Skip to main content
SpringerLink
Log in

A dynamic quarantine scheme for controlling unresponsive TCP sessions

  • Published:
Telecommunication Systems Aims and scope Submit manuscript

Abstract

In addition to unresponsive UDP traffic, aggressive TCP flows pose a serious challenge to congestion control and stability of the future Internet. This paper considers the problem of dealing with such unresponsive TCP sessions that can be considered to collectively constitute a Denial-of-Service (DoS) attack on conforming TCP sessions. The proposed policing scheme, called HaDQ (HaTCh-based Dynamic Quarantine), is based on a recently proposed HaTCh mechanism, which accurately estimates the number of active flows without maintenance of per-flow states in a router. We augment HaTCh with a small Content Addressable Memory (CAM), called quarantine memory, to dynamically quarantine and penalize the unresponsive TCP flows. We exploit the advantage of the smaller, first-level cache of HaTCh for isolating and detecting the aggressive flows. The aggressive flows from the smaller cache are then moved to the quarantine memory and are precisely monitored for taking appropriate punitive action. While the proposed HaDQ technique is quite generic in that it can work with or without any AQM scheme, in this paper we have integrated HaDQ and an AQM scheme to compare it against some of the existing techniques. For this, we extend the HaTCh scheme to develop a complete AQM mechanism, called HRED.

Simulation-based performance analysis indicates that by using a proper configuration of the monitoring period and the detection threshold, the proposed HaDQ scheme can achieve a low false drop rate (false positives) of less than 0.1%. Comparison with two AQM schemes (CHOKe and FRED), which were proposed for handling unresponsive UDP flows, shows that HaDQ is more effective in penalizing the bandwidth attackers and enforcing fairness between conforming and aggressive TCP flows.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agilent (2001). Internet packet length distribution. http://advanced.comms.agilent.com/insight/2001-08/Questions/traffic_gen.htm.

  2. Akella, A., Seshan, S., Karp, R., Shenker, S., & Papadimitriou, C. (2002). Selfish behavior and stability of the Internet: A game theoretic analysis of TCP. In Proceedings of the ACM SIGCOMM, August 2002.

  3. Baccelli, F., Machiraju, S., Veitch, D., & Bolot, J. (2006). The role of PASTA in network measurement. In ACM SIGCOMM, Pisa, September 2006.

  4. CAIDA (2003). The cooperative association for Internet data analysis. http://www.caida.org.

  5. Cao, J., Cleveland, W., Lin, D., & Sun, D. (2002). Internet traffic tends toward Poisson and independent as the load increases. In D. Denison, M. Hansen, C. Holmes, B. Mallick, & B. Yu (Eds.), Nonlinear estimation and classification. New York: Springer.

    Google Scholar 

  6. Clark, D., & Jacobson, V. (1991). Flexible and efficient resource management for datagram networks. Unpublished manuscript, April 1991.

  7. Clark, D. D., & Fang, W. (1998). Explicit allocation of best-effort packet delivery service. IEEE/ACM Transactions on Networking, 6(4), 362–373.

    Article  Google Scholar 

  8. Crovella, M. E., & Bestavros, A. (1997). Self-similarity in World Wide Web traffic: Evidence and possible causes. IEEE/ACM Transactions on Networking, 5(6), 835–846.

    Article  Google Scholar 

  9. Ely, D., Spring, N., Wetherall, D., Savage, S., & Anderson, T. (2001). Robust congestion signaling. In Proceedings of the international conference on network protocols (ICNP) (pp. 332–341), November 2001.

  10. Estan, C., & Varghese, G. (2002). New directions in traffic measurement and accounting. In Proceedings of the ACM SIGCOMM, August 2002.

  11. Feng, W., Kandlur, D. D., Debanjan, S., & Shin, K. (2002). Stochastic fair blue—a queue management algorithm for enforcing fairness. In Proceedings of IEEE INFOCOM (pp. 1520–1529), April 2002.

  12. Floyd, S., & Fall, K. (1999). Promoting the use of end-to-end congestion control in the Internet. IEEE/ACM Transactions on Networking, 7(4), 458–472. ISSN 1063-6692.

    Article  Google Scholar 

  13. Floyd, S., & Jacobson, V. (1993). Random early detection gateways for congestion avoidance. IEEE/ACM Transactions on Networking, 1(4), 397–413.

    Article  Google Scholar 

  14. Floyd, S., Gummadi, F., & Shenker, S. (2001). Adaptive RED: an algorithm for increasing the robustness of RED’s active queue management. Available at http://www.icir.org/floyd.

  15. Gil, T. M., & Poletto, M. (2001). MULTOPS: a date-structure of bandwidth attack detection. In Proceedings of the USENIX, August 2001.

  16. Hollot, C. V., Liu, Y., Misra, V., & Towsley, D. (2003). Unresponsive flows and AQM performance. In Proceedings of IEEE INFOCOM (Vol. 1, pp. 85–95).

  17. Jacobson, V. (1988). Congestion avoidance and control. In Proceedings of the ACM SIGCOMM (pp. 314–329), August 1988.

  18. Kelly, F. P. (1997). Charging and rate control for elastic traffic. European Transactions on Telecommunications, 8, 33–37.

    Article  Google Scholar 

  19. Kelly, P.F., Maulloo, A. K., & Tan, D. K. H. (1998). Rate control for communication networks: shadow prices, proportional fairness and stability. Journal of the Operational Research Society, 49, 237–252.

    Article  Google Scholar 

  20. Kincaid, D., & Cheney, W. (2001). Numerical analysis: mathematics of scientific computing. ISBN 0-534-38905-8.

  21. Kumar, S., Crowley, P., & Turner, J. (2005). Buffer aggregation: Addressing queuing subsystem bottlenecks at high speeds. In 13th annual IEEE symposium on high performance interconnects, August 2005.

  22. Kunniyur, S., & Srikant, R. (2001). Analysis and design of an adaptive virtual queue (AVQ) algorithm for active queue management. In Proceedings of the ACM SIGCOMM (pp. 123–134), August 2001.

  23. Lin, D., & Morris, R. (1997). Dynamics of random early detection. In Proceedings of the ACM SIGCOMM (pp. 127–137), September 1997.

  24. Liu, Y., Gong, W., & Shenoy, P. (2001). On the impact of concurrent downloads. In Proceedings of the 2001 winter simulation conference (pp. 1300–1305), December 2001.

  25. Low, S. H., Paganini, F., Wang, J., Adlakha, S., & Doyle, J. C. (2002). Internet congestion control. In IEEE control systems magazine (pp. 28–43), February 2002.

  26. Mahajan, R., & Floyd, S. (2001). RED-PD: controlling high bandwidth flows at the congested router. In Ninth international conference on network protocols (pp. 192–201), November 2001.

  27. May, M., Bolot, J., Diot, C., & Lyles, B. (1999). Reasons not to deploy RED. In Proceedings of IWQoS (pp. 260–262), March 1999.

  28. Mellia, M., Stoica, I., & Zhang, H. (2002). TCP model for short lived flows. IEEE Comm. Letters, 6(2).

  29. Mo, J., La, R., Anantharam, V., & Walrand, J. (1999). Analysis and modeling of TCP Reno and Vegas. In Proceedings of IEEE INFOCOM (pp. 1556–1563), March 1999.

  30. NS2. Network Simulator v2.26 (2003). On-line document. Available from http://www.isi.edu/nsnam.

  31. Ott, T., Lakshman, T., & Wong, L. (1999). SRED: Stabilized RED. In Proceedings of IEEE INFOCOM (pp. 1346–1355), March 1999.

  32. Padhye, J., Firoiu, V., Towsley, D., & Kurose, J. (1998). Modeling TCP throughput: a simple model and its empirical validation. In Proceedings of the ACM SIGCOMM (pp. 632–637), August 1998.

  33. Pan, R., Prabhakar, B., & Psounis, K. (2000). CHOKe—a stateless active queue management scheme for approximating fair bandwidth allocation. In Proceedings of IEEE INFOCOM (pp. 942–951), March 2000.

  34. Pan, R., Breslau, L., Prabhakar, B., & Shenker, S. (2003). Approximate fairness through differential dropping. SIGCOMM Computer Communication Review, 33(2), 23–39.

    Article  Google Scholar 

  35. Park, K., Kim, G., & Crovella, M. (1997). On the effect of traffic self-similarity on network performance. In Proceedings of the SPIE international conference on performance and control of network systems (pp. 296–310), November 1997.

  36. Paxson, V. (1997). End-to-end routing behavior in the Internet. IEEE/ACM Transactions on Networking, 5(5), 601–615.

    Article  Google Scholar 

  37. Paxson, V., & Floyd, S. (1995). Wide area traffic: the failure of Poisson modeling. IEEE/ACM Transactions on Networking, 3(3), 226–244.

    Article  Google Scholar 

  38. Savage, S., Cardwell, N., Wetherall, D., & Anderson, T. (1999). TCP congestion control with a misbehaving receiver. SIGCOMM Computer Communication Revue, 29(5), 71–78.

    Article  Google Scholar 

  39. Schulzrinne, H. (2008). Long-term traffic statistics. http://www.cs.columbia.edu/~hgs/internet/traffic.html.

  40. Shu, J., & Varaiya, P. (2003). Pricing network services. In Proceedings of IEEE INFOCOM, April 2003.

  41. Turner, J. (1986). New directions in communications, or which way to the information age? IEEE Communication Magazine, 24, 8–15.

    Article  Google Scholar 

  42. Yi, S. (2005). QoS provisioning in the Internet using flow estimation. PhD thesis, Pennsylvania State University, University Park, PA 16802, May 2005.

  43. Yi, S., Deng, X., Kesidis, G., & Das, C. R. (2008). Technique for estimating the number of active flows in high speed networks. ETRI Journal, 30(2). Special issue on NGN Transport and Control Technologies

Download references

Author information

Authors and Affiliations

  1. Information Security Research Division, Electronics and Telecommunications Research Institute, Daejeon, 305-700, Korea

    Sungwon Yi

  2. Dept. of Electrical and Computer Engineering, St. Cloud State University, St. Cloud, MI, 563011-4498, USA

    Xidong Deng

  3. Dept. of Computer Science and Engineering, The Pennsylvania State University, University Park, PA, 16802, USA

    George Kesidis & Chita R. Das

Authors
  1. Sungwon Yi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xidong Deng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. George Kesidis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chita R. Das
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Sungwon Yi.

Additional information

This research was supported in part by NSF grants CCR-9900701, CCR-0098149, EIA-0202007 and CCR-0208734.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Yi, S., Deng, X., Kesidis, G. et al. A dynamic quarantine scheme for controlling unresponsive TCP sessions. Telecommun Syst 37, 169–189 (2008). https://doi.org/10.1007/s11235-008-9104-2

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11235-008-9104-2

Keywords

Search

Navigation