Packet filtering for congestion control under DoS attacks

Author

Hu, Yen-Hung ; Choi, Hongsik ; Choi, Hyeong-Ah

Author_Institution

Dept. of Comput. Sci., George Washington Univ., DC, USA

fYear

2004

fDate

8-9 April 2004

Firstpage

3

Lastpage

18

Abstract

Congestion control in IP networks is typically done at each router through queue management, and the network is entirely dependent on the end hosts to react congestion. However, when misbehaving flows exist and continue to send their packets in very high rates, the queue management schemes implemented in current IP routers reveal a significant shortcoming in protecting legitimate flows. Here, we propose a novel scheme for congestion control in IP networks. Our approach is a time-window based filtering mechanism implemented in a router and processed before a queue management policy is applied. Setting the window size properly and dropping packets reaching in the next window can catch the nonresponsive nature of misbehaving flows. The performance of our proposed scheme is demonstrated through extensive simulations using the NS2, simulator using a set of simulated traffic generated based on IP traces reported in http://www.nlnar.org.

Keywords

IP networks; packet switching; security of data; telecommunication congestion control; telecommunication network routing; telecommunication traffic; DoS attack; IP network; IP router; congestion control; packet filtering; queue management; simulated traffic; time-window based filtering mechanism; Bandwidth; Communication system traffic control; Computer network management; Computer science; Filtering; IP networks; Protection; Scheduling algorithm; Tail; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Information Assurance Workshop, 2004. Proceedings. Second IEEE International

Print_ISBN

0-7695-2117-7

Type

conf

DOI

10.1109/IWIA.2004.1288034

Filename

1288034