We quantify the threat of network adversaries to inducing \emph{network overload} through \emph{routing attacks}, where a subset of network nodes are hijacked by an adversary. We develop routing attacks on the hijacked nodes for two objectives related to overload: \emph{no-loss throughput minimization} and \emph{loss maximization}. The first objective attempts to identify a routing attack that minimizes the network's throughput that is guaranteed to survive. We develop a polynomial-time algorithm that can output the optimal routing attack in multi-hop networks with global information on the network's topology, and an algorithm with an approximation ratio of $2$ under partial information. The second objective attempts to maximize the throughput loss. We demonstrate that this problem is NP-hard, and develop two approximation algorithms with multiplicative and additive guarantees respectively in single-hop networks. We further investigate the adversary's optimal selection of nodes to hijack that can maximize network overload. We propose a heuristic polynomial-time algorithm to solve this NP-hard problem, and prove its optimality in special cases. We validate the near-optimal performance of the proposed algorithms over a wide range of network settings. Our results demonstrate that the proposed algorithms can accurately quantify the risk of overload given an arbitrary set of hijacked nodes and identify the critical nodes that should be protected against routing attacks.
翻译:本文量化了网络攻击者通过路由攻击引发网络过载的威胁,其中部分网络节点被攻击者劫持。针对与过载相关的两个目标——无损失吞吐量最小化与损失最大化,我们为被劫持节点设计了路由攻击策略。第一项目标旨在寻找能最小化网络保证存活吞吐量的路由攻击方案。我们提出了一种多项式时间算法,可在掌握全网拓扑信息的多跳网络中输出最优路由攻击;针对部分信息场景,我们设计了近似比为$2$的近似算法。第二项目标致力于最大化吞吐量损失。我们证明了该问题具有NP难度,并在单跳网络中分别提出了具有乘性保证与加性保证的两种近似算法。进一步,我们研究了攻击者为最大化网络过载而选择劫持节点的最优策略。针对这一NP难题,我们提出了一种启发式多项式时间算法,并在特殊情况下证明了其最优性。通过在多种网络场景下的验证,所提算法均表现出接近最优的性能。研究结果表明,所提算法能准确量化给定任意被劫持节点集时的过载风险,并识别出应重点防护的关键节点以抵御路由攻击。