Title :
RECHOKe: A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks
Author :
Govindaswamy, Visvasuresh Victor ; Záruba, Gergely ; Balasekaran, G.
Author_Institution :
Texas A&M Univ. at Texarkana, Texarkana
Abstract :
In this paper, we are proposing a scheme called RECHOKe (REpeatedly CHOose and keep for malicious flows, REpeatedly CHOose and Kill for non-malicious flows) to be used for detecting, controlling and punishing of malicious flows in IP networks. It is an extension of xCHOKe, CHOKe and RED-PD schemes, combining both CHOKe hit and RED drop/mark histories, to detect, control and punish these flows more accurately while providing better protection to non-malicious flows. However, unlike xCHOKe and CHOKe, RECHOKe does not drop packets during CHOKe hits; thereby eliminating the complexity of dropping or marking randomly selected packets already queued and the unreliability of CHOKe hits. We analyze xCHOKe and RECHOKe in detail using ns-2 and show that RECHOKe performs better than RED, CHOKe and xCHOKe which are limited in what they can achieve as malicious flows get much more than their fair share and non-malicious flows get mistakenly penalized.
Keywords :
IP networks; telecommunication congestion control; telecommunication security; transport protocols; CHOKe hits; IP networks; RECHOKe scheme; RED-PD scheme; TCP-friendly flows; malicious flow control; malicious flow detection; malicious flow punishment; nonmalicious flows; xCHOKe scheme; Bandwidth; Computer networks; Computer science; Counting circuits; History; IP networks; Inductors; Performance analysis; Protection; Table lookup;
Conference_Titel :
Global Telecommunications Conference, 2007. GLOBECOM '07. IEEE
Conference_Location :
Washington, DC
Print_ISBN :
978-1-4244-1042-2
Electronic_ISBN :
978-1-4244-1043-9
DOI :
10.1109/GLOCOM.2007.11
