and Anees Shaikh. On the Performance Benefits of Multihoming Route Control. IEEE/ACM ToN'18.

[3]

N. Akhtar and A. Mian. Threat of Adversarial Attacks on Deep Learning in Computer Vision: A Survey. IEEE Access'18.

[4]

Albert Gran Alcoz, Alexander Dietmüller, and Laurent Vanbever. SP-PIFO: Approximating Push-In First-Out Behaviors using Strict-Priority Queues. In USENIX NSDI'20.

[5]

David Andersen, Hari Balakrishnan, Frans Kaashoek, and Robert Morris. Resilient Overlay Networks. In SOSP'01.

[6]

Pat Bosshart, Dan Daly, Glen Gibb, Martin Izzard, Nick McKeown, Jennifer Rexford, Cole Schlesinger, Dan Talayco, Amin Vahdat, George Varghese, and David Walker. P4: Programming protocol-independent packet processors. ACM SIGCOMM CCR'14.

[7]

Jake Brutlag. Speed Matters for Google Web Search. 2009. https://services.google.com/fh/files/blogs/google_delayexp.pdf.

[8]

CAIDA. The CAIDA UCSD Anonymized 2013/2014/2015/2016/2018 Internet Traces. http://www.caida.org/data/passive/passive_2013_dataset.xml.

[9]

CISCO. CAM Overflow - CCNP Security Secure 642--637 Quick Reference: Cisco Layer 2 Security. 2011. http://www.ciscopress.com/articles/article.asp?p=1681033&seqNum=2.

[10]

David D Clark, Craig Partridge, J Christopher Ramming, and John T Wroclawski. A knowledge plane for the internet. In ACM conference on Applications, technologies, architectures, and protocols for computer communications. 2003.

Digital Library

[11]

Igino Corona, Giorgio Giacinto, and Fabio Roli. Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues. Information Sciences, 2013.

Digital Library

[12]

Scott A. Crosby and Dan S. Wallach. Denial of Service via Algorithmic Complexity Attacks. In USENIX Security'03.

[13]

Mo Dong, Qingxi Li, Doron Zarchy, P Brighten Godfrey, and Michael Schapira. PCC: Re-architecting Congestion Control for Consistent High Performance. In USENIX NSDI'15.

[14]

Kevin Eykholt, Ivan Evtimov, Earlence Fernandes, Bo Li, Amir Rahmati, Chaowei Xiao, Atul Prakash, Tadayoshi Kohno, and Dawn Song. Robust physical-world attacks on deep learning visual classification. In IEEE Conference on Computer Vision and Pattern Recognition. 2018.

[15]

Nick Feamster and Jennifer Rexford. Why (and how) networks should run themselves. arXiv, 2017.

[16]

Lucas Freire, Miguel Neves, Lucas Leal, Kirill Levchenko, Alberto Schaeffer-Filho, and Marinho Barcellos. Uncovering bugs in p4 programs with assertion-based verification. In ACM SOSR '18.

[17]

T. Gerbet, A. Kumar, and C. Lauradoux. The Power of Evil Choices in Bloom Filters. In IEEE/IFIP International Conference on Dependable Systems and Networks. 2015.

[18]

Mojgan Ghasemi, Theophilus Benson, and Jennifer Rexford. Dapper: Data Plane Performance Diagnosis of TCP. In ACM SOSR '17.

[19]

Sharon Goldberg, Michael Schapira, Peter Hummon, and Jennifer Rexford. How secure are secure interdomain routing protocols. ACM SIGCOMM CCR'11.

[20]

F. Gont. RFC 5927 - ICMP Attacks against TCP. 2010. https://tools.ietf.org/html/rfc5927.

[21]

Kathrin Grosse, Nicolas Papernot, Praveen Manoharan, Michael Backes, and Patrick McDaniel. Adversarial examples for malware detection. In European Symposium on Research in Computer Security. 2017.

[22]

B. Harris and R. Hunt. TCP/IP security threats and attack methods. Computer Communications. 1999.

[23]

Thomas Holterbach, Edgar Costa Molero, Maria Apostolaki, Alberto Dainotti, Stefano Vissicchio, and Laurent Vanbever. Blink: Fast connectivity recovery entirely in the data plane. In USENIX NSDI'19.

[24]

Kuo-Feng Hsu, Ryan Beckett, Ang Chen, Jennifer Rexford, Praveen Tammana, and David Walker. Contra: A Programmable System for Performance-aware Routing. In USENIX NSDI'20.

[25]

Weiwei Hu and Ying Tan. Generating adversarial malware examples for black-box attacks based on GAN. arXiv, 2017.

[26]

V. Jacobson. Congestion Avoidance and Control. ACM SIGCOMM CCR'1988.

[27]

Junchen Jiang, Vyas Sekar, Ion Stoica, and Hui Zhang. Data-Driven Networking: Harnessing the "Unreasonable Effectiveness of Data" in Network Design. 2016.

[28]

Junchen Jiang, Vyas Sekar, Ion Stoica, and Hui Zhang. Unleashing the potential of data-driven networking. In International Conference on Communication Systems and Networks. 2017.

[29]

Junchen Jiang, Shijie Sun, Vyas Sekar, and Hui Zhang. Pytheas: Enabling data-driven quality of experience optimization using group-based exploration-exploitation. In USENIX NSDI'17.

[30]

Daniel Kahneman. Thinking, fast and slow. 2011. Macmillan.

[31]

Qiao Kang, Jiarong Xing, and Ang Chen. Automated attack discovery in data plane systems. In USENIX Workshop on Cyber Security Experimentation and Test. 2019.

[32]

Alex Kirshon, Dima Gonikman, and Gabi Nakibly. Owning the Routing Table New OSPF Attacks. BlackHat Briefings and Trainings USA+. 2011.

[33]

Aleksandar Kuzmanovic and Edward W Knightly. Low-rate TCP-targeted denial of service attacks: the shrew vs. the mice and elephants. In ACM conference on Applications, technologies, architectures, and protocols for computer communications. 2003.

Digital Library

[34]

Bob Lantz, Brandon Heller, and Nick McKeown. A Network in a Laptop: Rapid Prototyping for Software-defined Networks. In HotNets'10.

[35]

Yuliang Li, Rui Miao, Changhoon Kim, and Minlan Yu. LossRadar: Fast Detection of Lost Packets in Data Center Networks. In ACM CoNEXT'16.

[36]

Yuliang Li, Rui Miao, Changhoon Kim, and Minlan Yu. FlowRadar: A Better NetFlow for Data Centers. In USENIX NSDI'16.

[37]

Jed Liu, William Hallahan, Cole Schlesinger, Milad Sharif, Jeongkeun Lee, Robert Soulé, Han Wang, Călin Caşcaval, Nick McKeown, and Nate Foster. P4V: Practical Verification for Programmable Data Planes. In ACM SIGCOMM'18.

[38]

Robert Lychev, Sharon Goldberg, and Michael Schapira. BGP Security in Partial Deployment: Is the Juice Worth the Squeeze?. In ACM SIGCOMM'13.

[39]

Hongzi Mao, Ravi Netravali, and Mohammad Alizadeh. Neural adaptive video streaming with pensieve. In ACM SIGCOMM'17.

[40]

Roland Meier, Petar Tsankov, Vincent Lenders, Laurent Vanbever, and Martin Vechev. NetHide: Secure and Practical Network Topology Obfuscation. In USENIX Security'18.

[41]

Albert Mestres, Alberto Rodriguez-Natal, Josep Carner, Pere Barlet-Ros, Eduard Alarcón, Marc Solé, Victor Muntés-Mulero, David Meyer, Sharon Barkai, Mike J Hibbett, et al. Knowledge-defined networking. In ACM SIGCOMM CCR'17.

[42]

Rui Miao, Hongyi Zeng, Changhoon Kim, Jeongkeun Lee, and Minlan Yu. SilkRoad: Making Stateful Layer-4 Load Balancing Fast and Cheap Using Switching ASICs. In ACM SIGCOMM'17.

[43]

Edgar Costa Molero, Stefano Vissicchio, and Laurent Vanbever. Hardware-accelerated network control planes. In HotNets'18.

[44]

Andres Nötzli, Jehandad Khan, Andy Fingerhut, Clark Barrett, and Peter Athanas. P4Pktgen: Automated Test Case Generation for P4 Programs. In ACM SOSR'18.

[45]

Fabien A. P. Petitcolas. Kerckhoffs' Principle. Springer US. 2011.

[46]

Davide Sanvito, Giuseppe Siracusano, and Roberto Bifulco. Can the Network Be the AI Accelerator?. In In ACM Morning Workshop on In-Network Computing. 2018.

Digital Library

[47]

Amedeo Sapio, Ibrahim Abdelaziz, Abdulla Aldilaijan, Marco Canini, and Panos Kalnis. In-Network Computation is a Dumb Idea Whose Time Has Come. In HotNets'17.

[48]

Stefan Savage, Neal Cardwell, David Wetherall, and Tom Anderson. TCP congestion control with a misbehaving receiver. ACM SIGCOMM CCR'99.

[49]

Brandon Schlinker, Hyojeong Kim, Timothy Cui, Ethan Katz-Bassett, Harsha V. Madhyastha, Italo Cunha, James Quinn, Saif Hasan, Petr Lapukhov, and Hongyi Zeng. Engineering Egress with Edge Fabric: Steering Oceans of Content to the World. In ACM SIGCOMM'17.

[50]

Mahmood Sharif, Sruti Bhagavatula, Lujo Bauer, and Michael K Reiter. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In ACM CCS'16.

[51]

Giuseppe Siracusano and Roberto Bifulco. In-network Neural Networks. arXiv, 2018.

[52]

Radu Stoenescu, Dragos Dumitrescu, Matei Popovici, Lorina Negreanu, and Costin Raiciu. Debugging P4 Programs with Vera. In ACM SIGCOMM'18.

[53]

Muhammad Usama, Junaid Qadir, and Ala Al-Fuqaha. Adversarial Attacks on Cognitive Self-Organizing Networks: The Challenge and the Way Forward. In IEEE Conference on Local Computer Networks Workshops. 2018.

[54]

Asaf Valadarsky, Michael Schapira, Dafna Shahaf, and Aviv Tamar. Learning to Route. In HotNets'17.

[55]

Yaron Velner, Kalev Alpernas, Aurojit Panda, Alexander Rabinovich, Mooly Sagiv, Scott Shenker, and Sharon Shoham. Some complexity results for stateful network verification. In International Conference on Tools and Algorithms for the Construction and Analysis of Systems. 2016.

Digital Library

[56]

Stefano Vissicchio, Olivier Tilmans, Laurent Vanbever, and Jennifer Rexford. Central control over distributed routing. In ACM SIGCOMM'15.

[57]

Weilin Xu, Yanjun Qi, and David Evans. Automatically evading classifiers. In NDSS'16.

[58]

Zhiyuan Xu, Jian Tang, Jingsong Meng, Weiyi Zhang, Yanzhi Wang, Chi Harold Liu, and Dejun Yang. Experience-driven networking: A deep reinforcement learning based approach. In IEEE INFOCOM'18.

[59]

H. Yao, C. Qiu, C. Fang, X. Chen, and F. R. Yu. A Novel Framework of Data-Driven Networking. IEEE Access'16.

[60]

KK Yap et al. Taking the Edge off with Espresso: Scale, Reliability and Programmability for Global Internet Peering. In ACM SIGCOMM'17.

Cited By

Pathak DS A HChinta SReddy DTammana P(2024)Anomaly Detection in In-Network Fast ReRoute Systems2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619865(122-130)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619865
Namyar PSchapira MGovindan RSegarra SBeckett RKakarla SArzani B(2024)End-to-End Performance Analysis of Learning-enabled SystemsProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696875(86-94)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696875
A HPathak DValluri MChinta SBedarakota AShah RTammana P(2024)Securing In-Network Fast Control Loop Systems from Adversarial Attacks2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10427291(953-961)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10427291
Show More Cited By

Recommendations

Modelling influence of Botnet features on effectiveness of DDoS attacks

The number of coordinated and targeted Distributed Denial of Service DDoS attacks in the world used both as information warfare and as economic racket is increasing. It demonstrates the importance of DDoS attack modelling in order to increase ...
Trust and Blame in Self-driving Cars Following a Successful Cyber Attack
HCI for Cybersecurity, Privacy and Trust
Abstract
Even as our ability to counter cyber attacks improves, it is inevitable that threat actors may compromise a system through either exploited vulnerabilities and/or user error. Aside from material losses, cyber attacks also undermine trust. Self-...
Cyberattacks on Self-Driving Cars and Surgical and Eldercare Robots
Robots have improved human life and increased the efficiency of performance in tasks that require precision and effort. For example, surgical robots are now used to perform precise surgical procedures and give accurate results. Moreover, robots are also ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

HotNets '19: Proceedings of the 18th ACM Workshop on Hot Topics in Networks

November 2019

176 pages

ISBN:9781450370202

DOI:10.1145/3365609

Copyright © 2019 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2019

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Qualifiers

Research-article
Research
Refereed limited

Conference

HotNets '19

Sponsor:

SIGCOMM

HotNets '19: The 18th ACM Workshop on Hot Topics in Networks

November 13 - 15, 2019

NJ, Princeton, USA

Acceptance Rates

Overall Acceptance Rate 110 of 460 submissions, 24%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

8
Total Citations
View Citations
548
Total Downloads

Downloads (Last 12 months)29
Downloads (Last 6 weeks)3

Reflects downloads up to 31 Dec 2024

Other Metrics

View Author Metrics

Citations

Cited By

Pathak DS A HChinta SReddy DTammana P(2024)Anomaly Detection in In-Network Fast ReRoute Systems2024 IFIP Networking Conference (IFIP Networking)10.23919/IFIPNetworking62109.2024.10619865(122-130)Online publication date: 3-Jun-2024
https://doi.org/10.23919/IFIPNetworking62109.2024.10619865
Namyar PSchapira MGovindan RSegarra SBeckett RKakarla SArzani B(2024)End-to-End Performance Analysis of Learning-enabled SystemsProceedings of the 23rd ACM Workshop on Hot Topics in Networks10.1145/3696348.3696875(86-94)Online publication date: 18-Nov-2024
https://dl.acm.org/doi/10.1145/3696348.3696875
A HPathak DValluri MChinta SBedarakota AShah RTammana P(2024)Securing In-Network Fast Control Loop Systems from Adversarial Attacks2024 16th International Conference on COMmunication Systems & NETworkS (COMSNETS)10.1109/COMSNETS59351.2024.10427291(953-961)Online publication date: 3-Jan-2024
https://doi.org/10.1109/COMSNETS59351.2024.10427291
Schmidt SZerwas JKellerer W(2023)AdFAT: Adversarial Flow Arrival Time Generation for Demand-Oblivious Data Center Networks2023 19th International Conference on Network and Service Management (CNSM)10.23919/CNSM59352.2023.10327896(1-5)Online publication date: 30-Oct-2023
https://doi.org/10.23919/CNSM59352.2023.10327896
S A HKumar KMajee ABedarakota ATammana PKannan PShah R(2023)In-Network Probabilistic Monitoring Primitives under the Influence of Adversarial Network InputsProceedings of the 7th Asia-Pacific Workshop on Networking10.1145/3600061.3600086(116-122)Online publication date: 29-Jun-2023
https://dl.acm.org/doi/10.1145/3600061.3600086
Cheng HXu KLi ZZhao PWang CLin XKailkhura BGoldhahn R(2022)More or Less (MoL): Defending against Multiple Perturbation Attacks on Deep Neural Networks through Model Ensemble and Compression2022 IEEE/CVF Winter Conference on Applications of Computer Vision Workshops (WACVW)10.1109/WACVW54805.2022.00071(645-655)Online publication date: Jan-2022
https://doi.org/10.1109/WACVW54805.2022.00071
Kang QXing JQiu YChen ASherwood TBerger EKozyrakis C(2021)Probabilistic profiling of stateful data planes for adversarial testingProceedings of the 26th ACM International Conference on Architectural Support for Programming Languages and Operating Systems10.1145/3445814.3446764(286-301)Online publication date: 19-Apr-2021
https://dl.acm.org/doi/10.1145/3445814.3446764
Blenk AKalmbach PZerwas JSchmid S(2021) Designing Algorithms for Data‐Driven Network Management and Control: State‐of‐the‐Art and Challenges 1 Communication Networks and Service Management in the Era of Artificial Intelligence and Machine Learning10.1002/9781119675525.ch8(175-198)Online publication date: 3-Sep-2021
https://doi.org/10.1002/9781119675525.ch8

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents