Defending Against LDoS Attacks Using Fair AQM

Full Text (PDF, 135KB), PP.59-64

Views: 0 Downloads: 0

Author(s)

Bianqin Wang 1,* Shunzheng Yu 1

1. Sun Yat-sen University, Guangzhou Higher Education Mega Center, China

* Corresponding author.

DOI: https://doi.org/10.5815/ijwmt.2011.06.09

Received: 5 Sep. 2011 / Revised: 11 Oct. 2011 / Accepted: 14 Nov. 2011 / Published: 15 Dec. 2011

Index Terms

LDoS attacks, FRED, CHOKe, fairness

Abstract

According to the instant high rate and high intensity of LDoS attacks, this paper explores using fair queue management mechanism to mitigate their effect. We perform simulation experiments to evaluate the performance of fair AQM FRED and CHOKe under LDoS attacks. The simulation results show that they are able to reduce the impact of the attacks in various degrees. FRED outperforms CHOKe in throttling the attacks, but it is slightly inferior to CHOKe in time performance.

Cite This Paper

Bianqin Wang,Shunzheng Yu,"Defending Against LDoS Attacks Using Fair AQM", IJWMT, vol.1, no.6, pp.59-64, 2011. DOI: 10.5815/ijwmt.2011.06.09

Reference

[1]A Kuzmanovic, EW Knightly. Low-rate TCP-targeted denial of service attacks. //Proceedings of ACM SIGCOMM 2003, Karlsruhe, Germany, 2003:75~86.

[2]A Kuzmanovic, EW Knightly. Low-rate TCP-targeted denials of service attacks and counter strategies. IEEE/ACM Transactions on Networking, 2006, 14(4):683~696.

[3]X Luo, RCK Chang. On a new class of pulsing denial-of-service attacks and the defense //Proceedings of NDSS 2005, San Diego, CA, 2005.

[4]M Guirguis, A Bestavros, I Matta. Exploiting the transients of adaptation for RoQ attacks on Internet resources. //Proceedings of ICNP 2004, Berlin, Germany, 2004:184~195.

[5]M Guirguis, A Bestavros, I Matta, et al. Reduction of Quality (RoQ) attacks on Internet end-systems. //Proceedings of IEEE INFOCOM 2005, Miami, Florida, 2005, 2:1362~1372.

[6]H Sun, JCS Lui, DKY Yau. Distributed mechanism in detecting and defending against the low-rate TCP attack. Computer Networks, 2006, 50(13):2312~2330.

[7]Y Chen, K Hwang. Collaborative detection and filtering of shrew DDoS attacks using spectral analysis. Journal of Parallel and Distributed Computing, 2006, 66(9):1137~1151.

[8]B Braden, D Clark. IETF RFC2309 Recommendations on queue management and congestion avoidance in the Internet. 1998.

[9]S Floyd, V Jacobson. Random early detection gate way for congestion avoidance. IEEE/ACM Transactions on Networking, 1993, 1(4):397~413.

[10]D Lin, R Morris. Dynamics of Random Early Detection. ACM SIGCOMM’97, 1997, 127~137.

[11]R Pan, B Prabhankar, K Psounis. CHOKe: Stateless Active Queue Management Scheme for Approximating Fair Bandwidth Allocation. IEEE INFOCOM 2000, Mar, 2000, 2:942-951.

[12]Network Simulator version 2 (NS2). http://www.isi.edu/nsnam/ns/.

[13]K Thompson, GJ Miller, R Wilder. Wide-area Internet traffic patterns and characteristics. IEEE Network, 1997, 11(6):10~23.