|
The existing [[Randomrandom Earlyearly Detectiondetection]] (RED) algorithm and its variants are found vulnerable to emerging attacks, especially the [http://sites.google.com/site/cwzhangres/home/files/RREDRobustREDAlgorithmtoCounterLow-rateDenial-of-ServiceAttacks.pdf?attredirects=0 Low-rate Denial-of-Service] (LDoS) attacks. Experiments have confirmed that the existing RED-like algorithms are notably vulnerable under LDoS attacks due to the oscillating TCP queue size caused by the attacks.<ref name=RRED>Changwang Zhang, Jianping Yin, Zhiping Cai, and Weifeng Chen, [http://sites.google.com/site/cwzhangres/home/files/RREDRobustREDAlgorithmtoCounterLow-rateDenial-of-ServiceAttacks.pdf?attredirects=0 RRED: Robust RED Algorithm to Counter Low-rate Denial-of-Service Attacks], IEEE Communications Letters, vol. 14, pp. 489-491, 2010. [http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=5456075 Ref]</ref>
A Robust RED (RRED) algorithm was proposed to improve the TCP throughput against LDoS attacks. The basic idea behind the RRED is to detect and filter out attack packets before a normal RED algorithm is applied to incoming flows. RRED algorithm can significantly improve the performance of TCP under Low-rate [[Denial denial-of-service Serviceattack]] attackss.<ref name="RRED"/>
==The Design of Robust RED (RRED)==
A detection and filter block is added in front of a regular RED block on a router. The basic idea behind the RRED is to detect and filter out LDoS attack packets from incoming flows before they feed to the RED algorithm. How to distinguish an attacking packet from normal TCP packets is critical in the RRED design.
==The Algorithm of the Robust RED (RRED)==
*''f.T1'' is the arrival time of the last packet from flow ''f'' that is dropped by the detection and filter block.
*''f.T1T2'' is the arrival time of the last packet from any flow ''f'' that is dropped by the detection[[random early anddetection]] filter(RED) block.
*''Tmax = max(f.T1, T2)''. ▼
*''T2T*'' is thea arrivalshort time ofperiod, thewhich lastis packetempirically fromchoose any flow that isto droppedbe by10ms thein [[Randoma Earlydefault Detection]]RRED blockalgorithm.
▲''Tmax = max(f.T1, T2)''.
''T*'' is a short time period, which is empirically choose to be 10ms in a default [[RRED]] algorithm.
<nowiki>
==The Simulation code of the Robust RED (RRED)==
The simulation code of the RRED algorithm is published as an [[ Activeactive Queuequeue Managementmanagement]] and [[ Denialdenial-of- Serviceservice attack]] (AQM&DoS) Simulationsimulation Platformplatform. The [http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform AQM&DoS Simulation Platform] is able to simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Activeactive Queuequeue Managementmanagement (AQM) algorithms ([[ Randomrandom Earlyearly Detectiondetection|RED]], RRED, SFB, etc.). It automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms.[http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform More Details] ▼
▲The simulation code of the RRED algorithm is published as an [[Active Queue Management]] and [[Denial-of-Service]] (AQM&DoS) Simulation Platform. The [http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform AQM&DoS Simulation Platform] is able to simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Active Queue Management (AQM) algorithms ([[Random Early Detection|RED]], RRED, SFB, etc.). It automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms.[http://sites.google.com/site/cwzhangres/home/posts/aqmdossimulationplatform More Details]
==Related Publications==
| 