Robust random early detection
Encyclopedia
The existing Random Early Detection
(RED) algorithm and its variants are found vulnerable to emerging attacks, especially the Low-rate Denial-of-Service (LDoS) attacks. Experiments have confirmed that the existing RED-like algorithms are notably vulnerable under LDoS attacks due to the oscillating TCP queue size caused by the attacks.
A Robust RED (RRED) algorithm was proposed to improve the TCP throughput against LDoS attacks. The basic idea behind the RRED is to detect and filter out attack packets before a normal RED algorithm is applied to incoming flows. RRED algorithm can significantly improve the performance of TCP under Low-rate Denial of Service attacks.
Within a benign TCP flow, the sender will delay sending new packets if loss is detected (e.g., a packet is dropped). Consequently, a packet is suspected to be an attacking packet if it is sent within a short-range after a packet is dropped. This is the basic idea of the detection algorithm of Robust RED (RRED).
More Details
T2 is the arrival time of the last packet from any flow that is dropped by the Random Early Detection
block.
Tmax = max(f.T1, T2).
T* is a short time period, which is empirically choose to be 10ms in a default RRED algorithm.
RRED-ENQUE(pkt)
01 f←RRED-FLOWHASH(pkt)
02 Tmax←MAX(Flow[f].T1, T2)
03 if pkt.arrivaltime is within [Tmax, Tmax+T*] then
04 reduce local indicator by 1 for each bin corresponding to f
05 else
06 increase local indicator by 1 for each bin of f
07 Flow[f].I←maximum of local indicators from bins of f
08 if Flow[f].I >=0 then
09 RED-ENQUE(pkt) //pass pkt to the RED block
10 if RED drops pkt then
11 T2←pkt.arrivaltime
12 else
13 Flow[f].T1←pkt.arrivaltime
14 drop(pkt)
15 return
More Details
and Denial-of-Service (AQM&DoS) Simulation Platform. The AQM&DoS Simulation Platform is able to simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Active Queue Management (AQM) algorithms (RED, RRED, SFB, etc.). It automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms.More Details
Recent Publications in Random Early Detection (RED) schemes
Recent Publications in Active Queue Management (AQM) schemes
Random early detection
Random early detection , also known as random early discard or random early drop is an active queue management algorithm. It is also a congestion avoidance algorithm....
(RED) algorithm and its variants are found vulnerable to emerging attacks, especially the Low-rate Denial-of-Service (LDoS) attacks. Experiments have confirmed that the existing RED-like algorithms are notably vulnerable under LDoS attacks due to the oscillating TCP queue size caused by the attacks.
A Robust RED (RRED) algorithm was proposed to improve the TCP throughput against LDoS attacks. The basic idea behind the RRED is to detect and filter out attack packets before a normal RED algorithm is applied to incoming flows. RRED algorithm can significantly improve the performance of TCP under Low-rate Denial of Service attacks.
The Design of Robust RED (RRED)
A detection and filter block is added in front of a regular RED block on a router. The basic idea behind the RRED is to detect and filter out LDoS attack packets from incoming flows before they feed to the RED algorithm. How to distinguish an attacking packet from normal TCP packets is critical in the RRED design.Within a benign TCP flow, the sender will delay sending new packets if loss is detected (e.g., a packet is dropped). Consequently, a packet is suspected to be an attacking packet if it is sent within a short-range after a packet is dropped. This is the basic idea of the detection algorithm of Robust RED (RRED).
More Details
The Algorithm of the Robust RED (RRED)
f.T1 is the arrival time of the last packet from flow f that is dropped by the detection and filter block.T2 is the arrival time of the last packet from any flow that is dropped by the Random Early Detection
Random early detection
Random early detection , also known as random early discard or random early drop is an active queue management algorithm. It is also a congestion avoidance algorithm....
block.
Tmax = max(f.T1, T2).
T* is a short time period, which is empirically choose to be 10ms in a default RRED algorithm.
RRED-ENQUE(pkt)
01 f←RRED-FLOWHASH(pkt)
02 Tmax←MAX(Flow[f].T1, T2)
03 if pkt.arrivaltime is within [Tmax, Tmax+T*] then
04 reduce local indicator by 1 for each bin corresponding to f
05 else
06 increase local indicator by 1 for each bin of f
07 Flow[f].I←maximum of local indicators from bins of f
08 if Flow[f].I >=0 then
09 RED-ENQUE(pkt) //pass pkt to the RED block
10 if RED drops pkt then
11 T2←pkt.arrivaltime
12 else
13 Flow[f].T1←pkt.arrivaltime
14 drop(pkt)
15 return
More Details
The Simulation code of the Robust RED (RRED)
The simulation code of the RRED algorithm is published as an Active Queue ManagementActive Queue Management
In Internet routers, active queue management is a technique that consists in dropping or ECN-marking packets before a router's queue is full.-Queue management:...
and Denial-of-Service (AQM&DoS) Simulation Platform. The AQM&DoS Simulation Platform is able to simulate a variety of DoS attacks (Distributed DoS, Spoofing DoS, Low-rate DoS, etc.) and Active Queue Management (AQM) algorithms (RED, RRED, SFB, etc.). It automatically calculate and record the average throughput of normal TCP flows before and after DoS attacks to facilitate the analysis of the impact of DoS attacks on normal TCP flows and AQM algorithms.More Details
Related Publications
Recent Publications in Low-rate Denial-of-Service (LDoS) attacksRecent Publications in Random Early Detection (RED) schemes
Recent Publications in Active Queue Management (AQM) schemes