{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,6,19]],"date-time":"2025-06-19T04:35:38Z","timestamp":1750307738488,"version":"3.41.0"},"reference-count":30,"publisher":"Association for Computing Machinery (ACM)","issue":"3","license":[{"start":{"date-parts":[[2008,3,1]],"date-time":"2008-03-01T00:00:00Z","timestamp":1204329600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"funder":[{"DOI":"10.13039\/100000183","name":"Army Research Office","doi-asserted-by":"publisher","award":["W911NF-05-1-0270"],"award-info":[{"award-number":["W911NF-05-1-0270"]}],"id":[{"id":"10.13039\/100000183","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000144","name":"Division of Computer and Network Systems","doi-asserted-by":"publisher","award":["CNS-0524156CNS-0627382CAREER NSF-0643906"],"award-info":[{"award-number":["CNS-0524156CNS-0627382CAREER NSF-0643906"]}],"id":[{"id":"10.13039\/100000144","id-type":"DOI","asserted-by":"publisher"}]},{"DOI":"10.13039\/100000001","name":"National Science Foundation","doi-asserted-by":"publisher","award":["CNS-0524156CNS-0627382CAREER NSF-0643906"],"award-info":[{"award-number":["CNS-0524156CNS-0627382CAREER NSF-0643906"]}],"id":[{"id":"10.13039\/100000001","id-type":"DOI","asserted-by":"publisher"}]}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Inf. Syst. Secur."],"published-print":{"date-parts":[[2008,3,15]]},"abstract":"<jats:p>Overlay multicast networks are used by service providers to distribute contents such as Web pages, static and streaming multimedia data, or security updates to a large number of users. However, such networks are extremely vulnerable to message-dropping attacks by malicious or selfish nodes that intentionally drop the packets they are required to forward to others. It is difficult to detect such attacks both efficiently and effectively and to further identify the attackers, especially when members in the overlay switch between online\/offline statuses frequently. In this article, we consider various attacking strategies of an attacker and propose an optimal sampling-based scheme to detect such attacks in the overlay network. We analyze the detection problem from a game-theoretical viewpoint and show that our scheme outperforms a random sampling-based scheme in terms of detection rate. In addition, based on a reputation system, we propose a sampling-based path-resolving scheme to identify compromised or selfish nodes. Unlike other existing approaches, our schemes do not assume global knowledge of the overlay hierarchy and work for dynamic overlay networks as well. Extensive analysis and simulation results show that besides being band width efficient, our schemes have high detection and identification rates and low false-positive rates.<\/jats:p>","DOI":"10.1145\/1341731.1341736","type":"journal-article","created":{"date-parts":[[2008,3,25]],"date-time":"2008-03-25T14:01:40Z","timestamp":1206453700000},"page":"1-30","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":16,"title":["Message Dropping Attacks in Overlay Networks"],"prefix":"10.1145","volume":"11","author":[{"given":"Liang","family":"Xie","sequence":"first","affiliation":[{"name":"The Pennsylvania State University"}]},{"given":"Sencun","family":"Zhu","sequence":"additional","affiliation":[{"name":"The Pennsylvania State University"}]}],"member":"320","published-online":{"date-parts":[[2008,3]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1109\/35.587716"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/502034.502048"},{"key":"e_1_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1145\/633025.633045"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/885651.781041"},{"key":"e_1_2_1_5_1","doi-asserted-by":"crossref","unstructured":"Blaze M. Feigenbaum J. Ioannidis J. and Keromytis A. 1999. RFC2704---The KeyNote Trust Management System Version 2. Blaze M. Feigenbaum J. Ioannidis J. and Keromytis A. 1999. RFC2704---The KeyNote Trust Management System Version 2.","DOI":"10.17487\/rfc2704"},{"volume-title":"Proceedings of IEEE Conference on Security and Privacy.","author":"Blaze M.","key":"e_1_2_1_6_1"},{"volume-title":"Proceedings of 2nd Workshop of Economics of P2P Systems.","author":"Buchegger S.","key":"e_1_2_1_7_1"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/383059.383064"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1145\/339331.339337"},{"key":"e_1_2_1_10_1","unstructured":"CSIM. Web site at www.mesquite.com. CSIM . Web site at www.mesquite.com."},{"volume-title":"Proceedings of the International Conference on Information Systemts (ICIS'00)","year":"2000","author":"Dellarocas C.","key":"e_1_2_1_11_1"},{"volume-title":"Proceedings of the International Conference on Dependable Systems and Networks (DSN'05)","author":"Drabkin V.","key":"e_1_2_1_12_1"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/1029102.1029115"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/1015467.1015488"},{"volume-title":"Proceedings of the 4th USENIX Symposium on Operating System Design and Implementation. 197--212","year":"2000","author":"Jannotti J.","key":"e_1_2_1_15_1"},{"key":"e_1_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICDCS.2005.70"},{"volume-title":"Proceedings of IEEE Conference on Security and Privacy.","author":"Li N.","key":"e_1_2_1_17_1"},{"key":"e_1_2_1_18_1","first-page":"1318","article-title":"Impact of simple cheating in application-level multicast","volume":"2","author":"Mathy L.","year":"2004","journal-title":"Proceedings of the Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM)"},{"volume-title":"2nd Workshop on Economics of Peer-to-Peer Systems.","author":"Ngan T.","key":"e_1_2_1_19_1"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1145\/507670.507695"},{"key":"e_1_2_1_21_1","unstructured":"Palter D. Sept. 2002. Multicast fan-out saves bandwidth. Network World. Palter D. Sept. 2002. Multicast fan-out saves bandwidth. Network World ."},{"volume-title":"Proceedings of the 3rd USENIX Symposium on Internet Technologies and Systems.","author":"Pendarakis D.","key":"e_1_2_1_22_1"},{"key":"e_1_2_1_23_1","unstructured":"Reiher J. and Popek G. 2004. Resilient self-organizing overlay networks for security update delivery. IEEE J. Selec. Areas Comm. Reiher J. and Popek G. 2004. Resilient self-organizing overlay networks for security update delivery. IEEE J. Selec. Areas Comm."},{"volume-title":"Proceedings of the 1st Symposium on Networked Systems Design and Implementation (NSDI'04)","author":"Sabramanian L.","key":"e_1_2_1_24_1"},{"key":"e_1_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSE.2003.1199073"},{"volume-title":"Proceedings of IEEE Symposium on Security and Privacy. 258--270","author":"Song D.","key":"e_1_2_1_26_1"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/352600.352605"},{"volume-title":"Proceedings of the 2004 International Conference on Dependable Systems and Networks (DSN'04)","author":"Yang H.","key":"e_1_2_1_28_1"},{"volume-title":"Proceedings of the Annual Joint Conference of the IEEE Computer and Communication Societies (INFOCOM). 1366--1375","author":"Zhang B.","key":"e_1_2_1_29_1"},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1007\/11496137_4"}],"container-title":["ACM Transactions on Information and System Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341731.1341736","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/1341731.1341736","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T13:38:54Z","timestamp":1750253934000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/1341731.1341736"}},"subtitle":["Attack Detection and Attacker Identification"],"short-title":[],"issued":{"date-parts":[[2008,3]]},"references-count":30,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2008,3,15]]}},"alternative-id":["10.1145\/1341731.1341736"],"URL":"https:\/\/doi.org\/10.1145\/1341731.1341736","relation":{},"ISSN":["1094-9224","1557-7406"],"issn-type":[{"type":"print","value":"1094-9224"},{"type":"electronic","value":"1557-7406"}],"subject":[],"published":{"date-parts":[[2008,3]]},"assertion":[{"value":"2007-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2007-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2008-03-01","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}