Robust random early detection

The existing Random Early Detection (RED) algorithm and its variants are found vulnerable to emerging attacks, especially the Low-rate Denial-of-Service (LDoS) attacks. Experiments have confirmed that the existing RED-like algorithms are notably vulnerable under LDoS attacks due to the oscillating TCP queue size caused by the attacks. Recent Publications in low-rate Denial-of-Service (DoS) attacks

A Robust RED (RRED) algorithm was proposed to improve the TCP throughput against LDoS attacks. The basic idea behind the RRED is to detect and filter out attack packets before a normal RED algorithm is applied to incoming flows. RRED algorithm can significantly improve the performance of TCP under Low-rate Denial-of-Service attacks. ^[1]

Recent Publications in Active Queue Management (AQM) schemes

A detection and filter block is added in front of a regular RED block on a router. The basic idea behind the RRED is to detect and filter out LDoS attack packets from incoming flows before they feed to the RED algorithm. How to distinguish an attacking packet from normal TCP packets is critical in the RRED design. More Details

RRED-ENQUE(pkt)

01 f←RRED-FLOWHASH(pkt)

02 Tmax←MAX(Flow[f].T1, T2)

03 if pkt.arrivaltime [Tmax, Tmax+T*] then

04 reduce local indicator by 1 for each bin corresponding to f

05 else

06 increase local indicator by 1 for each bin of f

07 Flow[f].I←maximum of local indicators from bins of f

08 if Flow[f].I >=0 then

09 RED-ENQUE(pkt) //pass pkt to the RED block

10 if RED drops pkt then

11 T2←pkt.arrivaltime

12 else

13 Flow[f].T1←pkt.arrivaltime

14 drop(pkt)

15 return

More Details