Automatically Segregating Greedy and Malicious Internet Flows

In the current Internet, compliance with TCP congestion control rules is voluntary. Noncompliant flows can gain unfair performance advantages or deny service to other flows. We propose a scheme that automatically detects and segregates noncompliant flows and preserves network availability for compliant flows. Our scheme requires modifications only in access routers and is incrementally deployable. Experiments demonstrate that our scheme is effective and has acceptable overhead.

[1]  Sally Floyd,et al.  Promoting the use of end-to-end congestion control in the Internet , 1999, TNET.

[2]  Dawn Xiaodong Song,et al.  SIFF: a stateless Internet flow filter to mitigate DDoS flooding attacks , 2004, IEEE Symposium on Security and Privacy, 2004. Proceedings. 2004.

[3]  George Varghese,et al.  Efficient fair queueing using deficit round-robin , 1996, TNET.

[4]  B. Barden Recommendations on queue management and congestion avoidance in the Internet , 1998 .

[5]  Heejo Lee,et al.  On the effectiveness of route-based packet filtering for distributed DoS attack prevention in power-law internets , 2001, SIGCOMM '01.

[6]  Qi He,et al.  On the predictability of large transfer TCP throughput , 2005, SIGCOMM '05.

[7]  Jon Postel,et al.  Transmission Control Protocol , 1981, RFC.

[8]  Craig Partridge,et al.  Hash-based IP traceback , 2001, SIGCOMM.

[9]  V. Jacobson,et al.  Congestion avoidance and control , 1988, CCRV.

[10]  Zheng Wang,et al.  An Architecture for Differentiated Services , 1998, RFC.

[11]  Stephen E. Deering,et al.  Path MTU discovery , 1990, RFC.

[12]  Roch Guérin,et al.  Predicting TCP throughput from non-invasive network sampling , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[13]  Donald F. Towsley,et al.  Modeling TCP throughput: a simple model and its empirical validation , 1998, SIGCOMM '98.

[14]  José Carlos Brustoloni,et al.  Protecting electronic commerce from distributed denial-of-service attacks , 2002, WWW.

[15]  Jörg Widmer,et al.  TCP Friendly Rate Control (TFRC): Protocol Specification , 2003, RFC.

[16]  Henning Schulzrinne,et al.  The Loss-delay Based Adjustment Algorithm: a Tcp-friendly Adaptation Scheme , 1998 .

[17]  Anna R. Karlin,et al.  Network support for IP traceback , 2001, TNET.

[18]  Anna R. Karlin,et al.  Practical network support for IP traceback , 2000, SIGCOMM.

[19]  Paul Ferguson,et al.  Network Ingress Filtering: Defeating Denial of Service Attacks which employ IP Source Address Spoofing , 1998, RFC.

[20]  David L. Black,et al.  An Architecture for Differentiated Service , 1998 .