Title :
Packet filtering for congestion control under DoS attacks
Author :
Hu, Yen-Hung ; Choi, Hongsik ; Choi, Hyeong-Ah
Author_Institution :
Dept. of Comput. Sci., George Washington Univ., DC, USA
Abstract :
Congestion control in IP networks is typically done at each router through queue management, and the network is entirely dependent on the end hosts to react congestion. However, when misbehaving flows exist and continue to send their packets in very high rates, the queue management schemes implemented in current IP routers reveal a significant shortcoming in protecting legitimate flows. Here, we propose a novel scheme for congestion control in IP networks. Our approach is a time-window based filtering mechanism implemented in a router and processed before a queue management policy is applied. Setting the window size properly and dropping packets reaching in the next window can catch the nonresponsive nature of misbehaving flows. The performance of our proposed scheme is demonstrated through extensive simulations using the NS2, simulator using a set of simulated traffic generated based on IP traces reported in http://www.nlnar.org.
Keywords :
IP networks; packet switching; security of data; telecommunication congestion control; telecommunication network routing; telecommunication traffic; DoS attack; IP network; IP router; congestion control; packet filtering; queue management; simulated traffic; time-window based filtering mechanism; Bandwidth; Communication system traffic control; Computer network management; Computer science; Filtering; IP networks; Protection; Scheduling algorithm; Tail; Traffic control;
Conference_Titel :
Information Assurance Workshop, 2004. Proceedings. Second IEEE International
Print_ISBN :
0-7695-2117-7
DOI :
10.1109/IWIA.2004.1288034
