The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.12 - Dec. (2012 vol.23)
pp: 2219-2230
Marcelo Duffles Donato Moreira , Universidade Federal do Rio de Janeiro (UFRJ), Rio de Janeiro
Rafael Pinaud Laufer , Bell Labs, Alcatel-Lucent, Holmdel
Pedro Braconnot Velloso , Universidade Federal Fluminense, Niteroi
Otto Carlos M.B. Duarte , Universidade Federal do Rio de Janeiro (UFRJ), Rio de Janeiro
ABSTRACT
The Bloom filter is a space-efficient data structure often employed in distributed applications to save bandwidth during data exchange. These savings, however, come at the cost of errors in the shared data, which are usually assumed low enough to not disrupt the application. We argue that this assumption does not hold in a more hostile environment, such as the Internet, where attackers can send a carefully crafted Bloom filter in order to break the application. In this paper, we propose the concatenated Bloom filter (CBF), a robust Bloom filter that prevents the attacker from interfering on the shared information, protecting the application data while still providing space efficiency. Instead of using a single large filter, the CBF concatenates small subfilters to improve both the filter robustness and capacity. We propose three CBF variants and provide analytical results that show the efficacy of the CBF for different scenarios. We also evaluate the performance of our filter in an IP traceback application and simulation results confirm the effectiveness of the proposed mechanism in the face of attackers.
INDEX TERMS
Robustness, Filters, Radiation detectors, Error analysis, Servers, Probability, Network security, Distributed processing, IP traceback, Bloom filters, distributed applications, security
CITATION
Marcelo Duffles Donato Moreira, Rafael Pinaud Laufer, Pedro Braconnot Velloso, Otto Carlos M.B. Duarte, "Capacity and Robustness Tradeoffs in Bloom Filters for Distributed Applications", IEEE Transactions on Parallel & Distributed Systems, vol.23, no. 12, pp. 2219-2230, Dec. 2012, doi:10.1109/TPDS.2012.87
REFERENCES
[1] Y. Hua, Y. Zhu, H. Jiang, D. Feng, and L. Tian, "Supporting Scalable and Adaptive Metadata Management in Ultralarge-Scale File Systems," IEEE Trans. Parallel and Distributed Systems, vol. 22, no. 4, pp. 580-593, Apr. 2011.
[2] A.C. Viana, M.D. Amorim, Y. Viniotis, S. Fdida, and J.F. de Rezende, "Twins: A Dual Addressing Space Representation for Self-Organizing Networks," IEEE Trans. Parallel and Distributed Systems, vol. 17, no. 12, pp. 1468-1481, Dec. 2006.
[3] I.M. Moraes and O.C.M.B. Duarte, "A Lifetime-Based Peer Selection Mechanism for Peer-to-Peer Video-on-Demand Systems," Proc. IEEE Int'l Conf. Comm. (ICC '10), May 2010.
[4] L. Fan, P. Cao, J. Almeida, and A.Z. Broder, "Summary Cache: A Scalable Wide-Area Web Cache Sharing Protocol," IEEE/ACM Trans. Networking, vol. 8, no. 3, pp. 281-293, June 2000.
[5] A. Broder and M. Mitzenmacher, "Network Applications of Bloom Filters: A Survey," Internet Math., vol. 1, no. 4, pp. 485-509, 2003.
[6] S. Tarkoma, C.E. Rothenberg, and E. Lagerspetz, "Theory and Practice of Bloom Filters for Distributed Systems," IEEE Comm. Surveys and Tutorials, vol. 14, no. 1, pp. 131-155, first quarter 2012.
[7] K. Christensen, A. Roginsky, and M. Jimeno, "A New Analysis of the False Positive Rate of a Bloom Filter," Information Processing Letters, vol. 110, no. 21, pp. 944-949, 2010.
[8] R.P. Laufer, P.B. Velloso, and O.C.M.B. Duarte, "A Generalized Bloom Filter to Secure Distributed Network Applications," Computer Networks, vol. 55, no. 8, pp. 1804-1819, 2011.
[9] B. Donnet, B. Baynat, and T. Friedman, "Retouched Bloom Filters: Allowing Networked Applications to Trade off Selected False Positives against False Negative," Proc. ACM CoNEXT Conf. (CoNEXT '06), Dec. 2006.
[10] D. Guo, J. Wu, H. Chen, Y. Yuan, and X. Luo, "The Dynamic Bloom Filters," IEEE Trans. Knowledge and Data Eng., vol. 22, no. 1, pp. 120-133, Jan. 2010.
[11] F. Hao, M. Kodialam, and T.V. Lakshman, "Incremental Bloom Filters," Proc. IEEE INFOCOM '08, Apr. 2008.
[12] F. Deng and D. Rafiei, "Approximately Detecting Duplicates for Streaming Data Using Stable Bloom Filters," Proc. ACM SIGMOD Int'l Conf. Management of Data (SIGMOD '06), 2006.
[13] S. Savage, D. Wetherall, A. Karlin, and T. Anderson, "Network Support for IP Traceback," IEEE/ACM Trans. Networking, vol. 9, no. 3, pp. 226-237, June 2001.
[14] Y. Xiang, W. Zhou, and M. Guo, "Flexible Deterministic Packet Marking: An IP Traceback System to Find the Real Source of Attacks," IEEE Trans. Parallel and Distributed Systems, vol. 20, no. 4, pp. 567-580, Apr. 2009.
[15] R.P. Laufer, P.B. Velloso, D. de O. Cunha, I.M. Moraes, M.D.D. Bicudo, M.D.D. Moreira, and O.C.M.B. Duarte, "Towards Stateless Single-Packet IP Traceback," Proc. 32nd IEEE Conf. Local Computer Networks (LCN '07), 2007.
[16] D. Magoni and J.-J. Pansiot, "Internet Topology Modeler Based on Map Sampling," Proc. IEEE Seventh Int'l Symp. Computers and Comm. (ISCC '02), p. 1021, July 2002.
[17] P. Mahadevan, D. Krioukov, M. Fomenkov, X. Dimitropoulos, K.C. Claffy, and A. Vahdat, "The Internet AS-Level Topology: Three Data Sources and One Definitive Metric," ACM SIGCOMM Computer Comm. Rev., vol. 36, no. 1, pp. 17-26, 2006.
[18] B. Xiao and Y. Hua, "Using Parallel Bloom Filters for Multiattribute Representation on Network Services," IEEE Trans. Parallel and Distributed Systems, vol. 21, no. 1, pp. 20-32, Jan. 2010.
[19] Y. Qiao, T. Li, and S. Chen, "One Memory Access Bloom Filters and Their Generalization," Proc. IEEE INFOCOM '11, Apr. 2011.
31 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool