Performance analysis of TCP/AQM under Low-Rate Denial-of-Service Attacks

The interactions between Active Queue Management (AQM) algorithms and TCP have been extensively investigated in the last few years. However, majority of the studies are conducted without considering the consequences of different attacks on TCP flows. This research work aims to investigate the performance of TCP flows under Low-Rate Denial-of-Service (LDoS) attacks. In particular, we have performed diverse LDoS experiments by varying critical experimental parameters in order to evaluate their effects on the performance of TCP under droptail and four other AQM algorithms. Simulation results indicate that an LDoS attack with short attack duration of ≈ 0.5 seconds produces more effective outcomes for the attacker as compared to the finding previously reported. Furthermore, the results reveal that droptail and PI are highly robust compared to the other three AQM schemes. RED was designed to bring major improvements over the simple droptail algorithm. However, simulation results show that the simple droptail algorithm outperforms RED in all of the three experiments. On the other hand, the Adaptive Virtual Queue (AVQ) algorithm shows the worst performance in the presence of LDoS attack.

[1]  Oliver W. W. Yang,et al.  Self-tuning PI TCP flow controller for AQM routers with interval gain and phase margin assignment , 2004, IEEE Global Telecommunications Conference, 2004. GLOBECOM '04..

[2]  Robert Tappan Morris,et al.  Dynamics of random early detection , 1997, SIGCOMM '97.

[3]  Steven H. Low,et al.  REM: active queue management , 2001, IEEE Network.

[4]  Sammy Chan,et al.  A comparative simulation study of TCP/AQM systems for evaluating the potential of neuron-based AQM schemes , 2014, J. Netw. Comput. Appl..

[5]  Xiapu Luo,et al.  On a New Class of Pulsing Denial-of-Service Attacks and the Defense , 2005, NDSS.

[6]  N. Nosovic,et al.  Performance comparison of active queue management algorithms , 2012, 2012 20th Telecommunications Forum (TELFOR).

[7]  R. Srikant,et al.  An adaptive virtual queue (AVQ) algorithm for active queue management , 2004, IEEE/ACM Transactions on Networking.

[8]  Lukas Kencl,et al.  Bandwidth allocation for non-responsive flows with active queue management , 2002, 2002 International Zurich Seminar on Broadband Communications Access - Transmission - Networking (Cat. No.02TH8599).

[9]  Hyuk Lim,et al.  Analysis and design of the virtual rate control algorithm for stabilizing queues in TCP networks , 2004, Comput. Networks.

[10]  Chunming Qiao,et al.  Advances in Active Queue Management (AQM) Based TCP Congestion Control , 2004, Telecommun. Syst..

[11]  Mina Guirguis,et al.  Exploiting the transients of adaptation for RoQ attacks on Internet resources , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[12]  Deborah Estrin,et al.  Recommendations on Queue Management and Congestion Avoidance in the Internet , 1998, RFC.

[13]  Mathieu Robin,et al.  An evaluation framework for active queue management schemes , 2003, 11th IEEE/ACM International Symposium on Modeling, Analysis and Simulation of Computer Telecommunications Systems, 2003. MASCOTS 2003..

[14]  Chita R. Das,et al.  Stabilized virtual buffer (SVB) - an active queue management scheme for Internet quality-of-service , 2002, Global Telecommunications Conference, 2002. GLOBECOM '02. IEEE.

[15]  Donald F. Towsley,et al.  On designing improved controllers for AQM routers supporting TCP flows , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[16]  Rayadurgam Srikant,et al.  The Mathematics of Internet Congestion Control , 2003 .

[17]  David K. Y. Yau,et al.  Defending against low-rate TCP attacks: dynamic detection and protection , 2004, Proceedings of the 12th IEEE International Conference on Network Protocols, 2004. ICNP 2004..

[18]  Donald F. Towsley,et al.  A control theoretic analysis of RED , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[19]  QUTdN QeO,et al.  Random early detection gateways for congestion avoidance , 1993, TNET.

[20]  T. Bhaskar Reddy,et al.  Performance Comparison of Active Queue Management Techniques , 2008 .

[21]  Rayadurgam Srikant,et al.  The Mathematics of Internet Congestion Control (Systems and Control: Foundations and Applications) , 2004 .

[22]  Yang Hong,et al.  Design of TCP traffic controllers for AQM routers based on phase margin specification , 2004, 2004 Workshop on High Performance Switching and Routing, 2004. HPSR..

[23]  Kang G. Shin,et al.  Stochastic fair blue: a queue management algorithm for enforcing fairness , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[24]  Aleksandar Kuzmanovic,et al.  Low-rate TCP-targeted denial of service attacks and counter strategies , 2006, TNET.

[25]  Kang G. Shin,et al.  The BLUE active queue management algorithms , 2002, TNET.

[26]  Xiapu Luo,et al.  Performance analysis of TCP/AQM under denial-of-service attacks , 2005, 13th IEEE International Symposium on Modeling, Analysis, and Simulation of Computer and Telecommunication Systems.

[27]  R. Srikant,et al.  Analysis and design of an adaptive virtual queue (AVQ) algorithm for active queue management , 2001, SIGCOMM '01.