That only requires 36 contacts between the victim nodes and the attack nodes, with 720 intervals for updates (Chan-Tin, et al., 2011). At that point, disruptions in the network would begin to be seen. The attacker can continue to increase the variance, but there will eventually be a point reached at which the variance is no longer successful because the frog-boiling attack fails (Chan-Tin, et al., 2011). This usually comes about due to a too-rapid increase in the changing victim node coordinates, which stops the attack because the system flags the changes in the node as something that may be problematic. Naturally, in order for the attack to be successful the node changes must be gradual enough to avoid a flag by the system.
The second kind of attack discussed by Chan-Tin, et al. (2011) is the network-partition attack. This attack is similar to the basic-targeted attack, but yet there is a distinct difference to be considered. In the basic-targeted attack, the victim nodes are gradually moved until they reach far-away coordinates. In the network-partition attack, the rest of the network to which the nodes belong is also moved. By partitioning off part of the network, the attack is able to isolate only the area it needs or wants to attack or infect (Chan-Tin, et al., 2011). A section of the network can be taken over instead of only adjusting selected nodes or trying to take over an entire network. It takes nearly 500 minutes for the network-partition attack to have an effect, but at that time the network will start to separate off into two parts. There is a pull between the two networks, so the coordinates that were intended by Chan-Tin, et al. (2011) were not reached. Despite that, the networks were partitioned effectively, which was the ultimate goal of the attack (Chan-Tin, et al., 2011).
There is a ration reached between the intracluster distance and the intercluster distance, as well (Chan-Tin, et al., 2011). Over time, the intracluster distance remains the same or gets smaller, but the intercluster distance gets larger and larger. That effectively indicates that the network has been partitioned into two separate entities, and both of them (now two separate networks, essentially) continue to move aware from one another. If this can be done (which has been clearly demonstrated), than a network-partition attack will work on a network that is deemed to be secure (Chan-Tin, et al., 2011). There is also no reason one could not expand the attack and make more than two clusters and one partition. Theoretically, it would be possible to move the attack to something that was creating multiple partitions and clusters, all of which were moving away from one another. That would dissolve the network to some degree, and would be a significant way in which an individual could attack a network and “divide and conquer” it in such a way that it would be difficult to detect until it was too late. It would also be hard to correct.
Depending on the percentage of attackers, it is possible to show that there are many different ways to adjust this kind of attack. Regardless of how many partitions are created or how many nodes are used, however, it is clear that the attack is one in which anyone with the knowledge of how to create it can use it against common networks that are thought to be secure from attack (Chan-Tin, et al., 2011). With the low tolerances and minute changes that are made to the network in any kind of frog-boiling attack, there are all kinds of possibilities for how it can be used and what can be done with it. That makes it a significant and dangerous way to wage a kind of war on network systems.
In this attack it is the desire of the attacker to become the closest node to the victim (Chan-Tin, et al., 2011). In Vuze, for example that would mean the node to which a file transfer would be initiated and one to which the attacker can control what file to transmit (Chan-Tin, et al., 2011). By querying the victim node to get coordinates, and doing this on a constant basis, the victim node continually tells the attacker node where to find it. The attacker node does not respond to any of the other nodes within the network, just like in the basic-targeted attack (Chan-Tin, et al., 2011).
If there are a large number of attacker nodes within the network, there is a higher likelihood that one of those attacker nodes will become the closest node to a victim node. Additionally, the constant querying of the victim node by the attacker node will show the attacker node when the coordinates of the victim node change (Chan-Tin, et al., 2011). When that takes place, the attacker node will update its replies to the victim node, so that it can continue to query that node successfully.
By checking every 10 minutes and allowing 500 minutes for the entire attack, Chan-Tin, et al. (2011) were able to determine how often attacker nodes were the closest node to a victim node. The more attackers there are, the higher chance one will be close to a victim node. This is normal and was to be expected. While there was not a 100% success rate, the updates as to what is the closest node only come every 10 minutes (Chan-Tin, et al., 2011). That means an attacker could have been the closest node for nine minutes, but then would have been discarded. Having 11% of the nodes as attackers returned a success rate of 41% based on the 10 minute updates (Chan-Tin, et al., 2011). If the experiment were to run for a longer period of time, the likelihood of the attacker nodes being the closest nodes would also greatly increase. Eventually, statistics show that all victim nodes and all attacker nodes would meet. On a one day experiment, the 41% chance of an attacker being the closest node to a victim node jumps to 60%, without making any changes to the number of attack nodes present (Chan-Tin, et al., 2011).
The Kalman Filter
There are more ways to secure a network coordinate system than are realized by most people. Because that is the case, it was necessary for Chan-Tin, et al. (2011) to consider other options and other ways of securing a network. One of those was the Kalman Filter (Kaafar, et al., 2007). This filter is designed to look for nodes that are lying, or that are not behaving as anticipated by the network. These are called outlier hosts. The filter works to find these by looking at the predicted error in the node and the actual error in the node, and then comparing the two when it comes to updating coordinates (Chan-Tin, et al., 2011). If the error actually found is larger than the error that was predicted, the update from the node is rejected and the coordinates are not considered to be valid for that node.
It is assumed that all nodes can be trusted until there is evidence that one or more of them cannot (Lehman & Lerman, 2004; Ng & Zhang, 2001). In short, when a node starts providing coordinates that are not within the expected (and accepted) parameters, that node is rejected as being a liar. Lying nodes are not wanted in the network, because they are either malfunctioning or they are being attacked. By rejecting their coordinates the goal is to keep the malfunction or the attack from spreading to other nodes and potentially infecting the entire network (Chan-Tin, et al., 2011). Assumptions in the past have indicated that this has been done with the current network systems that are available, but Chan-Tin, et al. (2011) have shown this not to be the case. If the changes are small enough they fall into the predictable error for the coordinates. It is there where an attack can begin and changes can be made that will go undetected until the problem is much larger.
In the Kalman Filter, there are trusted nodes. For the experiment conducted by Chan-Tin, et al. (2011), 8% of the nodes were set to a trusted state. The way the Filter works is that each of the trusted nodes contacts the other nodes until they stabilize. By stabilization, it is meant that the coordinates have stopped their fluctuation and the relative error they are reporting is a constant one (Chan-Tin, et al., 2011). Then they run a setup and allow the nodes that are not trusted to join in with the network. When normal nodes join in, they contact the trusted node that is closest to them in order to receive.