Attack Resilience of Cache Replacement Policies: A Study Based on TTL Approximation

Abstract

Caches are pervasively used in communication networks to speed up content access by reusing previous communications, where various replacement policies are used to manage the cached contents. The replacement policy of a cache plays a key role in its performance, and is thus extensively engineered to achieve a high hit ratio in benign environments. However, some studies showed that a policy with a higher hit ratio in benign environments may be more vulnerable to cache pollution attacks that intentionally send requests for unpopular contents. To understand the cache performance under such attacks, we analyze a suite of representative replacement policies under the framework of TTL approximation in how well they preserve the hit ratios for legitimate users, while incorporating the delay for the cache to obtain a missing content. We further develop a scheme to adapt the cache replacement policy based on the perceived level of attack. Our analysis and validation on real traces show that although no single policy is resilient to all the attack strategies, suitably adapting the replacement policy can notably improve the attack resilience of the cache. Motivated by these results, we implement selected policies as well as policy adaptation in an open-source SDN switch to manage flow rule replacement, which is shown to notably improve its resilience to pollution attacks.