To search, Click below search items.


All Published Papers Search Service


Defending Against High-Bandwidth Traffic Aggregates


Takanori Komatsu, Akira Namatame


Vol. 7  No. 2  pp. 243-250


Network flows should adjust their sending rates to avoid a congestion collapse. Congestion collapses can be mitigated using improved packet scheduling based on a crowd control or an active queue management. However, the problem is associated with dynamic conditions such as underlying network topology, network load, and the reactions of transport protocols to congestion. Therefore, we have to evaluate what type of control mechanisms can solve this problem most effectively. The research aim of this paper is to evaluate the effectiveness of the congestion control schemes. Adaptive flows adjust the rate, while unresponsive flows do not respond to congestion and keep sending packets. Unresponsive flows waste resources by taking their share of the upstream links of a domain and dropping packets later when the downstream links are congested. For instance, random early detection (RED) exemplifies this class of algorithms. A router only maintains a simple FIFO queue for all traffic flow and drops the arriving packet randomly during congestion. The probability to drop a packet increases with the queue length. By keep the output queue size small, RED can reduce the delay time for most of the traffic flow. However, RED cannot penalize the misbehaving traffic flows. We evaluate, the congestion control schemes such ach Drop Tail, RED, CHOKe, and ACC with push back using unresponsive flows and in presence of short and long-lived background traffic. We use several network topologies to identify unresponsive flows that cause packet drops in other flows. We also simulate how various queuing algorithms implemented in a network router perform during an attack, and whether legitimate users can obtain desired service. The simulations show CHOKe and ACC with push back are successful in providing bandwidth requested by the legitimate user during DDoS attack.


DDoS attack, complex network, bandwidth control.