Defending Against High-Bandwidth Traffic Aggregates
نویسندگان
چکیده
Network flows should adjust their sending rates to avoid a congestion collapse. Congestion collapses can be mitigated using improved packet scheduling based on a crowd control or an active queue management. However, the problem is associated with dynamic conditions such as underlying network topology, network load, and the reactions of transport protocols to congestion. Therefore, we have to evaluate what type of control mechanisms can solve this problem most effectively. The research aim of this paper is to evaluate the effectiveness of the congestion control schemes. Adaptive flows adjust the rate, while unresponsive flows do not respond to congestion and keep sending packets. Unresponsive flows waste resources by taking their share of the upstream links of a domain and dropping packets later when the downstream links are congested. For instance, random early detection (RED) exemplifies this class of algorithms. A router only maintains a simple FIFO queue for all traffic flow and drops the arriving packet randomly during congestion. The probability to drop a packet increases with the queue length. By keep the output queue size small, RED can reduce the delay time for most of the traffic flow. However, RED cannot penalize the misbehaving traffic flows. We evaluate, the congestion control schemes such ach Drop Tail, RED, CHOKe, and ACC with push back using unresponsive flows and in presence of short and long-lived background traffic. We use several network topologies to identify unresponsive flows that cause packet drops in other flows. We also simulate how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired service. The simulations show CHOKe and ACC with push back are successful in providing bandwidth requested by the legitimate user during DDoS attack.
منابع مشابه
Defending Against Denial of Service Attacks and other High- Bandwidth Traffic Aggregates Conversion Report for Ph.D. Candidature
متن کامل
TCP trunking for bandwidth management of aggregate traffic
TCP trunking is a novel way of applying TCP congestion control to bandwidth management of aggregate traffic. This is accomplished by setting up a separate TCP connection to probe network congestion, and then using the TCP connection’s congestion control to regulate the bandwidth usage of the aggregate traffic. TCP trunking offers several advantages in managing bandwidth of aggregate traffic. It...
متن کاملMulti-class Traffic Morphing for Encrypted VoIP Communication
In a re-identification attack, an adversary analyzes the sizes of intercepted encrypted VoIP packets to infer characteristics of the underlying audio— for example, the language or individual phrases spoken on the encrypted VoIP call. Traffic morphing has been proposed as a general solution for defending against such attacks. In traffic morphing, the sender pads ciphertext to obfuscate the distr...
متن کاملProtection against Denial of Service Attacks : Attack Detection
Denial of Service (DoS) is a prevalent threat in today's networks because DoS attacks are easy to launch, while defending a network resource against them is disproportionately difficult. Despite the extensive research in recent years, DoS attacks continue to harm, as the attackers adapt to the newer protection mechanisms. There is an emerging need for the traffic processing capability of networ...
متن کاملAutomatic Bandwidth Adjustment for Content Distribution in MPLS Networks
Aggregates of real-time traffic may experience changes in their statistical characteristics often manifesting non stationary behavior. In multi protocol label switching (MPLS) networks this type of the traffic is assigned constant amount of resources. This may result in ineffective usage of resources when the load is below than expected or inappropriate performance when the load is higher. In t...
متن کامل