Can Multipath TCP be Robust to Cyber Attacks With Incomplete Information?

Promoted by the advancements in the various wireless access technologies, modern mobile devices equipped with multiple network interfaces are rapidly becoming the norm, and this provides a driving force for the large-scale deployment of the Multipath Transmission Control Protocol (MPTCP) in the current and future Internet. However, the simultaneous use of multiple network paths for concurrent multipath data transmission can make MPTCP have a larger attack surface than the traditional single-path transport protocols, and this may be likely to pose a risk of MPTCP being much more susceptible to cyber attacks. In this paper, we present a measurement method to investigate the vulnerability and robustness of MPTCP under cyber attacks with incomplete network information, by considering the fact that most cyber attacks normally lack of real-time information with respect to various MPTCP attributes. We mathematically characterize cyber attacks with incomplete network information from the viewpoints of both the cyber attacker and the MPTCP communication system, and then we introduce a mixed attack strategy, by jointly considering the features of both the random attacks and the selective attacks, to evaluate the robustness of MPTCP.


I. INTRODUCTION
In the last few years, wireless communication technologies, such as wireless broadband technology, wireless Wi-Fi technology, Bluetooth technology and so on, have undergone unprecedented development [1], [2]. Significant results in the wireless communication area offer today's mobile users ubiquitous Internet connectivity and high-quality data transmission services. Furthermore, the latest advancements in the wireless communication technologies provide a great driving force for the large-scale use of multi-homed mobile devices in the current and future Internet. Such multi-homed mobile devices (e.g., smartphones, netbooks, and portable computers) are commonly configured with several wireless network interfaces and multiple different IP addresses [3], [4]. They can simultaneously use their own network interfaces to establish multiple communication paths to access Internet, and The associate editor coordinating the review of this manuscript and approving it for publication was Luis Javier Garcia Villalba . allocate application data traffic across these multiple paths aiming to improve transmission performance and maximize resource usage, enabled by the promising Multipath Transmission Control Protocol (MPTCP) [5].
The MPTCP is a set of extensions to the Transmission Control Protocol (TCP), allowing to efficiently exploiting multiple network paths between a pair of endhosts for concurrent multipath data transmission, while presenting a regular TCP session to applications [6]. Nowadays, the MPTCP is becoming the transmission technology of choice for the multi-homed mobile devices [7]. Figure 1 portrays a basic MPTCP use case scenario in a public network area (e.g., a waiting hall) in which a multi-homed MPTCP-based mobile device, that has been equipped with three network interfaces (the Cellular, Wi-Fi and Bluethooth interfaces), is connecting with a server through three network paths (the Cellular link, the Wi-Fi link, and the Bluetooth link). That means the mobile device and the server can exchange the information between each other by simultaneously making use of the three paths. In this case, the mobile device can aggregate the bandwidth of the three network links to possibly speed up the rate of data transmission, increase the end-to-end quality of service (QoS), and enhance the resilience of communication system, supported by the MPTCP technology. Due to its promising features of concurrent multipath transmission, the MPTCP technology is emerging as an important building block for the future Internet [8], [9].
Although the MPTCP technology has been received a high degree of attention and the continued interests in the MPTCP has resulted in many research publications, most of the researches in this area are concerned with the performance optimization of the MPTCP protocol itself, by using the optimized packet scheduling algorithms, congestion control mechanisms, path managing strategies, energy-saving methods, as well as promising network coding technologies and cross-layer activities, while the research on the invulnerability of MPTCP has rarely been reported. In fact, in MPTCP, allowing parallel data transmissions over multiple network links has the potential to increase the performance of data transmission; however, the multipathing paradigm with multiple TCP connections is likely to pose a risk of MPTCP being much more susceptible to cyber attacks [10]. This is because that most wireless networks used in MPTCP multipath transmission are short-range, high-speed but unlicensed wireless local area networks (i.e., public Wi-Fi networks), which are very prone to numerous kinds of cyber attacks [11].
Since MPTCP is not standardized to be more secure than the classic TCP [12], and, even more, it can become particularly vulnerable due to multiple TCP connections, therefore, the cyber attacks would be especially problematic for MPTCP. In MPTCP, each network path independently transfers data according to its own networking parameters (e.g., bandwidth, delay, etc.); however, the paths can mutually affect each other and interact with each other [13], [14], due to the MPTCP intrinsic natures of fully-reliable and in-order delivery. That is, if a network path in MPTCP experiences a cyber attack; it may become a poor-performing path (with huge transmission delay or high packet loss) or even an unavailable path (with short-term or complete network failures), and this would cause several negative behaviors to happen in multipath transmission, such as (i) inducing MPTCP to perform unnecessary retransmission in the unavailable path; (ii) resulting in out-of-order receipt of packets on the receiver side; (iii) affecting the performance robustness or/and structural robustness of MPTCP multipath transmission system. Although many efforts have been devoted to addressing the first two concerns, can MPTCP be robust against cyber attacks, especially from the perspective of attacks with incomplete information, is not yet well analyzed.
By jointly considering the fact that MPTCP would face network security implications and become particularly vulnerable due to some public networks used in the multipath transmissions can be extremely susceptible to attack, and the fact that most cyber attacks normally cannot fully understand the real-time network information with respect to the MPTCP communication system, in this paper, we present a method to measure the vulnerability and robustness of MPTCP under cyber attacks with incomplete network information. In particular, we aim to answer the following questions: (i) How robust the MPTCP is to the presence of cyber attacks, especially under the intentional attacks with incomplete information? And (ii) what is the performance penalty of MPTCP when the transmission paths within the MPTCP connection suffer from cyber attacks. The main contributions of our proposal are summarized as follows: • It applies the graph theory to abstract the MPTCP communication system and mathematically characterizes the cyber attacks with incomplete information.
• It introduces a mixed attack strategy to investigate the vulnerability and robustness of MPTCP under a cyber attack with incomplete network information.
The reminder of the paper is organized as follows. Section II introduces the background and motivation of this paper. Section III proposes a methodology appropriate for investigating the vulnerabilities of MPTCP under cyber attacks with incomplete information. Section IV presents the robustness evaluation of MPTCP with different breadth parameters, precision parameters, and a mixed attack strategy, respectively. Section V highlights the limitations of the paper and discusses the open and interesting challenges. Section VI concludes the paper and gives our future work.

II. BACKGROUND AND MOTIVATION
As opposed to the single-path TCP, MPTCP can aggregate multiple network paths and simultaneously use these paths to exchange packets between endhosts. Figure 2 illustrates an overview of MPTCP, in which an MPTCP connection is established between Host A (act as MPTCP sender) and Host B (act as MPTCP receiver). With MPTCP, the two endhosts utilizes their own network interfaces (with different IP addresses) to establish multiple TCP connections (termed ''MPTCP subflows'') across potentially disjoint network paths (path#1, path#2, · · · , path#n). At the sender side (Host A), once having application data traffic to be sent, MPTCP splits and dispatches the data traffic across these paths (path#1, path#2, · · · , path#n) simultaneously for concurrent multipath transmission. At the receiver side (Host B), the received but fragmented message can be reassembled in the receiver buffer for re-ordering and then flushed to upper layer in-order. The network paths in multipath transmission can be managed (e.g., creation, removal, reconnection) by MPTCP according to their own network condition.
With feature of multipathing service, MPTCP has obtained an ever-increasing number of researchers' interests. We here categorize the relevant literature into six groups: MPTCP scheduler optimization cases, MPTCP congestion control and fairness cases, MPTCP energy consumption cases, MPTCP with coding technique and cross-layer design cases, MPTCP partially reliable extension cases, and MPTCP security cases.

A. MPTCP SCHEDULER OPTIMIZATION CASES
Most of the researchers in this field have been devoted to optimizing the MPTCP scheduler. Saha et al. [8] proposed an agile MPTCP scheduler, called AMuSe, which allows MPTCP to perform near-optimally in terms of performance speed-up and reliability improvement in Dual-Band 802.11ad/ac wireless local area networks. Kimura et al. [15] provided a comprehensive analysis of MPTCP scheduler and then discussed both the lessons and opportunities of MPTCP packet scheduling methods. Xue et al. [16] considered the potentials of forward prediction model (FPM) and thereby designed a FPM-based scheduler and a dynamic feedback mechanism for MPTCP in lossy heterogeneous networks. Kimura et al. [17] presented three alternative packet scheduling decisions for MPTCP, which are called ''largest congestion window (CW)-based scheduler'', ''smallest time (ST)-based scheduler'', and ''highest sending rate (SR)-based scheduler'', respectively. Dong et al. [18] designed a novel packet loss-aware scheduler for MPTCP in order to enhance the MPTCP performance while significantly reducing extra bandwidth consumption in a high packet loss network condition. Le and Bui [19] developed a new MPTCP scheduler, which leverages per-path's forward delay as metric to send data.

B. MPTCP CONGESTION CONTROL AND FAIRNESS CASES
Apart from the optimization of MPTCP scheduler, there are also congestion control and fairness research aspects. Wei et al. [20] introduced a shared bottleneck-based congestion control mechanism for MPTCP in order to mitigate the out-of-order packet arrival problem, by detecting the shared bottlenecks and estimating the congestion level of each MPTCP subflow. Lĺźbben and Morgenroth [21] discussed the complex behaviors of MPTCP caused by the interaction of the loss-based congestion control and minimum Round-Trip Time (RTT) scheduling and then proposed several alternative congestion control algorithms for MPTCP as the corresponding countermeasure. Ferlin et al. [22] designed a practical shared bottleneck detection (PSBD)based congestion control mechanism for MPTCP in order to make MPTCP flows remain fair to the TCP flows in a shared bottleneck scenario. Thomas et al. [23] presented a normalized multipath congestion control mechanism for MPTCP in order to achieve TCP-friendliness, by normalizing the throughput growth of individual MPTCP subflow. Zhao et al. [24] designed a fluid-based fairness-oriented algorithm in order to make MPTCP keep fairness to TCP and achieve congestion-balancing among MPTCP subflows.

C. MPTCP ENERGY CONSUMPTION CASES
Recently, there have been an increasing number of researchers who have been devoted to addressing the energy consumption problems in MPTCP. Zhao et al. [25], [26] introduced a flow-completion-time minimized congestion control mechanism to MPTCP in order to optimize the energy usage in datacenter networks. Wu et al. [27] presented an energy-efficient video flow rate allocation method in order to improve MPTCP energy efficiency while guaranteeing user-perceived quality for video streaming services. Wang et al. [28] designed an energy efficient congestion control algorithm for MPTCP, by jointly considering each path's RTT, loss rate, and energy efficiency. Kaup et al. [29] analyzed the battery power consumption in-depth when running MPTCP onto a power-constrained mobile phone, and then developed an energy consumption measuring and modeling study model for MPTCP. In particular, their research aimed to provide answers to the questions that how can MPTCP save energy in the best way. Our previous work [30] designed an application rate-aware energy saving-oriented subflow manager for MPTCP with goal of reducing the energy consumption in multipath transmissions while maintaining the performance level of MPTCP.

D. MPTCP WITH CODING TECHNIQUE AND CROSS-LAYER DESIGN CASES
Other researchers have concentrated their efforts on the MPTCP optimization by using network coding techniques and cross-layer designs, respectively. Xu et al. [31] proposed a novel quality-based packet scheduling mechanism for MPTCP, by applying the promising pipeline coding technique, to tackle challenges specific to wireless multipath transmission. Cui et al. [32] introduced the emerging fountain coding (FC) technique to MPTCP, with consideration of the FC intrinsic random characteristics, and thereby designed a FC-based packet scheduling and transmission control algorithm for MPTCP. Xue et al. [33] revealed the unfair congestion control issue when applying the network coding techniques for MPTCP multipath transmission. As a remedy, the authors presented an end-to-end congestion control method to migrate unfairness among MPTCP subflows. Lim et al. [34] proposed a ''MAC-MPTCP'' cross-layer path manager, which leverages the networking parameter of MAC layer to estimate both the connectivity and transmission quality for each MPTCP path. Fukuyama et al. [35] presented a novel cross-layer design to tackle the packet loss problems in MPTCP wireless transmission, by detecting the frame error in data-link layer. Our previous work MPTCP-RC [36] optimized the MPTCP performance by jointly considering the receiver's intelligence and cross-layer activities.

E. MPTCP PARTIALLY RELIABLE EXTENSION CASES
More recently, many researchers have been devoted to extending MPTCP with partial reliability services. Xu et al. [37] initiated a partial reliability extension for MPTCP (known as ''initiative PR-MPTCP''), in which both the sender and the receiver can support the partially reliable transmission services for the time-sensitive network applications. Qin et al. [38] proposed a message-oriented partial-reliability extension for MPTCP in order to allow the MPTCP sender to abandon the expired message and tell the receiver of the message abandonment decision. Diop et al. [39] presented a Quality of Service (QoS)oriented partial reliability extension for MPTCP. This variant was designed in order to improve user's quality of experience (QoE) for the real-time interactive multimedia applications, by giving up the transmission of expired message in MPTCP multipath transmission. Although the partial reliability extensions have been demonstrated useful for the delay-constrained applications, it is worthy to note that extending MPTCP with partial reliability services is still in controversy because MPTCP is designed in order to provide connection-oriented transport services for the loss-sensitive rather than time-sensitive Internet applications, as discussed in our previous work [4].

F. MPTCP SECURITY CASES
Nowadays, the research focus is shifting toward securing MPTCP multipath communications. Noh et al. [40] designed a secure and lightweight subflow establishment mechanism for MPTCP, by utilizing a digital signature strategy to prevent the persistent ADD_ADDR attack. Jadin et al. [41] designed a secure MPTCP variant by closely integrating authentication and encryption inside the MPTCP protocol. Nguyen et al. [42] investigated the Autonomous System (AS)-level Man-in-the-Middle (MITM) attacks acting at the robustness of MPTCP communications, reported which countries and regions had a high-level of robustness against the MITM attacks by studying the AS level graph, and provided a countermeasure in preventing MPTCP from the AS-level MITM attacks when concurrently using multiple Internet-scale paths for multipath communications. Munir et al. [43] first reported the potential security vulnerabilities in MPTCP due to cross-path interactions among MPTCP subflows, caused by two typical attacks: connection hijack attacks and directed traffic diversion attacks, and then proposed the corresponding countermeasure proposal to guarantee MPTCP to be no less secure than TCP under the two typical attacks.
In this paper, we present a new vulnerability measurement method to investigate the robustness of MPTCP under cyber attacks with incomplete network information [44]. To this end, we apply the graph theory to abstract the MPTCP communication system, and then introduce a mixed attack model with incomplete information for MPTCP. To the best of our knowledge, this paper is the first study to investigate the vulnerability and robustness of MPTCP under a cyber attack with incomplete network information. We hope to provide a new thought for the measurement of the MPTCP vulnerability under cyber attacks and attract more researchers to pay attention on this topic, after all, as the simultaneous use of multiple network paths in MPTCP is a benefit, there is certainly an additional vulnerability which comes along with that. It is worth mentioning that in our paper, the mentioned cyber attack can be any one of particular type of attack, such as Flood DOS attacks or man-in-the-middle attacks, which can launch false data injection attacks and thus prevents the usage of a network path in MPTCP (namely, to make the MPTCP transmission experience network failure).

III. METHODOLOGY
In this section, we first map the dynamical MPTCP system onto a directed graph, apply the graph theory to abstract the MPTCP communication system, and then introduce an attack strategy with incomplete information that can be used to investigate the vulnerabilities of MPTCP.

A. MPTCP-GRAPH MAPPING
We focus on a steady-state MPTCP communication system and act with a series of assumptions: (i) there are two multi-homed end-hosts equipped with the same amount of network interfaces, (ii) each network interface has its own unique IP address, (iii) the two end-hosts are communicating with each other using multiple end-to-end independent transmission paths (MPTCP subflow), enabled by MPTCP, (iv) all the transmission paths within the MPTCP connection are available for data transmission, and (v) a cyber attacker can access partial network resources and obtain partial MPTCP paths' QoS-related networking parameters (namely incomplete information of MPTCP). Since MPTCP message exchanging between the two end-hosts (a sender and a receiver) is bidirectional, therefore, the MPTCP multipath communication system can be abstractly represented by a graph G with m nodes and n edges, by using the following equation, which V = {υ 1 , υ 2 , · · · , υ m } is the set of nodes (each node is representative for each network interface in MPTCP multipath communication system), therefore, there is And E = υ i , υ j is a set of edges (each edge corresponds to each transmission path in MPTCP communication system), therefore, there is The edge set E represents the set of all transmission paths in the MPTCP multipath communication system, which can be represented by the adjacency matrix Z as follows, If there is a transmission path between the nodes υ i and υ j , the two nodes are considered to be connected by one edge, and this can be represented by the following expression, , if υ i and υ j is connected with each other; 0, otherwise.
In this paper, we only consider a symmetric MPTCP communication system. That is, for each two corresponding nodes υ i and υ j , there is one and only one transmission path between them for MPTCP packet exchange. For convenience, the edge set E is hereafter represented to as E = {e 1 , e e , · · · , e n }.

B. ATTACK MODE AND STRATEGY
Today's cyber attacks faced by communication networks can generally be grouped into two typical types: random attacks and selective attacks.
• In a random attack, the attacker ''knows nothing'' about the MPTCP communication system. In other words, it is a ''zero information attack mode''. In this attack mode, the attacker can only attack the entire MPTCP communication system in a random way.
• In a selective attack, the attacker ''knows everything'' about the MPTCP communication system. In other words, it is a ''complete information attack mode''. In this attack mode, the attacker can select the target paths to attack according to the paths' importance. In practice, the communication networks would face neither ''zero information attack'' nor ''complete information attack'' in most cases, but ''incomplete information attack'', that is, the attackers can only access partial network resources and obtain partial network information [44]. Therefore, we need to construct an attack mode with incomplete information to evaluate the vulnerability and robustness of MPTCP. To simulate an attack mode with incomplete information, two key factors need to be determined: exposed region and attack strategy.
The exposed region is an optimal attacking region in the MPTCP communication system in which an attacker perfectly knows how important and what information of the transmission paths. Let R and N be the set of exposed region and unexposed region, which corresponds to the known transmission paths and the unknown transmission paths within the MPTCP communication system, respectively. Therefore, we have Obviously, an attacker can work better with a bigger exposed region. We will present the exposed region generating method in more detail in the next subsection (Subsection C). When the exposed region is determined, the attack strategy plays important role to achieve an optimal attack effect under the incomplete information. In the research field of network robustness, there are many attack strategies proposed, such as random attack, degree-based attack, centrality-based attack, and mixed attack [45]- [49]. Among the many attack strategies, we in this paper adopt the most widely-used ''mixed attack strategy'' to evaluate the vulnerability and robustness of the MPTCP communication system. In this strategy, the attacker uses ''degree-based attack strategy'' to launch an attack against the paths within the exposed region R firstly, then uses ''random attack strategy'' to launch an attack against the paths within the unexposed region N. The principles of the mixed attack strategy used in this paper are as below:

i)
Firstly, all the paths in the exposed region R are attacked in turn according to their rank of importance. That is, the important paths will be attacked one by one. ii) After all the paths within the exposed region R are attacked, the paths within the unexposed region N are attacked again. For the paths in this region, a random attack strategy is adopted by the attacker to launch attack. iii) For any path in either the exposed region R or the unexposed region N, if it is attacked, it may experience timeout events (or path failures) and become unavailable, as a result, it can be deactivated and removed from the MPTCP communication system. The path deactivation rate (denoted as P d ) can be expressed by which H d is the number of paths deactivated by the MPTCP sender.

C. EXPOSED REGION GENERATING
The generating of exposed region R depends on how and to what extent an attacker already understands the network information of MPTCP communication system. Under the incomplete information condition, the more information the attacker obtained, the bigger value of R will be. To determine the exposed region, the breadth parameter (denoted as ξ ) and the precision parameter (denoted as ) of R should be first defined, • The breadth parameter ξ (ξ ∈ [0, 1]) represents the proportion of the number of paths in an exposed region to the number of all paths in the MPTCP communication system. Because that (ξ * n) corresponds to the size of the exposed region R, therefore, the value of ξ gets larger, the value of R becomes larger.
• The precision parameter ( ∈ [0, ∞]) reflects the precision of the important paths within the MPTCP communication system included into the exposed region. Based on both ξ and , the calculation of R can be transformed to a path sampling problem with unequal probabilities. Since the importance of an MPTCP path is related to the attacker's purpose of attacking the MPTCP communication system, therefore, in this paper, the more important the path within the MPTCP communication system is, the higher the probability of sampling. In MPTCP communication system, a path with a higher performance (such as, a higher bandwidth, a lower delay, and so on) generally means it has relatively more importance. In this paper, we adopt the most widely-used available bandwidth to reflect the importance of each MPTCP path. The available bandwidth estimation for each path within the MPTCP connection can by expressed by using the following equation [50], which Size packet is the packet size of each any MPTCP packet sent through path e i . C e i and RT T e i are the estimated available bandwidth and round-trip time of the path e i , respectively. To calculate the sampling probability for each MPTCP path, we should sort all the paths within the MPTCP communication system in descending order according to their own available bandwidth (C). Let κ i (κ i ∈ {1, 2, · · · , n}) be the order of path e i , and ψ i = κ − i be an auxiliary variable of path e i , then the sampling probability, sP i , can be defined as: Through the above equation, we can see that a MPTCP path with a larger value of C e i can be ranked a higher order and have a larger sampling probability, in other words, it can be more prone to be attacked. Based on per-path's sampling probability, we can extract N = (ξ * n) paths from E to generate an exposed region R and then use it to simulate an attack with incomplete information for the vulnerability evaluation of MPTCP.

A. SIMULATION TOPOLOGY
The performance evaluation of MPTCP under cyber attacks with incomplete information was carried out on NS-2 (Network Simulator 2 version 2.35) [51] in which the MPTCP patch [52] has already been embedded. The simulations considered an MPTCP-based heterogeneous communication system illustrated in Figure 3. The two MPTCP endhosts are connecting with each other through six asymmetric network paths (denoted as #1, #2, · · · , #6, respectively). The total simulation time is set to 60 seconds.

1) MPTCP PATH SETTINGS
All the six MPTCP paths are set with the same bandwidth (10 Mbps) but with different propagation delays in order to simulate a heterogeneous network condition. To this end, the propagation delay ranges of these paths are set with 10-20 milliseconds, 20-30 milliseconds, 30-40 milliseconds, 40-50 milliseconds, 50-60 milliseconds, and 60-70 milliseconds, respectively. The simulation parameters illustrated in Table 1 are utilized for configuring the six network paths. The other simulation parameters of the MPTCP protocol utilize the predefined values of the NS-2 MPTCP module.

2) PACKET LOSS MODEL
In the simulation, all the network access parts of the six paths are attached to two loss models, which are the uniform packet loss model and the 2-state Markov loss model (known as Gilbert loss model, it is a 2-state Markov chain-based framework widely used to predict infrequent continuous packet loss), in order to simulate the uniformly distributed packet drops caused by network congestion and the infrequent continuous packet drops caused by the wireless problems, respectively [4].

3) CYBER ATTACK SIMULATION
Moreover, considering the fact that an attacker in general attempts to disperse massive attack traffic to crash a target network [53], therefore, we simulate a path under attacking by removing the path from the multipath transmission. Any of the six paths can become the attack target and experience an attack. Taking a path #x (1 ≤ x ≤ 6) for example, if it suffers from an attack, it will become unavailable and be removed from the MPTCP communication system. How many or exactly which paths under attacking are decided by the breadth parameter ξ and the precision parameter , in order to simulate the cyber attacks with incomplete infor-  mation. All the attack actions begin at the 5.0 th second of simulation time, that is, a path can experience path removal after 5 seconds of simulation time if it is marked as ''attack target'' state.

B. SIMULATION RESULTS
In this section, in order to investigate the impact of cyber attacks, we evaluate the performance robustness of MPTCP under the conditions of no attack and cyber attacks, respectively. Furthermore, we apply cyber attacks with different precision parameters, breadth parameters and attack strategies to measure the presence of cyber attack with incomplete information affecting the robustness of MPTCP. We adopt the packet sending times and throughput to reflect the performance robustness of MPTCP since the two metrics are widely used to portray the characteristics of multipath transport protocols [54], [55].

1) THE EFFECT OF THE PRECISION PARAMETER ON MPTCP
In order to study the effect of the precision parameter on the performance robustness of MPTCP, we conduct three different test cases: MPTCP without any attacks, MPTCP under random attacks, and MPTCP under selective attacks. Figures 4 and 5 present the performance robustness comparison of MPTCP in terms of packet sending times (aka sending DSN (Data Sequence Number)) and throughput under the three different test cases, respectively. In order to better illustrate the effect of the precision parameter on the performance robustness of MPTCP, we assume that the breadth parameter ξ is a constant with a value of 1 6 , which means, there is only one path within the MPTCP connection to be attacked by either random attacks or selective attacks. When comparing the results of the three test cases, we can note that: (i) the ''MPTCP without any attacks'' case can achieve the highest performance in terms of both the packet sending times and the throughput, by simultaneously making use of all the paths for the transmission of MPTCP packets; (ii) in both the ''MPTCP under random attacks'' case and the ''MPTCP under selective attacks'' case, the performance robustness of MPTCP can be degraded with the presence of either random attacks or selective attacks, because that any one of the paths under attacks can cause the transmission interruptions in other paths; and (iii) the ''MPTCP under selective attacks'' case performs worse than the ''MPTCP under random attacks'' case in terms of packet sending times and throughput. This is because in the random attack mode, any path including an under-performing path which has the lowest importance in multipath transmission may become the attack target. While in the selective attack mode, the target path that performs the best and has the highest importance in the MPTCP communication system can be accurately attacked and become unavailable for data transmission.
The above results reveal that: (i) the presences of cyber attacks can affect the performance robustness of MPTCP in terms of either packet sending times or throughput; (ii) the selective attack can cause a greater impact on the performance robustness of MPTCP. Thereby, we can conclude that the precision parameter has an important role to play in the effectiveness of a cyber attack and thereby has significant impact (side-effect) on the performance robustness of MPTCP.

2) THE EFFECT OF THE BREADTH PARAMETER ξ ON MPTCP
To analyze the effect of the breadth parameter ξ on the performance robustness of MPTCP, we conduct six different test cases, which are MPTCP without any attacks, MPTCP under selective attacks with 1 target path, MPTCP under selective attacks with 2 target paths, MPTCP under random attacks with 3 target paths, MPTCP under selective attacks with 4 target paths, and MPTCP under selective attacks with 5 target paths. In order to better illustrate the effect of the breath parameter ξ on the performance robustness of MPTCP, we assume that the precision parameter is fixed, which means under the condition of attacks with incomplete information, the attacker fully knows partial paths' importance degree of the MPTCP communication system. Figures 6 and 7 portray the performance robustness comparison of MPTCP in terms of packet sending times and throughput under the six test cases, respectively. When comparing the results of the six test cases, we can note that the  performance robustness of MPTCP in any given case can decrease sharply at the start of attacks. In addition, we can also note that under the conditions of attacks, the ''MPTCP under selective attacks with 1 target path'' case performs the best performance, and the ''MPTCP under selective attacks with 5 target paths'' case performs the worst performance in terms of both the packet sending times and the throughput of MPTCP. This means, cyber attacks with different values of breadth parameters can cause variable levels of destruction on the performance robustness of MPTCP, and more precisely, the performance robustness of MPTCP can decrease as the breadth parameter ξ (namely the exposed region R) increases. Thereby, we can conclude that like the precision parameter, the breadth parameter also has an important role to play in the influence of cyber attacks on the performance robustness of MPTCP.

3) THE EFFECTS OF A MIXED ATTACK ON MPTCP WITH A GIVEN EXPOSED REGION R
We conduct a test scenario to investigate the performance robustness of MPTCP under attacks with a proper exposed VOLUME 8, 2020 region R and a mixed attack strategy. In this test scenario, it is assumed that the attacker ''knows'' the importance degree of four paths, and ''does not know'' the information of the other two paths (that is, the exposed region R is already given). Based on the given R, we implement a mixed attack strategy with the following principles to attack the MPTCP communication system: (i) firstly, the attacker attacks the MPTCP paths in the exposed region R in turn according to the importance degree of these paths (from the path with the highest importance degree to the one with the lowest importance degree, using the selective attack mode); (ii) after all MPTCP paths exposed region R are attacked and become unavailable, the MPTCP paths in the unexposed region N are attacked and removed in a random way (using the random attack mode). Figures 8 and 9 show the performance robustness comparison of MPTCP in terms of packet sending times and throughput under attacks with the given R and the mixed attack strategy. From the two result figures, we can note that both the packet sending times and the throughput of MPTCP are going to fall off a cliff and then decrease to zero sharply as all the six MPTCP paths are attacked one after another under the attacks with the mixed attack strategy. This is because that as all the paths within the MPTCP communication system become unavailable and quit from the multipath transmission one-byone, the structural robustness of the MPTCP communication system suffers from the total interruption of paths, and this causes serious damage to the performance robustness of the MPTCP communication system. Therefore, we can conclude that a cyber attack, even with incomplete information, can lead to a significant deterioration of performance robustness of MPTCP, through a proper attack strategy. In other words, the MPTCP communication systems are vulnerable to a cyber attack; even the attack can only obtain incomplete network information.

V. DISCUSSION
The objective of this paper is to introduce a cyber attack mode with incomplete information to MPTCP and provide a simulated study to show how robust the MPTCP is to the presence of cyber attacks with incomplete information. From the simulation results, we can note that the behaviors of cyber attacks can present an obvious impact on the robustness of MPTCP, and the impact degree depends on the precision parameters, breadth parameters and attack strategies of cyber attacks. We here discuss the limitations of our paper and highlight some interesting problems. We hope to attract more researchers to notice this topic and drive this research filed forward.
• In order to investigate the vulnerability and robustness of MPTCP, we simply consider that any one of the MPTCP paths can experience network failure when it suffers from cyber attacks, motivated by the reason that in a computer network, attackers usually exploit network vulnerabilities to disable a target  network [56]. Recently, many network security studies [57]- [60] have showed complex behaviors of cyber attacks that are necessary for realistic testing environments. The authors encourage more researchers to consider the cyber attack traffic with the real-world characteristics to investigate the vulnerability and robustness of MPTCP.
• It should be noted that there is no exact rule for measuring the robustness of MPTCP. We thus in this paper adopted the throughput and packet sending times as the metrics to analyze the performance robustness of MPTCP under cyber attacks. We argue that designing a rich set of metrics appropriated for MPTCP robust measurement is an interesting topic worth further study.

VI. CONCLUSION AND FUTURE WORK
With the promising feature of simultaneous transmission of data through multiple TCP connections, MPTCP is being considered as the transport technique of the popular choice for the modern multi-homed mobile devices, however, its multipathing paradigm may be likely to pose a risk of MPTCP being much more susceptible to cyber attacks, especially when the unlicensed wireless local area networks is used in multipath transmissions. Meanwhile, taking into account the fact that most cyber attacks normally would not have complete knowledge on the dynamic MPTCP communication systems, in this paper, we introduced an attack model with incomplete information to investigate the vulnerability and robustness of MPTCP, by using graph-theoretic and mathematical models to abstract and characterize the cyber attacks and the MPTCP communication system, respectively. By simulations, we explored how robust the MPTCP was to the presence of cyber attacks with incomplete information, and what was the performance penalty of MPTCP when the paths suffer from cyber attacks.
Our future work will apply the smart collaborative theory to MPTCP to build a ''smart collaborative MPTCP'' mode, in which all the network elements (i.e., transmission nodes and protocol stacks) can work in full cooperation, by inter-node collaborations and cross-layer activities, to possibly enhance the robustness of MPTCP under cyber attacks. It is worth noting that build a ''smart collaborative MPTCP'' is actually a significant challenge because of the diversity of network nodes, we will consider applying the promising Software Defined Network (SDN) technology to counteract the diversity of network nodes.   VOLUME 8, 2020