ETRI-Knowledge Sharing Plaform



논문 검색
구분 SCI
연도 ~ 키워드


학술지 A Dynamic Quarantine Scheme for Controlling Unresponsive TCP Sessions
Cited 13 time in scopus Download 6 time Share share facebook twitter linkedin kakaostory
이성원, Xidong Deng, George Kesidis, Chita R. Das
Telecommunication Systems, v.37 no.4, pp.169-189
08MS2100, Network 위협의 Zero-Day Attack 대응을 위한 실시간 공격 Signature 생성 및 관리 기술개발, 장종수
In addition to unresponsive UDP traffic, aggressive TCP flows pose a serious challenge to congestion control and stability of the future Internet. This paper considers the problem of dealing with such unresponsive TCP sessions that can be considered to collectively constitute a Denial-of-Service (DoS) attack on conforming TCP sessions. The proposed policing scheme, called HaDQ (HaTCh-based Dynamic Quarantine), is based on a recently proposed HaTCh mechanism, which accurately estimates the number of active flows without maintenance of per-flow states in a router. We augment HaTCh with a small Content Addressable Memory (CAM), called quarantine memory, to dynamically quarantine and penalize the unresponsive TCP flows. We exploit the advantage of the smaller, first-level cache of HaTCh for isolating and detecting the aggressive flows. The aggressive flows from the smaller cache are then moved to the quarantine memory and are precisely monitored for taking appropriate punitive action. While the proposed HaDQ technique is quite generic in that it can work with or without any AQM scheme, in this paper we have integrated HaDQ and an AQM scheme to compare it against some of the existing techniques. For this, we extend the HaTCh scheme to develop a complete AQM mechanism, called HRED. Simulation-based performance analysis indicates that by using a proper configuration of the monitoring period and the detection threshold, the proposed HaDQ scheme can achieve a low false drop rate (false positives) of less than 0.1%. Comparison with two AQM schemes (CHOKe and FRED), which were proposed for handling unresponsive UDP flows, shows that HaDQ is more effective in penalizing the bandwidth attackers and enforcing fairness between conforming and aggressive TCP flows. © 2008 Springer Science+Business Media, LLC.
KSP 제안 키워드
Congestion control, Content-addressable memory(CAM), Detection threshold, False positive, Performance analysis, TCP flows, UDP traffic, denial of service(DoS), drop rate, future internet