RRED: robust RED algorithm to counter low-rate denial-of-service attacks

  title={RRED: robust RED algorithm to counter low-rate denial-of-service attacks},
  author={Changwang Zhang and Jianping Yin and Zhiping Cai and Weifeng Chen},
  journal={IEEE Communications Letters},
The existing Random Early Detection (RED) algorithm and its variants are found vulnerable to emerging attacks, especially the Low-rate Denial-of-Service (LDoS) attacks. [...] Key Result The results show that, compared to existing RED-like algorithms, the RRED algorithm nearly fully preserves the TCP throughput in the presence of LDoS attacks.Expand
Performance Analysis of RED & Robust RED
Active Queue Management is a way to control Congestion. The existing RED (Random Early Detection) Active Queue Management algorithm and its variants are found vulnerable to emerging LDoS attacks. TheExpand
Using CPR Metric to Detect and Filter Low-Rate DDoS Flows
A new version of the CPR-based approach is proposed to overcome the tradeoff between high TCP throughput while under attack and good fairness performance for new legitimate TCP flows in normal times. Expand
A TCP-friendly AQM algorithm to mitigate low-rate DDoS attacks
Theoretical analysis and simulation results show that the proposed fair robust random early detection FRRED algorithm can effectively preserve TCP throughput and significantly improve fairness among TCP flows to mitigate various LDDoS attacks. Expand
Low Rate Denial of Service (LDoS) attack – A Survey
Denial Of service (DoS) attacks has become a major problem to intranet and Internet services. DoS attacks can be detected and eliminated using existing efficient Active Queue Management (AQM) schemesExpand
Study of Low Rate Denial of Service ( LDoS ) attacks on Random Early Detection ( RED )
Volume 3, Issue 6, November-December 2014 Page 33 Abstract RED Active Queue Management is designed to avoid congestion by controlling the average queue size. However a malicious flow cannot beExpand
Active Queue Management Algorithm to Counter DDoS Attacks
The results show that the RSFB algorithm is highly robust, can well preserve the TCP throughput in the presence of DDoS attacks, and obviously over performs the existing AQM algorithms when facingDDoS attacks. Expand
Techniques for Improving Performance of the CPR-Based Approach
Simulation results show that modifications to the CPR-based approach to detect and filter low-rate distributed denial-of-service (LDDoS) attacks can increase performance significantly. Expand
FRRED: Fourier robust RED algorithm to detect and mitigate LDoS attacks
As most of consumer electronics are connected to the Internet, network attacks can cause massive damage and loss of data to the users. By sending periodic packet bursts to bottleneck routers,Expand
Simulation and Analysis of LDoS Attacks
Based on the simulation of low-rate denial-of-service on NS2 platform, the defense performance of queue management mechanism itself is analyzed to count the LDoS attack. Expand
Half-Droptail: Algorithm to Mitigate LDoS Attacks
This paper proposed the Half-Droptail algorithm by changing parameter on the queue management algorithm, and the results show that the algorithm can effectively improve the defense performance of algorithm itself. Expand


Low-rate TCP-targeted denial of service attacks and counter strategies
It is shown that maliciously chosen low-rate DoS traffic patterns that exploit TCP's retransmission timeout mechanism can throttle TCP flows to a small fraction of their ideal rate while eluding detection. Expand
A router-based technique to mitigate reduction of quality (RoQ) attacks
This work proposes a router-based technique to mitigate the stealthy reduction of quality (RoQ) attacks at the routers in the Internet and shows that it can successfully detect and mitigate RoQ attacks even with the source and destination IP addresses spoofed. Expand
Defending against flooding-based distributed denial-of-service attacks: a tutorial
Various DDoS attack methods are described, and a longer-term solution that attempts to intercept attack packets in the Internet core, well before reaching the victim is discussed, dubbed the Internet-firewall approach. Expand
Exploiting the transients of adaptation for RoQ attacks on Internet resources
It is shown that a well orchestrated attack could introduce significant inefficiencies that could potentially deprive a network element from much of its capacity, or significantly reduce its service quality, while evading detection by consuming an unsuspicious, small fraction of that element's hijacked capacity. Expand
Random Early Detection Gateways for Congestion Avoidance
This paper presents a scheme to implement congestion control at the gateway nodes. The superiority of such a scheme (congestion control at gateways) over end-to-end congestion control comes from theExpand
Controlling high-bandwidth flows at the congested router
Red-PD (Random Early Detection-Preferential Dropping) is presented, a mechanism that combines simplicity and protection by keeping state for just the high-bandwidth flows by using the packet drop history at the router to detect high- bandwidth flows in times of congestion and preferentially drops packets from these flows. Expand
An adaptive virtual queue (AVQ) algorithm for active queue management
It is shown that AVQ can be implemented as a simple token bucket using only a few lines of code, and compared with several well-known AQM schemes such as RED, REM, Proportional Integral (PI) controller, and a nonadaptive virtual queue algorithm. Expand
Stochastic fair blue: a queue management algorithm for enforcing fairness
  • W. Feng, D. Kandlur, D. Saha, K. Shin
  • Computer Science
  • Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213)
  • 2001
Stochastic fair blue (SFB), a novel technique for enforcing fairness among a large number of rows, is shown to effectively handle non-responsive flows using an extremely small amount of state information. Expand
Fully pipelined bloom filter architecture
This letter analytically shows that the expected power consumption and latency of the fully pipelined Bloom filter architecture will not be greater than that of the two hash functions and two clock cycles, respectively, however large the number of hash functions is. Expand