Visualization servers that subscribe to live intelligence
topics face adversarial traffic: malformed payloads (poison),
bursts (flood), and stale replays. Heavy cryptographic defenses are effective but often incompatible with latency and
interoperability constraints. We ask: how far can we get
with two pragmatic controls—envelope checks and per-source
quota—before resorting to heavyweight machinery?
We make three contributions: (1) a broker-agnostic harness
that injects attacks and measures end-to-end metrics; (2) an
evaluation of defense combinations across SNR/load grids;
(3) actionable guidance for engineering viz paths that remain
robust under fire.
II. THREAT MODEL
We consider adversaries capable of: (i) poison—sending syntactically well-formed but semantically harmful payloads; (ii)
flood—transmitting bursts that exhaust buffers; (iii) replay—resending previously valid messages. Defenses: envelope checks
enforces schema, type, range, and length; per-source quota
caps per-source ingress with sliding windows.