Академический Документы
Профессиональный Документы
Культура Документы
). As shown in Fig.
1,
), but
short-duration bursts (
], in which
= (.
1
,
2
). If the arrival time of an incoming
packet from ow falls into this range, the packet is suspected
to be an attacking packet. Note that
1
is ow specic while
2
is global, which capture the fundamental characteristics of
an LDoS attack ow and the global impact of the attack on
the whole network, respectively.
A proper value should be chosen for
to be 10ms, which
works quite well for diverse LDoS attacks, as will be seen
in Section IV. Our future work is to design a mechanism that
can adaptively change
on the y.
Fig. 3 shows the pseudo codes of the RRED algorithm.
We have implemented the RRED algorithm in C. Anyone
interested in the code can contact the authors. In Fig. 3,
denotes an incoming packet; is the ow index hashed using
s source-destination address pair via function
().
A router may receive packets from potentially numerous
ows whereas we need to keep
1
and for each ow. To
solve this problem we use Bloom-lters technique that is simi-
lar to SFB [3]. The Bloom lters in our RRED implementation
are constructed with levels with each level containing
()
1: ()
2:
([].
1
,
2
)
3: if . [
] then
4: 1
5: else
6: 1
7: end if
8: [].
9: if []. >= 0 then
10: () //
11: if then
12:
2
.
13: end if
14: else
15: [].
1
.
16: ()
17: end if
18: return
Fig. 3. Pseudo codes of the RRED algorithm.
bins. Each level has an independent hash function. A ow is
mapped to a total of bins, each in one level. Specically,
an -tuple (
1
,
2
, ...,
(s)
(ms)
(Mbps)
Set one [0.2, 2] 200 0.25
Set two 1 [0, 600] 0.25
Set three 1 200 [0.1, 0.5]
as SFB [3] for comparison, and
is chosen empirically.
The RED we employ here is based on packet count rather
than packet byte, which is more sensitive to the small packets
of LDoS attack ows. The other parameters of the AQM
algorithms are all NS-2 default values.
For the three parameters of the LDoS attack, we choose
1
are most effective.
is set as
0.25Mbps so that the aggregate
of 20 attackers is equal
to the bottleneck bandwidth of the network (5Mbps). With
these three parameters, we conduct three sets of experiments to
evaluate and compare the performance of the AQM algorithms.
For each set, we x two values and vary the other value (see
Table I). For example, for set one, we vary
from 0.2 to 2
while xing
and
or
increases.
Further experiments show that the false positive of RRED
on bursty but non malicious HTTP ows is less than 2% when
we x
=1,
=200 and