See discussions, stats, and author profiles for this publication at: https://www.researchgate.

net/publication/290582106

Magic Train: Design of Measurement Methods Against Bandwidth Inflation

Attacks

Article  in  IEEE Transactions on Dependable and Secure Computing · December 2015

DOI: 10.1109/TDSC.2015.2509984

CITATIONS READS
2 187

5 authors, including:

Peng Zhou Rocky K. C. Chang

Shanghai University The Hong Kong Polytechnic University
14 PUBLICATIONS   189 CITATIONS    97 PUBLICATIONS   1,838 CITATIONS   

SEE PROFILE SEE PROFILE

Minrui Fei
Shanghai University
453 PUBLICATIONS   2,577 CITATIONS   

SEE PROFILE

Some of the authors of this publication are also working on these related projects:

RFieldbus Project View project

stability and control for microgrid control system View project

All content following this page was uploaded by Peng Zhou on 16 January 2016.

The user has requested enhancement of the downloaded file.

 1

Magic Train: Design of Measurement Methods

Against Bandwidth Inflation Attacks
Peng Zhou, Rocky K. C. Chang, Xiaojing Gu, Minrui Fei and Jianying Zhou

Abstract—Bandwidth measurement is important for many network applications and services, such as peer-to-peer networks, video
caching and anonymity services. To win a bandwidth-based competition for some malicious purpose, adversarial Internet hosts may
falsely announce a larger network bandwidth. Some preliminary solutions have been proposed to this problem. They can either evade
the bandwidth inflation by a consensus view (i.e., opportunistic bandwidth measurements) or detect bandwidth frauds via forgeable
tricks (i.e., detection through bandwidth’s CDF symmetry). However, smart adversaries can easily remove the forgeable tricks and
report an equally larger bandwidth to avoid the consensus analyses. To defend against the smart bandwidth inflation frauds, we
design magic train, a new measurement method which combines an unpredictable packet train with estimated round-trip time (RTT) for
detection. The inflation behaviors can be detected through highly contradictory bandwidth results calculated using different magic trains
or a train’s different segments, or large deviation between the estimated RTT and the RTT reported by the train’s first packet. Being an
uncooperative measurement method, magic train can be easily deployed on the Internet. We have implemented the magic train using
RAW socket and LibPcap, and evaluated the implementation in a controlled testbed and the Internet. The results have successfully
confirmed the effectiveness of magic train in detecting and preventing smart bandwidth inflation attacks.

Index Terms—Network measurement, network security, packet train.

1 I NTRODUCTION bandwidth to others. With such attack, adversarial peers in

peer-to-peer file sharing networks can induce more traffic
Many measurement methods have been proposed to monitor
from other peers by reporting to others an inflated bandwidth.
and measure the rich network properties for the Internet [1],
Moreover, the bandwidth inflation attack is very insidious. In
such as bandwidth [2] (or capacity [3]), latency [4], packet
many cases, it does not do direct harm to its victims. Instead,
loss and reordering rate [5]. These properties can well reflect
it is often used to increase the efficiency of other attacks.
the quality and dynamics of the Internet, and are therefore
For example, adversarial proxies in video caching systems can
important for network management and optimization. In this
pretend to have a larger bandwidth to receive more videos for
paper, we focus on the bandwidth measurement (we will
caching and later embed advertisements into these videos for
present the formal definition of bandwidth following the paper
profits or redirect more victim users to malicious videos [12].
[2] in Section 2), which is important for many network appli-
In onion routing systems, adversarial routers usually exploit
cations and services. For example, peer-to-peer file sharing
bandwidth inflation to enlarge the victim population under
networks usually deploy bandwidth based incentive mecha-
their correlation-like attacks [13], [14]. Recently, Biryukov
nisms to optimize their services [6]. The peers who contribute
et al have conducted a successful experiment to inflate the
more bandwidth can benefit more from other peers. Some
bandwidth from 4 Mbps to 50 Mbps in the Tor network, and
video caching systems also rely on bandwidth measurement
therefore can expose the hidden services through correlation-
to balance the loading among their video caching proxies [7].
like attacks more efficiently and with lower cost [15].
Moreover, Tor [8], which is perhaps the most popular onion
Design of bandwidth measurement methods against inflation
routing system, enables routers with higher bandwidth to serve
attacks, especially the attacks which can falsely enlarge the re-
more Internet users [9].
ported bandwidth beyond network paths’ physical constraints
Since many networking systems highly depend on band- (i.e., the capacity), is particularly challenging. On the one
width measurement for their services optimization and load hand, most of existing techniques employ a train of two (also
balancing [10], [11], false bandwidth reports could render known as packet pair) or more back-to-back packets for band-
these systems unreliable and vulnerable. A typical attack width measurement [3]. Adversarial hosts can simply delay
falling into this attacking category is bandwidth inflation the leading packet or rush the trailing one (provided that the
attack, by which adversarial hosts can falsely report a larger measurement packets’ a priori information, such as the number
of measurement packets and each packet’s sequence number,
Peng Zhou and Minrui Fei are with School of Mechatronic Engineering and Au-
tomation, Shanghai University, Shanghai 200072, China. E-mail: pzhou@shu.edu.cn, can be guessed in advance) to inflate the reported bandwidth
mrfei@staff.shu.edu.cn. to an arbitrary value [11]. The measurer (i.e., verifier) cannot
Rocky K. C. Chang is with Department of Computing, The Hong Kong Polytechnic
University, Hong Kong. E-mail: csrchang@comp.polyu.edu.hk. differentiate whether the observed round-trip delay has been
Xiaojing Gu is with School of Information Science and Engineering, East China Universi- maliciously tampered. In the experiments described in [16],
ty of Science and Technology, Shanghai 200237, China. E-mail: xjing.gu@ecust.edu.cn.
Jianying Zhou is with the Institute for Infocomm Research, Singapore 138632. E-mail:
the authors proposed to delay the first packet of a packet pair
jyzhou@i2r.a-star.edu.sg. with 120 µs in packet pair based measurement to falsely claim

a 10 Gbps bandwidth over a 100 Mbps physical link.
Although some secure measurement methods have been
proposed for the bandwidth attacking problems [10], [11], they
do not consider more sophisticated bandwidth attack method.
For example, an opportunistic bandwidth measurement method
[10] has been designed to secure P2P bandwidth evaluation
systems. This method considers that a target peer cannot cheat
all the measurement traffic with an equally larger bandwidth
report. This method therefore employs multiple peers to mea-
sure the same target and exclude false bandwidth reports
through a consensus analysis. However, if the adversaries
can identify measurement traffic (it is possible when the
measurement is performed using packet pair/train techniques),
they can increase bandwidth for all the measurement traffic
equally (and do not need to care where the traffic is sent
from) to prevent the consensus analysis. Moreover, the recently
proposed method in [11] can thwart naive bandwidth attackers
who run traffic shaping tools [17], [18], [19]. These shapers
indiscriminately filter out cross traffic’s interference in the
forward path, thus making it possible to detect the attack
based on the anomalous symmetry in the cumulative distri-
bution function (CDF) [11]. However, this kind of detection
cannot work well in the presence of heavy cross traffic load
which is also acknowledged by the authors themselves. It can
even be easily avoided by smart attackers who simply insert
asymmetric churns when shaping the traffic.
In this paper, we propose a new measurement method to
detect smart bandwidth inflation frauds. The basic idea is to
design an unpredictable, yet long enough, packet train (we
call it magic train) for detection. Since the train is designed
with unpredictable elements, adversarial hosts cannot have a
priori knowledge about the measurement packets and therefore
cannot regularly delay or correctly rush trains’ packets on the
fly. Irregular delays can make the bandwidth results computed
based on different trains or a train’s different successive
packets highly contradictive, and rushing an incorrect packet
can immediately reveal a dishonest behavior. By this design,
even the smart attackers can avoid consensus analyses by
inflating the bandwidth to an equally larger value [10] and
evade forgeable trick detections [11] by mimicking normal
network conditions, they cannot escape from our magic train
detection due to the lack of a priori measurement knowledge.
Careful readers may notice that, smart adversaries may still
be able to evade the aforementioned detection method, since
they can receive and store the entire train first and then inflate
the bandwidth by responding the train with regularly shrinked
inter-packet delays later. To address this posterior attack, we
generate a long enough magic train (e.g., consisting of tens
of packets in case of a 10 Mbps bandwidth link). This design
will cause the round-trip time (RTT) reported by the train’s
first packet to deviate significantly from the actual RTT if
adversarial hosts receive all the train’s packets before echoing
them. To further prevent smart adversaries from faking a
larger RTT by simply delaying RTT measurement packets, we
propose a suite of RTT estimation algorithms to approximate
the actual RTTs from nearby routers, subnet neighbors and
the hosts from the same country/ISP. We also propose a new
magic delay algorithm to measure the bottleneck bandwidth
2
(i.e., capacity) by mitigating the cross traffic’s influence.
To sum up, we have made three major contributions in this
paper.
1) We have designed a novel magic train to secure band-
width measurements against bandwidth inflation attacks,
by which the bandwidth can be inflated to an arbitrary
value and forgeable tricks can be mimicked. We have
also designed a magic delay algorithm to secure capacity
measurement.
2) We have conducted a comprehensive study to understand
advanced bandwidth inflation attacking variants and pro-
posed solutions to detect or prevent them. Our solution-
s exploit magic trains’ unpredictable characteristics to
thwart even smart bandwidth inflation frauds.
3) We have implemented the magic train using RAW socket
[20] and LibPcap [21], and conducted extensive experi-
ments in a controlled testbed and the Internet. The ex-
perimental results successfully confirm the effectiveness
of our design.
The reminder of this paper is organized as follows. We first
provide the background on bandwidth measurement in Section
2, and then present an overview in Section 3. The detailed
design of magic train, and the implementation and evaluation
are given in Section 4 and Section 5, respectively. After the
discussions in Section 6 and a literature review in Section 7,
we conclude the paper in Section 8.
2 BACKGROUND
Network bandwidth is defined as a data transfer speed over
a network path and can be measured in terms of bit-rate or
expressed in bits per second (i.e., bps) [22]. The bandwidth of
a network path is determined by the available data processing
and transmission capacity of each network device on the path.
Similar to many other network metrics, the bandwidth can be
determined by some active measurement method. However,
to win a bandwidth-based competition for some malicious
purpose, an adversarial measured host is likely to inflate
the bandwidth. To tackle this problem, secure bandwidth
measurement is becoming a very important research topic.
In this section, we first give an in-depth analysis of band-
width measurement in Section 2.1. We then present bandwidth
inflation attacks in Section 2.2 and review state-of-the-art anti-
attack solutions in Section 2.3.
2.1 Bandwidth Measurement
A common approach to bandwidth measurement is to send
back-to-back packets at one end of a network path and estimate
bandwidth based on the inter-packet dispersion [2]. Moreover,
practical bandwidth measurement methods [23], [24], [25],
[26], [27] are usually performed only at one end of the
path and the other end simply responds to the probes (i.e.,
uncooperative measurement). That is, only one network host
deploys and runs the measurement methods to exchange a pair
or a train of round-trip packets (i.e., packet pair or packet train)
with a remote host. In this paper, we follow the paper [11] to
regard the host which actively launches the measurement as a
verifier and the remote host as a prover.
 3

2.1.1 Downlink and Uplink Bandwidth
Using round-trip packet pairs or packet trains, a verifier can
measure the bandwidth of both the network paths to and
from a remote prover. From a verifier’s point of view, the
bandwidth of the network path from the verifier to the prover
the corresponding bandwidth result as bottleneck bandwidth or
capacity. Figures 2(a) and 2(b) show the downlink and uplink
bottleneck bandwidth results, respectively.
Verifier Bottleneck Prover Verifier Bottleneck Prover

time
time
(i.e., forward path) is downlink bandwidth, and the bandwidth
of the reversed path is uplink bandwidth. To measure the ΔtB
downlink bandwidth, a typical method [25] requires to send a
Δt Δt=ΔtB ΔtB
pair of back-to-back data packets (i.e., packets with payload) Δt
from a verifier to a prover. Each data packet could trigger Δt=ΔtB
an empty packet (i.e., packet without payload) back. The
verifier can then measure the time dispersion between the two (a) Downlink. (b) Uplink.
returned empty packets (i.e., ∆t in Figure 1(a)). Since this Fig. 2: Bottleneck bandwidth (i.e., capacity).
dispersion is caused by the downlink limitation, the downlink
However, the cross traffic’s impacts cannot be totally avoid-
bandwidth can be calculated using Eqn. (1). This measurement
ed in practice. Cross traffic can cause a measurement packet
is based on an assumption that the uplink cannot further
being queued for a random period of time (i.e., queuing delay)
enlarge the dispersion due to empty packets’ transmission.
before being transmitted [3], hence making the observed ∆t
This assumption is practical for today’s Internet. Even in the
not equal to the dispersion resulted by the bottleneck (∆tB
most popular asymmetric lines ADSL++ [28], the downlink
in Figure 3). Therefore, those measurement packets cannot
bandwidth rarely exceeds 10 times of the uplink bandwidth.
correctly report the bottleneck bandwidth. Instead, they reflect
For example, a full payload TCP packet’s size (1, 500 bytes)
the remaining bandwidth available for this measurement flow
is up to 37.5 times than the size of empty TCP packet (e.g.,
[3], which is commonly referred to as available bandwidth.
ACK or RST packets are 40 bytes).
size of a data packet Verifier Bottleneck Prover Verifier Bottleneck Prover
bandwidth = . (1)

time
time

∆t
ΔtB ĸ

On the other hand, measuring an uplink bandwidth requires

the verifier to send a trigger packet to the prover, inducing a Queuing ķ
delay Queuing ķ
delay ΔtB
pair of back-to-back data packets back [25]. Similar to the last Δt≠ΔtB Ĺ

Δt Δt
case, the verifier can also measure the ∆t and use Eqn. (1) to ĺ ĸ
Δt≠ΔtB
calculate the uplink bandwidth.
(a) Downlink. (b) Uplink.
Verifier Prover Verifier Prover Fig. 3: Bandwidth measurement affected by cross traffic.
Trigg
time

time

Data er Pa
pack
et
cket cke
y Pa pa
Δt Empt Δt
D ata
(a) Downlink. (b) Uplink.
Fig. 1: Bandwidth measurement using a packet pair.
2.1.2 Bottleneck Bandwidth and Cross Traffic
In bandwidth measurement, all the network devices over the
network path (including the verifier and prover) can affect
the result. These network devices have different data trans-
mission and processing capacity. The transmission capacity is
bounded only by the device’s physical constraint, whereas the
data processing capacity available for handling measurement
packets can be influenced by the traffic from other network
applications (i.e., cross traffic) [3]. Given a network device,
the transmission capacity is a constant, but the available data
processing capacity is a random variant over time. If we do not
consider the cross traffic’s impacts, the bandwidth of a network
path is determined by the device which has the minimum data
transmission and processing capacity on this path. We call
this device a bottleneck (or the narrowest link) in the path, and
cket To mitigate cross traffic’s impacts on the bottleneck band-
width measurement, a number of algorithms have been pro-
t posed [29], [30], [31], [32], [33], [34], [35]. Among them,
a minimum delay difference (MDDIF) algorithm [35] is the
state-of-the-art technique. Its basic idea is to exchange a
large number of packet pair samples and use the minimal
round-trip delay of packets from different packet pair samples
for the bottleneck bandwidth calculation. Since the cross
traffic could introduce queuing delay to measurement packets,
the packet with minimal round-trip delay is the one that is
most likely suffering the least impacts from cross traffic. By
extending the MDDIF algorithm, we propose a new magic
delay algorithm that can measure the bottleneck bandwidth
even in the condition of heavy cross traffic.
2.2 Bandwidth Inflation Attacks
In an adversary networking environment for downlink band-
width measurement, a dishonest prover can maliciously shrink
the packet-pair dispersion (i.e., the ∆t in Figure 2(a)) on his
side, hence falsifying a larger bandwidth to a victim verifier.
We call it bandwidth inflation attack. To launch this attack,
the adversary must have a priori knowledge of measurement
packet information. As shown in Figure 4, if an adversarial
prover has the knowledge that the measurement is based on

two packets, the bandwidth result can be inflated by either
delaying the first packet (Figure 4(a)), or rushing the second
packet (Figure 4(b)), provided that the packet’s sequencing
information (e.g., TCP sequence number) is known beforehand
too. This attack can also be used to falsely enlarge the
bandwidth result measured by predictable packet trains which
consist of more than two packets. Moreover, even if the
adversary does not have a priori information, she can still
launch a posterior attack to inflate the bandwidth result by
receiving all the packets before starting to respond.
Verifier Prover Verifier Prover
time
time
Delay
Δt Δt` Δt
Δt`
Δt`<Δt Δt`<Δt
(a) Delay former packet. (b) Rush latter packet.
Fig. 4: Bandwidth inflation attacks.
In contrast to the downlink bandwidth measurement, the
uplink one cannot be inflated by an adversarial prover, because
the bottleneck is located behind the prover in the measurement
path (see Figure 2(b)). Although the network devices located
behind the bottleneck can still launch an uplink bandwidth
inflation attack, compared to the prover, those intermediary
devices have much less incentives to cheat the verifier (since
they usually cannot benefit from this attack). Even when this
impractical attack is launched, the magic train, after a slight
modification, can still detect it. This modification is given
in Appendix D.2 in [36]. Moreover, some network software
running at the prover may limit their bandwidth in the applica-
tion layer. Those software can assign limited bandwidth only
to business traffic while cheating measurement traffic with
normal bandwidth. However, this inflation cheating can be
simply avoided by the opportunistic bandwidth measurement
method [10].
In this paper, our focus is to design a novel measurement
method against the downlink bandwidth inflation attack (Fig-
ure 4). Based on the aforementioned discussions, this attack
is highly possible and practical. In the rest of this paper, we
will use the term bandwidth inflation to refer to the downlink
bandwidth inflation.
2.3 State-of-the-art Anti-inflation Solutions
Detecting the bandwidth inflation attack is very challenging,
because it is quite difficult for a verifier to distinguish whether
an observed dispersion (i.e., ∆t) is caused by legitimate
transmission and queuing delays or maliciously adjusted by a
prover. Due to this difficulty, securing bandwidth measurement
is still an open research problem [37]. To our best knowledge,
only a few preliminary solutions exist. The first one is an
opportunistic/consensus bandwidth measurement method [10]
that was proposed for securing bandwidth measurements in
P2P systems. Such method can work well under four con-
ditions: the bottleneck must be located near the prover, the
reported bandwidth cannot be increased beyond the physical
4
constraint (i.e., the inflated bandwidth value should not be
larger than the capacity), the measurement traffic is difficult
to identify, and reporting an equally inflated bandwidth to all
the other peers at the same time is nearly impossible. When
these four conditions hold, the opportunistic bandwidth mea-
surement method can employ multiple peers to measure the
bandwidth of the same target and detect bandwidth cheating
using a consensus analysis. However, when the bandwidth is
measured by packet pairs or fixed-length packet trains, smart
adversaries can increase the reported bandwidth beyond the
capacity (e.g., by delaying the first packet of a packet pair to
approach the second one) and have the chance to differentiate
which traffic is the packet pair/train traffic (e.g., by checking
whether a pair/batch of received request packets are protocol
redundant/incompatible or contain padding/useless contents in
the application layer). The smart adversaries can therefore
Rush
evade the detection of consensus bandwidth measurements by
simply inflating the bandwidth to an equally larger value to all
the packet pair/train measurement traffic, and do not need to
care about where these packet pairs/trains are sent from. Our
magic train is designed specifically for the smart adversarial
case where the packet pair/train measurement traffic can be
distinguished and the bandwidth can be increased beyond
the capacity. Unlike the consensus measurement method [10]
which detects limited bandwidth cheating from multiple ver-
ifiers in an opportunistic manner, our magic train can detect
even the smart and arbitrary bandwidth inflation using a single
measurer with unpredictable measurement tactics (e.g., the
length of packet train and the identity of each packet are
unpredictable), and moreover can work well regardless of
whether the bottleneck is located close to the prover.
The second solution that can be used to defeat bandwidth
inflation attacks is proposed in [11]. This method is originally
designed to detect bandwidth deflation, since it assumes the
adversarial prover shapes a much larger dispersion than that
caused by the bottleneck (i.e., ∆t0  ∆tB ). But we believe it
can also address the bandwidth inflation attacks to some extent,
as its detection is based on anomalously symmetric statistics
of a large number of observed round-trip dispersion samples.
Adversarial provers could cause this anomalous symmetry, be-
cause they indiscriminately filter out cross traffic’s interference
in the path from the bottleneck to the prover (e.g., they remove
queuing delays ­ and ® in Figure 3(a) and especially the
queuing delay of the second packet caused by the bottleneck
[11]). However, this detection trick is forgeable and cannot
be used to detect bottleneck bandwidth inflation. Unlike [11],
we design new detection solutions in this paper to address
the fundamental problem: adversarial provers have a priori
knowledge about the measurement packets (i.e., knowing the
measurement tactics), hence being able to report an arbitrarily
larger bandwidth result by scheduling the packets delay and
rushing in advance. Our new method employs an unpredictable
packet train to remove adversaries’ a priori knowledge of mea-
surement tactics. Measured by our method, adversarial provers
can only blindly delay or rush measurement packets before
they receive all these packets. Either delaying and rushing
packets in a blind manner or receiving a long packet train
without immediate responses can result in various unforgeable

anomalies for detection.
In the literature, another solution against bandwidth attacks
is to seek assistances from trustworthy network routers and
switches [38]. The trustworthiness can be calculated via typical
trust management approaches such as [39]. Using this solution,
the verifier needs to control trustworthy devices through an
OpenFlow protocol [40]. Such requirement, however, renders
such solution impractical for arbitrary network path measure-
ment. In contrast to [38], our method does not require the
verifier to control any additional network devices other than
her own host.
3 OVERVIEW
In this section, we present a high-level overview of the magic
train. We first set up design goals in Section 3.1. We then
prescribe a system model for the design of magic train in
Section 3.2. We finally elaborate on the adversary models in
Section 3.3. We have summarized the main notations used in
this paper in Appendix A in [36].
3.1 Design Goals
To effectively detect bandwidth inflation attacks, our magic
train should have the following properties.
1) Unpredictability: The magic train should be designed
with unpredictable elements to prevent adversarial prover-
s from regularly delaying and/or correctly rushing mea-
surement packets on the fly.
2) Posterior large delay capability: The length of the
magic train should be long enough, so that the resulted
long delay will prevent the adversarial provers from
receiving all the measurement packets before responding.
3) Round-trip linkability: The magic train’s packets should
be round-trip linkable (i.e., each request packet can be
linked to its corresponding response packet), so that the
verifier can detect packet loss and reordering events.
4) Stability: A magic delay algorithm should mitigate the
cross traffic’s impacts on the magic train. As a result,
the packet train is still stable in the midst of heavy cross
traffic. It can also facilitate the measurement of bottleneck
bandwidth (i.e., capacity).
The four goals are used to make the magic train effective in
detecting bandwidth/capacity inflation.
3.2 System Model
We model a bandwidth measurement as a black-box testing
process [41]. A verifier is the tester who considers a remote
prover and the Internet paths connected to this prover as a
black box. The verifier generates a sequence of back-to-back
data packets (e.g., a packet train) as input to the black box and
observe those packets’ round-trip responses (empty packets)
as output from the box. The bandwidth result reported by this
measurement can be calculated using the timing information
of those observed round-trip packets.
Let P = {(pi , qi )|i = 1, 2, . . . , N } be a round-trip packet
train which consists of N round-trip packets. A round-trip
packet combines a request data packet pi and a corresponding
5
response packet qi which is an empty packet. Let |pi | be the
size of the data packet pi . Let ti be the packet pi ’s round-
trip time. ti is the time period between the time of sending
pi and the time of receiving qi . Let ∆tij be the inter-packet
dispersion between two consecutive response packets qi and
qj . Then we have ∆tij =tj − ti . The downlink bandwidth can
be computed using any group of successive round-trip packets
in P . Let bij be the downlink bandwidth measured using
round-trip packets (pi , qi ), (pi+1 , qi+1 ), . . . , (pj , qj ), and the
bandwidth is calculated as:
Pj
|pk |
bij = k=i+1 . (2)
∆tij
Figure 5 shows an example of the black-box measurement
model. In this example, the verifier uses three round-trip
packets (i.e., N = 3) to measure the downlink bandwidth.
Black-box
Verifier Prover
Input Internet
Output
Δt31
t3
t2
Δt32
t1 Δt21
Verifier
q1
q2
q3
p1
p3
p2
time
Prover
Fig. 5: An example of bandwidth measurement model.
3.3 Threat Model
In our magic train design, we consider a more powerful
adversary than before: the smart adversaries can discover the
packet pair/train measurement traffic and can increase the
bandwidth to an arbitrary value (for example, larger than the
capacity). Discovering the packet pair/train traffic is possible,
because the packet pairs/trains used for measurement are usu-
ally distinguishable for their protocol redundant/incompatible
or padding/useless contents in the application layer. Increasing
the bandwidth to an arbitrary value is possible too, because
the adversary can make two consecutive measurement packets
arbitrarily close. Moreover, we assume that the adversaries
have additional capabilities as described below.
Adversarial prover: The adversary can control only his/her
own host (i.e., the prover) for launching bandwidth inflation
attacks. Other network devices (e.g., routers and switches)
in the network paths between the verifier and the prover are
benign. This assumption is practical, because network routers
and switches are monitored by the Internet service providers.
Compared to the adversary’s own host, those devices are much
more difficult to compromise. Nevertheless, our magic train
can be extended to cover the adversary model where one or
more network devices are compromised. We will discuss this
variant in Appendix D.2 in [36].
A priori delay and rush: The adversarial prover can delay
and rush response packets on the fly. If the adversary has
a priori knowledge of the round-trip packet train (e.g., the
sequencing information of pi and qi in P and the length of

P ) in advance, she can arbitrarily report an inflated bandwidth
result to the verifier by delaying or rushing response packets
on her end.
Posterior delay and rush: The adversary can receive all the
request packets before responding even if a priori knowledge
of the round-trip packet train is unavailable. After receiving
all the request packets, the adversary can arbitrarily schedule
the response packets and thus can inflate the bandwidth result
to an arbitrary value. One concern of this capability is how
the adversary can confirm that all the request packets have
been completely received. We can assume the adversary can
calculate an average dispersion (i.e., average ∆tij ) using the
packets that have been readily received, and wait several
times of this average dispersion for the next request packet. If
no additional packets coming within this waiting period, the
adversary regards that the entire packet train has been received.
Network condition mimicking: The adversary is smart e-
nough to mimic any forgeable network conditions. For ex-
ample, the adversary can insert random churns when he
delays or rushes the response packets, hence mimicking the
queuing delay caused by cross traffic. The adversary can
also purposely drop or reorder the response packets. Those
mimicking behaviors can be used to hide bandwidth inflation
frauds under normal network phenomena and attempt to defeat
naive bandwidth inflation detection methods.
4 D ESIGN
This section presents the design of magic train for detecting
and preventing bandwidth inflation attacks. This train is de-
signed unpredictable by the prover (Section 4.1), long enough
to prevent posterior adversaries (Section 4.2) and round-trip
linkable by the verifier (Section 4.3). After those sections, we
further extend the train using a magic delay algorithm and
thus make the train robust and capable of securing capacity
measurement in Section 4.4.
4.1 Unpredictable Train
In general, the magic train is designed as a TCP packet train
with an unpredictable length (i.e., the length is a random
value and cannot be known by the prover in advance). By
this design, the only way an adversarial prover can obtain
the length is blind guess. As a result, the adversary cannot
accurately control the bandwidth report by delaying or rushing
the response packets on the fly. Those unsupervised delaying
and rushing behaviors can be detected due to either highly
contradictory bandwidth results reported by different magic
trains or nonexistent response packets.
Given a magic train P = {(pi , qi )|i = 1, 2, . . . , N }, the
verifier can randomly generate the train’s length Ň ≤ N ≤ N̂ ,
where Ň is the smallest candidate value of the length and N̂
is the largest one. Let P r[N ] be the probability that the value
N is selected as the magic train’s length. Therefore,
1
P r[N ] = . (3)
N̂ − Ň
Using a magic train P to measure the bandwidth, the
verifier can calculate the bandwidth result b(P ) using Eqn.
6
(4). |pi | is the size of request data packet pi . Without los-
ing generality, we can generate the magic train with equal
PN request data packets (i.e., ∀pi ∈ P, |pi | = |p|). Thus
sized
i=2 |pi | = (N − 1)|p|. ∆t1N = tN − t1 represents the
dispersion between the first response packet q1 and the last one
qN . If we do not consider the queuing delay induced by cross
traffic, the dispersions between any two successive response
packets are equal. Let ∆t be this equal dispersion, yielding
∆t1N = (N − 1)∆t. Note that the prover can obtain ∆t on
his side.
PN
|pi | (N − 1)|p| (N − 1)|p| |p|
b(P ) = i=2 = ' = (4)
∆t1N ∆t1N (N − 1)∆t ∆t
In order to inflate b(P ) by delaying or rushing the response
packets on the fly, the adversarial prover should correctly guess
the random length N of the magic train P in advance. Other-
wise, they cannot enlarge b(P ) to their expected value without
being detected. We note that the adversary can guess multiple
times until the sum of guessing values are equal to or larger
than N . Let G1 be the first guessed length. If G1 < N , we
consider that the adversary can realize the incorrect guessing
after receiving the request packet pG1 +1 . The adversary can
then make a second guess to estimate the remaining length of
the magic train (at this time, the remaining length is N − G1 ).
The adversary can repeat guessing PKthe remaining length until
the K-th guess which satisfies k=1 Gk ≥ N , where Gk is
the guessedPremaining length in the k-th round guessing.
K
Let P r[ k=1 Gk = N |N ] be the probability that the
adversary can successfully guess N at the K-th guess. By
considering a powerful adversary who knows the selection
range of N (i.e., Ň and N̂ ) in advance, this probability is
given by
K
X
P r[ Gk = N |N ] =
k=1
1 (5)
K=1
(
N̂ −Ň
N − k−1
P
i=1 Gi
N −Ň
QK−1
P1 · · K > 1.
N̂ − K−1
k=1 Gk N̂ −Ň k=2 N̂ −Pk−1 Gi
i=1
Proof. The proof is given in Appendix B in [36].
As can be Pseen, a larger N̂ and a smaller Ň can result
K
a lower P r[ k=1 Gk = N |N ]. This probability can be
either reduced at an exponential rate when we use more than
one magic train for measurement, or become much lower
for practical adversaries who usually do not have a priori
knowledge of Ň and N̂ . Moreover, if the adversary cannot
guess the correct value of N the first time (i.e., G1 6= N ),
we will show in the following subsections that the magic train
can detect such malicious behavior.
4.1.1 Detection of a priori delay attack
To inflate bandwidth result reported by a magic train P from
|p| |p|
b(P ) = ∆t to b0 (P ) = ∆t−d , the adversary can delay
response packets based on a group of guessed values (i.e.,
Gk , 1 ≤ k ≤ K) until he receives all the request packets.
We assume that |p| and ∆t are known by the adversary. To
eliminate abnormal dispersions between any two successive
response packets, we consider the adversary can regularly
 7

Pk−1
delay qi ’s with a time period (Gk − (i − j=1 Gj ))d based Otherwise, we accept E(b) as the actual network bandwidth.
Pk−1 Pk
We choose Hb > 0, because normal cross traffic could also
on Gk , where j=1 Gj ≤ i < j=1 Gj . With G1 , the
adversary can delay the i-th response packet qi with a time cause some slight variations in the bandwidth measurement
period (G1 − i)d, where 1 ≤ i ≤ G1 − 1. Theorem 1 states using multiple magic trains. We will evaluate the MMTD
that if G1 < N , the adversary cannot inflate the bandwidth to algorithm’s detection rates and false positives through exper-
her expected value. iments on a controlled testbed and the Internet in Section 5.
It is worth noting that even if our algorithm cannot achieve
Theorem 1. If G1 < N , an adversary can only inflate the 100% detection rate due to the choice of Hb and cross traffic’s
(N −1)|p|
bandwidth result to at most (N −1)∆t−(G 1 −1)d
. This value impacts, those undetected inflated results are still restricted to
|p|
is random and smaller than ∆t−d which is the adversary’s a value smaller than the adversary’s target (Theorem 1).
bandwidth target. Our MMTD algorithm, however, cannot detect a priori delay
attacks based on G1 ≥ N . The reason is that the adversarial
Proof. By guessing G1 , an adversary who performs a priori
prover will delay q1 by (G1 − 1)d and qN by (G1 − N )d.
delay attack will delay q1 with d1 = (G1 − 1)d. Since
The resulted dispersion ∆t1N = tN + (G1 − N )d − t1 −
G1 < N , the adversary will recognize her incorrect guess
(G1 − 1)d=(N − 1)(∆t − d) reach the adversary’s target
when receiving the G1 + 1-th request packet (i.e., pG1 +1 ). (N −1)|p| |p|
The adversary can keep guessing the remaining length until (N −1)(∆t−d) = ∆t−d . To address these a priori large delay
PK
K ≥ 1 times. If k=1 Gk ≤ N , the last response packet qN attacks, we should generate the magic train long enough (i.e.,
will not be delayed. Then the observed ∆tN 1 = tN − t1 − N ≥ Ň is large enough), and then detect the attacks through
d1 = (N − 1)∆t − (G1 − 1)d and the resulted bandwidth is anomalous round-trip time reported by the train’s first packet
(N −1)|p| PK (i.e., an anomalously large t1 ). We will present the detailed
(N −1)∆t−(G1 −1)d . But if k=1 Gk > N , qN will be further algorithm in Section 4.2.2.
PK−1
delayed by dN = (GK − (N − k=1 Gk ))d. Then the Figure 6 shows examples of a priori delay attacks based
observed ∆tN 1 = tN + dN − t1 − d1 = (N − 1)∆t − (G1 − on G1 < N (top left in the figure) and G1 > N (top right),
1)d+dN . Since dN > 0, the bandwidth result calculated using as well as our MMTD algorithm (bottom). As can be seen, a
∆tN 1 = (N − 1)∆t − (G1 − 1)d + dN should be smaller than priori delay attacks based on G1 < N cause different magic
that using ∆tN 1 = (N − 1)∆t − (G1 − 1)d. Moreover, since trains to report different bandwidth results, whereas a longer
(N −1)|p|
N is a random value, (N −1)∆t−(G 1 −1)d
is random too. It is train will induce a larger t1 for detecting the attacks based on
(N −1)|p| (N −1)|p|
also easy to see that (N −1)∆t−(G1 −1)d < (N −1)∆t−(N −1)d = G1 > N .
|p|
∆t−d ,because (G1 − 1)d < (N − 1)d. The Theorem 1 has time
q1 q2 q3 q4 t1` q1 q2 q3 q4
been proved. Verifier
t1
Delay Delay
Corollary 1. A priori delay based on G1 < N will likely Prover p1 d p 2 p 3 p4 4d 3d 2d d
report different bandwidth results for different magic trains. G1=2<N=4 G1=5>N=4

Proof. According to Theorem 1, different magic trains with Verifier

(N −1)|p|
different N s will give different (N −1)∆t−(G 1 −1)d
. The Corol-
lary 1 has been proved.
Based on the results in Corollary 1, we propose a new
algorithm to detect a priori delay attacks using multiple magic
trains. Let P = {P m |1 ≤ m ≤ M } be a set of magic trains
that a verifier generates to measure a prover, where M is the
size of P and P m is the m-th train in P. Let N m be P m ’s
length. The verifier assures N m 6= N l for ∀P m , P l ∈ P and
m 6= l. Let bm be the bandwidth result reported by P m (i.e.,
we shorten b(P m ) to bm ). To detect a priori delay attack, we
use standard deviation [42] to measure how far a set of bm ’s
spread out. A deviation of zero means all the bm ’s are identical,
while a larger deviation indicates a larger difference among
those bm ’s [42]. The standard deviation can be calculated as:
s
PM
m 2
m=1 (b − E(b))
V (b) = (6)
M We then have Theorem 2 as follows.
PM
where E(b) = ( m=1 bm )/M is the mean value of bm ’s over
P m ∈ P. Our detection algorithm is given below.
Multi-Magic-Train based Detection (MMTD): Given P =
{P m |1 ≤ m ≤ M }, if V (b) > Hb , where Hb is a
detection threshold, a priori delay attack is considered present.
q1 q2 q3 q1 q2 q3 q4
Delay Delay
Prover
d 2d d
P1: G11=2, N1=3 b1 ≠ b2 P2: G21=3, N2=4
Fig. 6: Examples of a priori delay attack.
4.1.2 Detection of a priori rush attack
In addition to delaying response packets, the adversarial prover
can also inflate bandwidth result by rushing response packets
based on her guessed length of the magic train. To inflate the
bandwidth result reported by a magic train P from b(P ) = ∆t |p|
|p|
to b0 (P ) = ∆t−d , the adversary can regularly rush response
Pk−1 Pk−1
packets qi ’s by (i − j=1 Gj − 1)d (where j=1 Gj ≤ i <
Pk
j=1 Gj ) based on a group of guessed values Gk (where
PK
1 ≤ k ≤ K) until k=1 Gk ≥ N . For G1 , the adversary can
rush the i-th response packet qi by (i−1)d, where 2 ≤ i ≤ G1 .
Theorem 2. If an adversary cannot guess the length of a
magic train for the first time (i.e., G1 6= N ), the a priori rush
attack is detectable or invalid.
Proof. If G1 > N , a priori rush attacks can be immediately
detected when the nonexistent packets qN +1 , qN +2 , . . . , qG1

are received. If G1 < N , we have three cases. PK In par-
ticular, if the adversary stop guessing when k=1 Gk <
N , the bandwidth result cannot be inflated since both q1
and qN are not rushed (i.e., t1N remains the same). If
P K
k=1 Gk = N , the bandwidth result can be inflated to
(N −1)|p|
, which depends on N . We there-
(N −1)∆t−(N − k−1
P
j=1 Gj −1)d
fore can employ the MMTD PK algorithm to detect this kind of a
priori rush attacks. If k=1 Gk > N , a priori rush attacks
can be immediately detected when the nonexistent packets
qN +1 , qN +2 , . . . , qPK
k=1 Gk
are received. Therefore, Theorem
2 has been proved.
According to Eqn. (5), the probability that the adversary
can successfully guess the length of a magic train in her first
attempt (i.e.,P r[G1 = N |N ]) is very small. Therefore, our
magic trains can detect or invalidate nearly all possible a priori
rush attacks. Figure 7 illustrates examples of a priori attacks
based on G1 < N (left) and G1 > N (right). As can be seen,
if G1 < N , a priori rush attacks cannot inflate the bandwidth
result (the dispersion between q1 and q3 remains the same).
While G1 > N can immediately expose the attacks due to
nonexistent response packet q4 .
q1 q2 q3 q1 q2 q3 q4
Verifier
nonexistent
p4
Prover p1 d p 2
Rush
p3 d 2d 3d Rush
G1=2<N=3 G1=4>N=3
Fig. 7: Examples of a priori rush attack.
4.2 Long Enough Train
To tackle posterior attack and a priori large delay attack,
our approach is to make the magic train long enough. In
another word, the possibly smallest candidate length of a
magic train should be large enough (i.e., N ≥ Ň where Ň is
a large enough number). As a result, if a posterior attack or
a priori large delay attack is launched, an anomalously large
round-trip delay of the train’s first packet (i.e., a very large
t1 ) can be observed. We therefore design new algorithms to
detect bandwidth inflation based on t1 . Moreover, since such
detection may require the actual round-trip time (RTT) for
reference, we also propose several RTT estimation algorithms
to prevent potential RTT frauds.
4.2.1 Detection of posterior attack
To inflate bandwidth result without the requirement of success-
fully guessing the length of a magic train, smart adversaries
can postpone sending back the response packets until they
have received all the request packets. This posterior attack
cannot be detected by the MMTD algorithm and nonexistent
responses, both of which are effective in detecting only the a
priori attack. However, posterior attack suffers from another
detection trick due to a large delay for receiving a long magic
train. Theorem 3 describes details.
|p|
Theorem 3. To inflate the bandwidth from b(P ) = to ∆t
|p|
b0 (P ) = ∆t−d using posterior attacks, an adversary needs
to spend a period of (N − 1)∆t to receive all the N
8
request packets before responding. Such posterior behavior
can increase t1 to t1 + (N − 1)∆t.
|p|
Proof. When the bandwidth is b(P ) = ∆t , the adversary
needs to spend an additional ∆t to receive each pi , 2 ≤ i ≤ N ,
after p1 arrives, where ∀|pi | = |p|. As a result, the total amount
of time for receiving all the request packets is (N − 1)∆t. As
a result, the RTT of each packet in the magic train can be
expanded from ti to ti + (N − 1)∆t. In particular, the first
packet’s RTT t1 is increased to t1 + (N − 1)∆t. Theorem 3
has been proved.
Corollary 2. Posterior attacks will likely cause different magic
trains reporting different t1 ’s, and a longer train will report
a larger t1 .
Proof. Since the posterior attacks can expand t1 to t1 + (N −
1)∆t, different N s can expand t1 to different values, and
a larger N leads t1 to a larger value. We therefore prove
corollary 2.
Based on the Corollary 2, we propose two algorithms to
detect posterior attacks. The first employs two magic trains
for detection, and the second relies on an estimated RTT for
detection.
RTT Pair based Detection (RTTPD): Given two magic trains
P 1 and P 2 whose lengths are very different. We can detect a
posterior attack if abs(t11 −t21 ) > Ht , where abs(x) returns the
absolute value of x, ti1 is the first packet’s RTT reported by
the train P i , i = 1, 2, and Ht is a threshold for the detection.
We choose Ht > 0 for the similar reasons as for the MMTD
algorithm. Moreover, to increase the detection rate and de-
crease the false positive, we generate the two trains with very
different lengths, because abs(t11 − t21 ) = abs(N 1 − N 2 )∆t
(see Theorem 3).
RTT Estimation based Detection (RTTED): To estimate the
RTT of a target prover, a verifier can measure the RTT of this
prover’s nearby hosts and routers. Our estimation algorithms
choose the routers directly connected to the provers as their
nearby routers, and the hosts in the provers’ /24 subnet or
the same country or ISP as nearby hosts. Figure 8 gives an
example of our RTT estimation. We use the mean value of all
the measured nearby hosts’ and routers’ RTTs as the estimated
RTT value. We denote this value as t̄. We then use a long
enough magic train P to measure the bandwidth, and alert
a possible posterior attack if t1 − t̄ > Ht , where posterior
attack enlarges t1 to t1 + (N − 1)∆t. Clearly, a longer P (i.e.,
a larger N ) can result in a better detection rate and a lower
false positive.
Verifier Prover
/24
Nearby router Same ISP or Country
Fig. 8: Example of RTT estimation.
4.2.2 Detection of a priori large delay attack
Recall from Section 4.1.1, we regard a priori delay attack
based on G1 > N as a priori large delay attack. To inflate the

|p|
bandwidth result reported by a magic train P from b(P ) = ∆t
0 |p|
to b (P ) = ∆t−d , a priori large delay attack could delay
the first response packet by (G1 − 1)d, thus enlarging t1 to
t1 + (G1 − 1)d. Since G1 > N is large enough, we can
employ the RTTPD algorithm (in case G11 6= G21 ) and RTTED
algorithm to detect this kind of attacks. Apparently, a larger
d (i.e., inflating the bandwidth result to a larger value) and a
larger G1 (i.e., assuring G1 > N with a higher probability) can
increase t1 to a more anomalously large value, hence making
the detection easier.
4.3 Round-trip Linkable Train
An adversary can mimic forgeable networking conditions to
hide the bandwidth inflation behaviors. For example, the ad-
versary could mimic cross traffic’s impacts by inserting small
churns when delaying or rushing packets. This mimicking
cannot evade our unpredictable and long enough train, because
our train does not rely on cross traffic’s inference for detection.
However, if the verifier cannot link pi to the corresponding
qi in the magic train, the mimicking of packet loss and/or
packet retransmission can invalidate the MMTD algorithm and
the detection based on non-existent response packets. That
is, an adversarial prover can first delay q1 , . . . , qG1 based on
G1 < N and then simply drop qG1 +1 , qG2 +2 , . . . , qN . As
a result, the verifier can be cheated and mistakenly regards
∆t1G1 = (G1 − 1)∆t < ∆t1N = (N − 1)∆t as ∆t1N . The
(N −1)|p|
bandwidth result can therefore be inflated from (N −1)∆t to
(N −1)|p|
(G1 −1)∆t . Furthermore, the adversary can also insert a random
number of pseudonymous response packets between q1 and
qG1 to mimic response packet retransmission (if the total
number of response packets is larger than N ) or packet losses
(if the total number of response packets is slightly smaller than
N ), hence avoiding naive detections. We name this attack as
response dropping attack.
Theorem 4. To successfully inflate bandwidth result through
response dropping attack, even smart adversaries must drop
successive response packets at the end of the train.
Proof. When qN has not been dropped, the actual ∆t1N can
be successfully recognized even if all the qG1 +1 , . . . , qN −1
have been dropped. Hence, the bandwidth result remains the
same. We therefore prove theorem 4 by contradiction.
To handle this response packet dropping attack, we make
our magic train round-trip linkable by exploiting TCP’s inher-
ent features. In our design, we first consider the use of TCP’s
sequence and acknowledgment numbers [43] for linking. By
exploiting this feature, we use in-flow TCP data packets (i.e.,
the packets belong to a TCP flow whose three-way handshake
has been completed) as pi ’s to trigger TCP ACKs as qi ’s. We
then can link each pi with its corresponding response qi using
Eqn. (7):
SEQ(pi ) + |pi | = ACK(qi ), (7)
where SEQ(pi ) is the sequence number of TCP data packet pi
and ACK(qi ) is the acknowledgement number of ACK packet
qi . We call this kind of packet train as in-flow data packet
train (IF-Data-Train in short). However, the IF-Data-Train’s
9
linkability is not reliable, since TCP acknowledges packets in
a cumulative manner [43]. That is, if some pi is lost during the
measurement, all the following qi+1 , . . . , qN will acknowledge
pi−1 .
To address this weakness and obtain reliable linkability, we
propose three new types of trains for linking. The first is to use
out-of-flow TCP data packets (i.e., the packets do not belong
to any existing TCP flows) as pi ’s to trigger TCP pure RSTs
as qi ’s. We call this type of train out-of-flow data packet train
(OF-Data-Train for short). Since RSTs cannot acknowledge
any received data, we link pi with qi in the OF-Data-Train
using TCP port numbers. The linking equation is as follows.
SrcP ort(pi ) = DstP ort(qi ), (8)
where SrcP ort(pi ) returns the source port of packet pi and
DstP ort(qi ) returns destination port number of qi . As can
be seen, OF-Data-Train employs packets from different TCP
flows for measurement. This method may cause different
request packets being routed through different network paths
if per-flow load balancing is enabled by some routers [44].
However, we can also use the OF-Data-Train to implement
our magic train, because the train can work well when the
bottleneck device locates at a converged point of all the load
balanced paths or there are no routers in the measurement path
doing per-flow load balance.
The second reliably linkable train we propose here is out-of-
flow SYN data packet train (OF-SYN-Train in short). This train
employs TCP SYN packets with payload as the request packets
to trigger TCP SYN|ACK or RST|ACK packets as response
packets. Both SYN|ACK and RST|ACK can acknowledge
the payload of TCP SYN packets. Therefore, the sequence
number can be used for linking (see Eqn. (7)). The OF-SYN-
Train cannot be affected by the cumulative acknowledgement
scheme as TCP flows have not been completely established.
However, some enterprise firewall may treat the OF-SYN-
Train as SYN flooding attacks [45].
Although the two aforementioned trains achieve reliable
linkability, both of them do not follow legitimate TCP pro-
tocol, hence being potentially refused by TCP stack. For this
reason, we propose a legitimate TCP packet train as the third
solution. This new train also uses in-flow TCP data packets
as pi ’s to trigger TCP ACKs as qi ’s, but do not rely on
the sequence number for linking. Instead, we exploit a TCP
timestamp option to avoid the cumulative acknowledgement
scheme. Any TCP acknowledgement packet (i.e., ACK bit is
set) can echo a timestamp value sent by the most recent TCP
packet from remote hosts [46]. We therefore embed a TCP
timestamp value (i.e., TSval) to each request packet and read
TCP timestamp echo reply (i.s., TSecr) field in each response
packet for linking using Eqn. (9).
T Sval(pi ) = T Secr(qi ). (9)
We call this train in-flow data packet timing train (IF-TIME-
Train for short). This train is subject to a practical issue due to
a so-called TCP delayed acknowledgment scheme [47]. That
is, TCP stack may not respond with an ACK packet (i.e., qi )
for each received data packet (i.e., pi ). To address this issue,

we either reorder each two successive request packets or assign
mismatched sequence number to them. Our experiments have
confirmed that both methods can work around the delayed
acknowledgment scheme for the Linux systems.
We compare the four round-trip linkable trains in Table
1. Except IF-Data-Train, the other three trains can achieve
reliable round-trip linkability even if some request packets are
lost during transmission.
TABLE 1: Comparison of candidate trains for round-trip linking.
Train type Legitimate TCP? Linking cue Linkable if pi lost?
IF-Data-Train Yes Sequence number No
OF-Data-Train No Port number Yes
OF-SYN-Train No Sequence number Yes
IF-Time-Train Yes TCP timestamp Yes
4.3.1 Detection of response dropping attack
By exploiting reliably round-trip linkable trains, we are able to
detect response dropping attacks using Theorem 4. The basic
idea is to check the number of unacknowledged successive
request packets to the end of the train (i.e., the corresponding
response packets are considered lost by the verifier). Although
packet loss is a normal phenomenon, a sudden lost of a bulk
of successive packets at the end of multiple trains is rare and
thus anomalous. Given a set of magic trains P = {P m |1 ≤
m ≤ M }, let lm be the number of unacknowledged successive
request packets to the end of the train P m (i.e., the verifier
cannot receive qN −lm +1 , qN −lm +2 , . . . , qN inPP m ). We then
M
regard a possible response dropping attack if m=1 lm /M >
Hd , where Hd > 1 is a threshold for the detection. We should
choose an appropriate Hd based on our experiments to balance
the detection rates and false positives. A smaller Hd generally
achieves a better detection capability but leads to a higher false
positive as well.
4.4 Magic Delay Algorithm
To measure the capacity, our magic train must filter out the
queuing delay induced by cross traffic and thus being unable
to accurately report bottleneck bandwidth (i.e., capacity). To
this end, we propose a new magic delay algorithm, which is
designed by extending the minimal delay difference algorithm
for packet pairs [35] to our magic train. The basic idea is
to use minimal RTT of each packet from different magic
trains to mitigate cross traffic’s impact as much as possible. In
particular, given a set of magic trains P = {P m |1 ≤ m ≤ M },
our magic delay algorithm calculates ti , the RTT between the
time of sending pi and the time of receiving qi , as
ti = min (tm
i ), (10)
1≤m≤M
where tm m
i is the RTT between pi and qi in train P . Since
our magic trains are in different lengths, some (pi , qi )s may
not exist in P m . For those tm
i s, we simply consider them as
tm
i = +∞. Figure 9 presents an example of the magic delay
algorithm. In this example, we have P = {P 1 , P 2 , P 3 }, where
N 1 = 5, N 2 = 8 and N 3 = 7. Our magic delay algorithm
chooses the minimal delay of each (pi , qi ) as ti for capacity
measurement.
10
Sending Receiving
p is q1 q2 q3 q4 q5 q6 q7 q8
P1
P2
P3
time Minimal delay of each qi
Fig. 9: Example of magic delay algorithm.
4.4.1 Detection of capacity inflation attack
Our magic delay algorithm can estimate the minimal RTT of
linkable packets from a magic train set P and report capacity
as
|p| |p|
ci = = , ∀i ∈ [2, max (N m )]. (11)
∆t(i−1)i ti − ti−1 1≤m≤M
We then propose a new algorithm to detect capacity inflation
attacks by calculating the standard deviation of ci s over
the minimal RTT of all linkable packets. We denote this
deviation as V (c). Without being attacked, V (c) should be
equal to 0 since any two different linkable packets should
report the same capacity estimation (if they are all converged
to minimal values). While capacity inflation attacks (through
a priori/posterior delay/rush, or response dropping) are more
likely to cause an irregular distribution of minimal delays and
hence resulting in unequal cs. We therefore detect a possible
capacity inflation attack if V (c) > Hc . We choose Hc a value
slightly larger than 0, since a finite set of magic trains may not
ensure all the RTTs to converge to their minimal values. We
note that the more magic train samples in the set P, the higher
probability that all the delays can be converged to minimal
values and thus a better detection capability can be attained.
5 I MPLEMENTATION AND E VALUATION
In this section, we implement our magic train using RAW
socket [20] and LibPcap [21] (we present the implementation
details in Appendix C in [36] and open the source code to the
public∗ ), and then evaluate the implementation in a controlled
testbed and the Internet in Section 5.1.
5.1 Magic Train Evaluation
In this section, we evaluate magic train’s detection perfor-
mance using a controlled testbed in Section 5.1.1 and the
Internet in Section 5.1.2. Our results have shown that the
magic train can achieve good results when detecting bandwidth
inflation attacks for different network and attack settings and
scenarios.
5.1.1 Testbed Experiments
We deploy a controlled testbed (details is given at Appendix
E.1 in [36]) and perform testbed experiments to show the
effectiveness of our design against various (adversarial) net-
working conditions. We also conduct experiments to study how
the state-of-the-art CDF symmetry-based detection algorithm
[11] will fail (details is given at Appendix E.2 in [36]) and
how our magic delay algorithm can filter out queuing delays
∗. The source code is given at https://github.com/zpbrent/magictrain
 11

and thus can make our measurement robustly against capacity 80Kbps/800Kbps cross traffic in 100Kbps/1Mbps network),
inflation (details is given at Appendix E.3 in [36]). even in the presence of a mixed attack (i.e., launching each
inflation attack variant with equal probability). We present
Magic train’s detection results: We evaluate magic train’s
more detection results using Hc = 0.08 × E(c) in Table 3
detection capability using our testbed. In the experiments, we
in [36].
generate magic trains using M = 5, Ň = 10, N̂ = 50 (each
train is generated in an 1 second time interval) and examine 5.1.2 Experiments on PlanetLab nodes and the Internet
the magic train’s detection capability across a rich set of
We conduct experiments using four PlanetLab nodes across the
networking and attacking conditions. We run each test set 100
globe and a host located in our Hong Kong Lab to investigate
rounds for non-attacking and attacking scenarios respectively
the effectiveness of our magic train in the Internet. We present
and measure the detection capability in terms of detection
the details of our PlanetLab experiments in Appendix E.5
rates (i.e., true positives) and false positives. We show the
in [36]. We show the detection results using ROC plots in
results of MMTD, RTTPD and response dropping detection
Figure 9, 10 and 11 in [36]. We also highlight the results
through receiver operating characteristic (ROC) plots [48] in
when Hb = 0.08 × E(b) for MMTD, Ht = 0.007 seconds
Figures 5, 6 and 7 in [36], respectively. The ROC plot is a
for RTTPD and Hd = 3 for response dropping detection.
well known curve that can reflect the relationship between
With these thresholds, our methods can achieve the detection
detection rates and false positives, and thus can clearly show
rate larger than 85% and the false positive less than 40%.
which thresholds are appropriate for balancing the detection
Since the large false positive is yielded by MMTD algorithm
rates and false positives. In Figures 5, 6 and 7, we highlight
and caused by cross traffic, we believe we can further reduce
the result when we choose Hb = 0.08 × E(b) for MMTD
the false positive using the magic delay algorithm (this has
(where E(b) is the average bandwidth value calculated by
been confirmed in our testbed experiments). We cannot show
magic trains), Ht = 0.007 seconds for RTTPD and Hd = 3
the detection results of magic delay algorithm since the time
for response dropping detection, and find these thresholds can
resolution of our implementation cannot be smaller than 1ms.
achieve acceptable detection rates and false positives across
As shown in Table 4 in [36], the average bandwidth from our
four network conditions in our testbed experiments. With
Hong Kong host to all the four PlanetLab nodes is larger than
these thresholds, we further report detection results using
50Mbps, which requires at least 0.24ms time resolution for
more networking and attacking settings in Table 2 in [36]
capacity calculation (see Eqn. (11)) even if we encapsulate
(the selection of Ht for RTTED is presented at our Internet
the packets with full payload (1.5KBytes= 12Kbits). We note
experiments in Section 5.1.2), and confirm the detection rates
that this is just an implementation limitation, and as a future
larger than 95% and false positives nearly 0% for almost cases,
work we will implement our magic train in some dedicated
despite some exceptions happen when we detect a priori delay
hardware with a higher time resolution (such as NetFPGA
attack using MMTD under a heavy cross traffic load (i.e., a
platform [49]) to resolve this issue.
large bitrate of cross traffic). In these exceptional cases, the
Since our RTTED algorithm highly relies on RTT estimation
false positive can be increased to more than 10% with a low
algorithm to guarantee its detection capability, we evaluate the
detection rate in around 85% (see the records 8, 10 and 17
accuracy of RTT estimation in the Internet in Appendix E.5.3
in Table 2 in [36]). Our magic delay algorithm is a rescue to
in [36]. Moreover, as our design of round-trip linkable trains
this problem (see Figure 8 and Table 3 in [36]). Note that,
may not be fully supported by all Internet nodes, we also
although we set our attacking tool to inflate the bandwidth
examine the supporting rate of our round-trip linkable trains
from 100Kbps to an expected 1Mbps or from 1Mbps to an
in the Internet in Appendix E.5.4 in [36].
expected 1Gbps, we may not necessarily achieve this inflation
since we implement our tool in user space and the time
resolution we can control is 1ms. The true inflated bandwidth 6 D ISCUSSIONS
could be smaller than the expected one in case the expected We present some discussions for our magic train in this
delay or rush is beyond the time resolution. section. We discuss how to select appropriate thresholds for
our detection in Section 6.1. We also explain why we cannot
Magic delay algorithm’s detection results: We also evaluate
use the bandwidth from a verifier to a prover’s nearby honest
the detection capability of our magic delay algorithm against
hosts to approximate the bandwidth to the prover, and analyze
bottleneck bandwidth (i.e., capacity) inflation attacks in our
how we can extend our magic train to detect uplink bandwidth
testbed. We present the results in Figure 8 and Table 3 in [36].
inflation attacks in Appendix D.1 and D.2 in [36], respectively.
In this evaluation, we use M = 50 and generate each magic
train in a 10 minutes time interval. In particular, Figure 8
shows the ROC plots for four networking and attacking condi- 6.1 Threshold selection
tions. We highlight the results when Hc = 0.08×E(c) (where In Section 5.1, we show our detection results using Hb =
E(c) is the average capacity value reported by magic delay 0.08 × E(b) for MMTD, Ht = 0.007 second for RTTPD,
algorithm), the same factor 0.08 is used in Hb = 0.08 × E(b) Hd = 3 for response dropping detection and Hc = 0.08×E(c)
in MMTD. By comparing these results with MMTD results in for magic delay algorithm. Although we show good detec-
Figure 5 in [36], we confirm that the magic delay algorithm tion rates and false positives with these thresholds in our
can successfully reduce the false positive from more than 10% evaluation, it does not mean that these thresholds can be
to nearly 0% in the presence of heavy cross traffic (e.g., necessarily generalized to the whole Internet. That is, it is quite

difficult to confirm that these thresholds can always maintain
good results in any other network conditions beyond our
experiments. For this reason, we discuss potential threshold
selection approaches in this section.
Generally, we encounter missing detections and false pos-
itives since some benign network traffic cannot be well dis-
criminated from the attacked ones. The reason is that network
churns and jitters may yield similar detection cues like the
traffic being attacked and some attackers may make a correct
guess for the length of magic train by chance. To address this
problem, we propose a network path approximation method.
The key idea is that, despite we cannot obtain the ground
truth of the conditions for the target path directly (because we
do not know whether the prover is an attacker or not, hence
being unable to discriminate whether the observed condition
of the target path is caused by the attack or some normal
churns), we can find some similar path to approximate the
target one. This method works if we can control one or more
honest host nearby the prover (e.g., may be a PlanetLab node
or an EC2 virtual machine), and then select the thresholds
by simulating the attacks in our controlled prover and also
sampling the normal conditions of the approximated path. We
note that this approximation method may not lead to the best
choice, but this work around is effective if the approximated
path and the target path have a lot of overlap.
7 R ELATED W ORKS
The research topic on network measurement against adversari-
al network conditions has been studied for more than ten years.
Several pioneer works have been presented in the literature,
which include the secure measurements of round-trip delay
[50], [51], packet loss rate [52], [51] and bandwidth [10], [11],
[38]. In particular, Avramopoulos and Rexford [50] proposed
a method that coins a stealth probing approach and a so-
called Byzantine tomography to monitor the availability of
network paths in a secure manner. This method considered
a cooperative network measurement scenario against some
adversarial intermediate network devices (e.g., some compro-
mised IP routers etc) on the network path, and thus proposed
to hidden measurement packets among data traffic in an
end-to-end encrypted tunnel (i.e., stealth probing) as well as
measure the same network path from different vantage points
(i.e., exploiting Byzantine tomography) to catch contradictory
results. Avramopoulos also summarized secure data delivery
methods for adversarial networks and utilize the Byzantine
tomography to detect packet forwarding failures (e.g., packet
loss) at link-level granularity in his thesis [52]. Goldberg
et al. [51] designed a secure sampling method to address a
similar threat model considered in [50], [52] (i.e., a coopera-
tive network measurement against adversarial intermediaries).
The secure sampling method requires a pair of measurement
partners to agree on a secret key in advance and employs a
keyed PseudoRandom Function to prevent an adversarial inter-
mediary from distinguishing measurement packets from non-
measurement packets. By this way, adversaries can hardly bias
the measurement results by selectively dropping, delaying and
preferentially treating measurement packets. However, despite
12
these secure network measurement methods [50], [52], [51]
have been proven effective for their own measurement purpos-
es (e.g., path availability, packet loss and RTT etc), they cannot
be used to secure uncooperative bandwidth measurement on
which our magic train paper focuses. The reason involves,
(1) the measurement packets cannot be hidden among non-
measurement packets in uncooperative measurement scenarios
even the measurement traffic is encrypted or keyed through
PseudoRandom Function, (2) the packet pair/train measure-
ment traffic is possibly identified due to some subtle features
(such as protocol redundent/incompatible or padding/useless
contents) even if they are sent from different vantage points,
and (3) these methods do not provide bandwidth measurement
methods on their design.
In contrast to [50], [52], [51], Snader et al. [10] and Karame
et al. [11], [38] proposed solutions specifically to secure
uncooperative bandwidth measurement. In particular, Snader et
al. [10] used an opportunistic bandwidth measurement method
to detect bandwidth attacks through consensus measurements.
As discussed in Section 2.3, the opportunistic method can
secure the bandwidth measurement only when the bottleneck is
near the prover and the adversarial prover cannot increase the
bandwidth to an arbitrary value larger than the capacity. Our
magic train is designed without those constraints. Moreover,
the most recent research proposed [11] and [38] to secure
packet pair based bandwidth measurement. As described in
Section 2.3 and shown in Appendix E.2 in [36], the detection
algorithm proposed in [11] can be easily bypassed by mimick-
ing forgeable tricks (i.e., the effects caused by cross traffic),
while [38] requires software-defined networks (such as the
OpenFlow protocol [40]) and control additional trustworthy
network devices for detection. Our magic train does not have
those limitations.
Further, we acknowledge that the Tor society has recog-
nized the importance of secure bandwidth measurement and
discussed several potential solutions [9], [53], [37], [54]. In
particular, Snader et al. [9], [53] proposed the use of an
opportunistic bandwidth measurement method to replace Tor’s
bandwidth self-reporting method in 2008. However, as shown
in Biryukov et al.’s work [15], the authors can successfully
launch a bandwidth inflation attack to defeat the Tor network
in 2013 and thus prove the opportunistic method is obviously
failed for securing bandwidth measurement in the Tor. The
key failure issue is that the opportunistic measurement cannot
obtain the true bandwidth when the adversarial prover (e.g.,
a malicious Tor relay) reports an equally larger bandwidth
to all the verifiers (e.g., Tor measurement authorities). Jansen
et al. [37] summarized many other security points that the
opportunistic bandwidth measurement method cannot handle
in 2014 (e.g., unable to handle downlink bandwidth measure-
ment and cannot defeat collusive attacks etc) and believed the
secure measurement is still an open research problem in the
Tor society. Moreover, Ghosh et al. [54] proposed a TorCoin
scheme to avoid the attackers or groups of attackers colluding
to misreport bandwidth measurements (i.e., collusive attacks).
The TorCoin enables to directly measure the bandwidth by
each onion relay itself through an onion-hashing circuit (called
TorPath) and hence can reject the attacker’s indirect reports.

Unfortunately, the TorCoin still cannot detect the adversarial
provers (i.e., malicious Tor relays) who can actually report an
equally larger bandwidth to all the verifiers, while our magic
train can address this kind of adversarial conditions.
To sum up, we list the main novelty of our paper as
follows. First, magic train can avoid even smart adversaries
who is able to differentiate the packet pair/train measurement
traffic, inflate the false bandwidth to an arbitrary and equal
value (even larger than the capacity) to any verifiers and
mimic any network conditions when necessary. Second, magic
train can secure bandwidth measurement by the verifier itself
(does not need the control of any other additional network
devices/routers/hosts) and can work well in condition the
bottleneck is not located nearby the prover. Third, to our best
knowledge, magic delay algorithm is the first solution that can
be used to detect capacity inflation attacks.
8 C ONCLUSIONS
In this paper, we have advanced the state-of-the-art for se-
cure bandwidth measurement. We have designed, analyzed,
implemented, and evaluated a new bandwidth measurement
algorithm, the magic train, for securing uncooperative band-
width measurement in adversarial networking environment.
Our magic train is carefully equipped with an unpredictable
packet train to defeat even smart adversaries. We have also
proposed a new magic delay algorithm to secure capacity
measurement for the first time. We have performed extensive
testbed and Internet experiments to evaluate the detection
capability of magic trains. The experimental results have
successfully confirmed the effectiveness of our design.
ACKNOWLEDGMENTS
We would like to thank the Prof. Ioannis Avramopoulos, the
anonymous reviewers and the editors from TDSC for their
constructive comments on this paper. The work was partially
supported by National Natural Science Foundation of China
under Grant Nos. 61502293, 61533010 and 61205017, the Key
Project of Science and Technology Commission of Shanghai
Municipality under Grant No. 14JC1402200, and Shanghai
Key Laboratory of Power Station Automation Technology.
This work is done mostly when P. Zhou was with The Hong
Kong Polytechnic University. X. Gu is the corresponding
author.
R EFERENCES
[1] Xiapu Luo, Edmond W. W. Chan, and Rocky K. C. Chang. Design and
implementation of TCP data probes for reliable and metric-rich network
path monitoring. In Proc. USENIX Annual Technical Conference, 2009.
[2] Jain Manish and Dovrolis Constantinos. End-to-end available band-
width: Measurement methodology, dynamics, and relation with TCP
throughput. ACM SIGCOMM Computer Communication Review, 32(4),
2002.
[3] Dovrolis Constantinos, Ramanathan Parameswaran, and Moore David.
What do packet dispersion techniques measure? In Proc. Annual Joint
Conference of the IEEE Computer and Communications Societies, 2001.
[4] Crovella Mark E and Carter Robert L. Dynamic server selection in
the Internet. Technical report, Boston University Computer Science
Department, 1995.
[5] Vern Paxson. End-to-end Internet packet dynamics. IEEE/ACM Trans-
actions on Networking, 7(3):277–292, 1999.
13
[6] Dongyu Qiu and Rayadurgam Srikant. Modeling and performance
analysis of bittorrent-like peer-to-peer networks. ACM SIGCOMM
Computer Communication Review, 34(4):367–378, 2004.
[7] Xiaojun Hei, Chao Liang, Jian Liang, Yong Liu, and Keith W Ross.
A measurement study of a large-scale P2P IPTV system. IEEE
Transactions on Multimedia, 9(8):1672–1687, 2007.
[8] Roger Dingledine, Nick Mathewson, and Paul Syverson. Tor: The
second-generation onion router. In Proc. USENIX Security Symposium,
2004.
[9] Robin Snader and Nikita Borisov. A tune-up for Tor: Improving security
and performance in the Tor network. In Proc. Network and Distributed
System Security Symposium (NDSS), 2008.
[10] Robin Snader and Nikita Borisov. Eigenspeed: secure peer-to-peer
bandwidth evaluation. In Proc. International Workshop on Peer-to-Peer
Systems (IPTPS), 2009.
[11] Ghassan Karame, Boris Danev, Cyrill Bannwart, and Srdjan Capkun.
On the security of end-to-end measurements based on packet-pair
dispersions. IEEE Transactions on Information Forensics and Security,
8(1):149–162, 2013.
[12] Eddie Mitchell. Dailymotion.com redirects to fake AV threat [on-
line]. http://www.invincea.com/2014/01/dailymotion-com-redirects-to-
fake-av-threat/, 2014.
[13] Lasse Overlier and Paul Syverson. Locating hidden servers. In Proc.
IEEE Symposium on Security and Privacy, 2006.
[14] Kevin Bauer, Damon McCoy, Dirk Grunwald, Tadayoshi Kohno, and
Douglas Sicker. Low-resource routing attacks against tor. In Proc.
ACM Workshop on Privacy in Electronic Society, 2007.
[15] Alex Biryukov, Ivan Pustogarov, and Ralf-Philipp Weinmann. Trawling
for tor hidden services: Detection, measurement, deanonymization. In
Proc. IEEE Symposium on Security and Privacy, 2013.
[16] Ghassan Karame and Srdjan Capkun. On the security of end-to-
end network measurements [online]. http://www.syssec.ethz.ch/research/
Security End to End.pdf, 2009.
[17] Martin Devera. Htb traffic shaper [online]. http://luxik.cdi.cz/∼devik/
qos/htb/, 2004.
[18] Netlimiter [online]. http://www.netlimiter.com/, 2013.
[19] Netequalizer [online]. http://www.netequalizer.com/, 2014.
[20] Linux programmer’s manual - raw(7) [online]. http://man7.org/linux/
man-pages/man7/raw.7.html, 2012.
[21] The libpcap project [online]. http://sourceforge.net/projects/libpcap/,
2013.
[22] Douglas E Comer. Computer Networks and Internets. 2008.
[23] Mark Crovella. Measuring bottleneck link speed in packet-switched net-
works [online]. http://www.cs.bu.edu/∼crovella/src/bprobe/Tools.html,
1996.
[24] Van Jacobson. Pathchar: A tool to infer characteristics of Internet paths
[online]. http://www.caida.org/tools/utilities/others/pathchar/, 1997.
[25] Stefan Saroiu, P Krishna Gummadi, and Steven D Gribble. Sprobe:
A fast technique for measuring bottleneck bandwidth in uncooperative
environments. In Proc. IEEE International Conference on Computer
Communications, 2002.
[26] Bruce A. Mah. pchar: A tool for measuring Internet path characteristics
[online]. http://www.kitchenlab.org/www/bmah/Software/pchar/, 2005.
[27] Edmond W.W. Chan, Ang Chen, Xiapu Luo, Ricky K.P. Mok, Weichao
Li, and Rocky K.C. Chang. Trio: measuring asymmetric capacity with
three minimum round-trip times. In Proc. ACM CoNEXT Conference,
2011.
[28] G.992.5 : Asymmetric digital subscriber line 2 transceivers (ADSL2) -
extended bandwidth ADSL2 (ADSL2plus) [online]. http://www.itu.int/
rec/T-REC-G.992.5/e, 2013.
[29] Robert L Carter and Mark E Crovella. Measuring bottleneck link speed
in packet-switched networks. Performance Evaluation, 27:297–318,
1996.
[30] Attila Pásztor and Darryl Veitch. The packet size dependence of packet
pair like methods. In Proc. IEEE International Workshop on Quality of
Service, 2002.
[31] Constantinos Dovrolis, Parameswaran Ramanathan, and David Moore.
Packet-dispersion techniques and a capacity-estimation methodology.
IEEE/ACM Transactions on Networking, 12(6):963–977, 2004.
[32] Rohit Kapoor, Ling-Jyh Chen, Li Lao, Mario Gerla, and MY Sanadidi.
Capprobe: a simple and accurate capacity estimation technique. In Proc.
ACM SIGCOMM, 2004.
[33] Ling-Jyh Chen, Tony Sun, Bo-Chun Wang, MY Sanadidi, and Mario
Gerla. Pbprobe: A capacity estimation tool for high speed networks.
Computer Communications, 31(17):3883–3893, 2008.
 14

[34] Daniele Croce, Taoufik En-Najjary, Guillaume Urvoy-Keller, and Rocky K.C. Chang received the PhD de-
Ernst W Biersack. Capacity estimation of ADSL links. In Proc. ACM gree in computer engineering from Rensselaer
CoNEXT Conference, 2008. Polytechnic Institute. Immediately after that, he
[35] Edmond W.W. Chan, Xiapu Luo, and Rocky K.C. Chang. A minimum- joined the IBM Thomas J. Watson Research
delay-difference method for mitigating cross-traffic impact on capacity Center working on performance analysis and
measurement. In Proc. ACM CoNEXT Conference, 2009. simulation tools. He then joined the Department
[36] Peng Zhou, Rocky K. C. Chang, Xiaojing Gu, Minrui Fei, and Jianying of Computing at the Hong Kong Polytechnic
Zhou. Supplemental material to ’magic train: Design of measurement University, where he is now an associate pro-
methods against bandwidth inflation attacks’, [online]. http://zpbrent. fessor. He is leading an Internet Infrastructure
github.io/SupplementalMaterial/MagicTrainSupple.pdf, 2015. and Security Laboratory, addressing problems
[37] Rob Jansen, Andrew Miller, Paul Syverson, and Bryan Ford. From in network measurement and security. He is a
onions to shallots: Rewarding Tor relays with TEARS. Proc. Workshop member of the IEEE and ACM.
on Hot Topics in Privacy Enhancing Technologies (HotPETs), 2014.
[38] Ghassan O Karame. Towards trustworthy network measurements. In
Proc. International Conference on Trust & Trustworthy Computing,
2013.
[39] Peng Zhou, Siwei Jiang, Athirai Irissappane, Jie Zhang, Jianying Zhou,
and Joseph Chee Ming Teo. Toward energy-efficient trust system through
watchdog optimization for wsns. IEEE Transactions on Information
Forensics and Security, 10(3):613–625, 2015.
[40] Open flow [online]. http://archive.openflow.org/, 2011. Xiaojing Gu received her BS and PhD degrees
[41] Boris Beizer. Black-box testing: techniques for functional testing of from Donghua University in 2006 and 2011 re-
software and systems. 1995. spectively. She is currently an assistant profes-
[42] J Martin Bland and Douglas G Altman. Statistics notes: measurement sor at the School of Information Science and
error. Bmj, 1996. Engineering, East China University of Science
[43] Jon Postel. RFC 793: Transmission control protocol. 1981. and Technology, China. Her research interests
[44] Brice Augustin, Timur Friedman, and Renata Teixeira. Measuring mul- include machine learning, pattern recognition
tipath routing in the Internet. IEEE/ACM Transactions on Networking, and their applications in network security.
19(3):830–840, 2011.
[45] Jelena Mirkovic, Sven Dietrich, David Dittrich, and Peter Reiher. Inter-
net Denial of Service: Attack and Defense Mechanisms (Radia Perlman
Computer Networking and Security). 2004.
[46] RFCSourceBook, TCP option 8, timestamp [online]. http://www.
networksorcery.com/enp/protocol/tcp/option008.htm, 2012.
[47] Robert Braden. RFC 1122: Requirements for Internet hosts-
communication layers. 1989.
[48] James A Hanley and Barbara J McNeil. The meaning and use of the
area under a receiver operating characteristic (roc) curve. Radiology,
143(1):29–36, 1982.
[49] John W Lockwood, Nick McKeown, Greg Watson, Glen Gibb, Minrui Fei received his B.S. and M.S. degrees in
Paul Hartke, Jad Naous, Ramanan Raghuraman, and Jianying Luo. Industrial Automation from the Shanghai Univer-
NetFPGA–an open platform for Gigabit-rate network switching and sity of Technology in 1984 and 1992, respective-
routing. In IEEE International Conference on Microelectronic Systems ly, and his Ph.D. degree in Control Theory and
Education, 2007. Control Engineering from Shanghai University in
[50] Ioannis C Avramopoulos and Jennifer Rexford. Stealth probing: Efficient 1997. Since 1998, he has been a Professor and
data-plane security for ip routing. In Proc. USENIX Annual Technical Doctoral Supervisor at Shanghai University. His
Conference, General Track, 2006. current research interests are in the areas of
[51] Sharon Goldberg, David Xiao, Eran Tromer, Boaz Barak, and Jennifer theory, technology, security and applications of
Rexford. Path-quality monitoring in the presence of adversaries. In networked control systems.
ACM SIGMETRICS Performance Evaluation Review, volume 36, pages
193–204, 2008.
[52] Ioannis Avramopoulos. Secure data delivery in adversarial networks.
Princeton University, 2006.
[53] Robin Snader and Nikita Borisov. Improving security and performance
in the Tor network through tunable path selection. IEEE Transactions
on Dependable and Secure Computing, 8(5):728–741, 2011.
[54] Mainak Ghosh, Miles Richardson, Bryan Ford, and Rob Jansen. A Tor-
Path to TorCoin: Proof-of-bandwidth altcoins for compensating relays.
In Proc. Workshop on Hot Topics in Privacy Enhancing Technologies Jianying Zhou is currently the Head of the De-
(HotPETs), 2014. partment of Infocomm Security with the Institute
for Infocomm Research, Singapore. He received
the Ph.D. degree in information security from
Royal Holloway, University of London, Egham,
U.K. His research interests are in applied cryp-
tography, computer and network security, cyber-
physical security, and mobile and wireless secu-
Peng Zhou received his Ph.D. degree from the
rity. He received a large amount of R&D funding
Hong Kong Polytechnic University in 2014. He
from the Singapore government and published
was a Research Fellow at Singapore Nanyang
intensively at international conferences and jour-
Technological University and is currently a Lec-
nals. He is also a co-founder of the International Conference on Applied
turer at Shanghai University. His research inter-
Cryptography and Network Security. He served as the General Chair,
ests cover network security, trust management
the Program Chair, and a program committee member in many interna-
and machine learning.
tional cryptography and security conferences.

View publication stats