Packet Filtering for Congestion Control under DoS Attacks

Authors:
Yen-Hung Hu;Hongsik Choi;Hyeong-Ah Choi
Affiliations:
-;-;-
Venue:
IWIA '04 Proceedings of the Second IEEE International Information Assurance Workshop (IWIA'04)
Year:
2004

Citing 9
Cited 3

Improving round-trip time estimates in reliable transport protocols

SIGCOMM '87 Proceedings of the ACM workshop on Frontiers in computer communications technology
A generalized processor sharing approach to flow control in integrated services networks: the single-node case

IEEE/ACM Transactions on Networking (TON)
Random early detection gateways for congestion avoidance

IEEE/ACM Transactions on Networking (TON)
On the self-similar nature of Ethernet traffic (extended version)

IEEE/ACM Transactions on Networking (TON)
Efficient fair queueing using deficit round robin

SIGCOMM '95 Proceedings of the conference on Applications, technologies, architectures, and protocols for computer communication
Dynamics of random early detection

SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Explicit allocation of best-effort packet delivery service

IEEE/ACM Transactions on Networking (TON)
Promoting the use of end-to-end congestion control in the Internet

IEEE/ACM Transactions on Networking (TON)
Core-stateless fair queueing: a scalable architecture to approximate fair bandwidth allocations in high-speed networks

IEEE/ACM Transactions on Networking (TON)

Protecting information infrastructure from DDoS attacks by MADF

International Journal of High Performance Computing and Networking
Safeguard information infrastructure against DDoS attacks: experiments and modeling

CANS'05 Proceedings of the 4th international conference on Cryptology and Network Security
DDoS defense mechanisms: a new taxonomy

DPM'09/SETOP'09 Proceedings of the 4th international workshop, and Second international conference on Data Privacy Management and Autonomous Spontaneous Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Congestion control in IP networks is typically done ateach router through queue management, and the networkis entirely dependent on the end hosts to react congestion.However, when misbehaving flows exist and continue tosend their packets in very high rates, the queue managementschemes implemented in current IP routers reveal a significantshortcoming in protecting legitimate flows. In this paper,we propose a novel scheme for congestion control in IPnetworks. Our approach is a time-window based filteringmechanism implemented in a router and processed beforea queue management policy is applied. Setting the windowsize properly and dropping packets reaching in the next windowcan catch the non-responsive nature of misbehavingflows. The performance of our proposed scheme is demonstratedthrough extensive simulations using the NS2 simulatorusing a set of simulated traffic generated based on IPtraces reported in http://www.nlnar.org.