DDoS攻击下拥塞控制算法的改进

2009 International Conference on Computational Intelligence and Software Engineering Pub Date : 2009-12-28 DOI:10.1109/CISE.2009.5365324

Haina Hu, Lin Yao

{"title":"DDoS攻击下拥塞控制算法的改进","authors":"Haina Hu, Lin Yao","doi":"10.1109/CISE.2009.5365324","DOIUrl":null,"url":null,"abstract":"DDoS flows that do not cut down their sending rates after their packets are dropped will hog the buffer space at routers and deprive all other flows of their fair share of bandwidth. Based on the network behavior, this paper studies the defense mechanism of DDoS from the aspect of congestion control. And in the simulation environment of DDoS, this paper studies the RED (Random Early Detection) algorithm that is a congestion control strategy based on routers. Simulation results show that RED provides little protection from high bandwidth flows that take much wide bandwidth, which can result in extreme unfairness among per-flow. Based on the viewpoint, we put forward further improvement for the mechanism of congestion control based on routers. KeywordsDDoS; Random Early Detection; Congestion Control; NS","PeriodicalId":135441,"journal":{"name":"2009 International Conference on Computational Intelligence and Software Engineering","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-12-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":"{\"title\":\"Improvement for Congestion Control Algorithms under DDoS Attacks\",\"authors\":\"Haina Hu, Lin Yao\",\"doi\":\"10.1109/CISE.2009.5365324\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"DDoS flows that do not cut down their sending rates after their packets are dropped will hog the buffer space at routers and deprive all other flows of their fair share of bandwidth. Based on the network behavior, this paper studies the defense mechanism of DDoS from the aspect of congestion control. And in the simulation environment of DDoS, this paper studies the RED (Random Early Detection) algorithm that is a congestion control strategy based on routers. Simulation results show that RED provides little protection from high bandwidth flows that take much wide bandwidth, which can result in extreme unfairness among per-flow. Based on the viewpoint, we put forward further improvement for the mechanism of congestion control based on routers. KeywordsDDoS; Random Early Detection; Congestion Control; NS\",\"PeriodicalId\":135441,\"journal\":{\"name\":\"2009 International Conference on Computational Intelligence and Software Engineering\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-12-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"2\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 International Conference on Computational Intelligence and Software Engineering\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CISE.2009.5365324\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 International Conference on Computational Intelligence and Software Engineering","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CISE.2009.5365324","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

摘要

如果DDoS流在丢包后不降低其发送速率，则会占用路由器的缓冲空间，并剥夺所有其他流的公平带宽份额。本文基于网络行为，从拥塞控制的角度研究了DDoS的防御机制。在DDoS仿真环境下，研究了基于路由器的拥塞控制策略RED (Random Early Detection，随机早期检测)算法。仿真结果表明，对于占用大量带宽的高带宽流，RED提供的保护很少，这可能导致每个流之间的极度不公平。在此基础上，提出了基于路由器的拥塞控制机制的进一步改进。KeywordsDDoS;随机早期检测;拥塞控制;NS

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Improvement for Congestion Control Algorithms under DDoS Attacks

DDoS flows that do not cut down their sending rates after their packets are dropped will hog the buffer space at routers and deprive all other flows of their fair share of bandwidth. Based on the network behavior, this paper studies the defense mechanism of DDoS from the aspect of congestion control. And in the simulation environment of DDoS, this paper studies the RED (Random Early Detection) algorithm that is a congestion control strategy based on routers. Simulation results show that RED provides little protection from high bandwidth flows that take much wide bandwidth, which can result in extreme unfairness among per-flow. Based on the viewpoint, we put forward further improvement for the mechanism of congestion control based on routers. KeywordsDDoS; Random Early Detection; Congestion Control; NS

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2009 International Conference on Computational Intelligence and Software Engineering

自引率

0.00%

发文量