Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Robust Random Early Detection (RRED)

No description
by

Hans Henrik

on 18 November 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Robust Random Early Detection (RRED)

Robust Random Early Detection (RRED)
Random Early Detection (RED)
Low-rate Denial of Service (LDoS) attacks
Robust Random Early Detection (RRED)
Queueing discipline
Main goal:
Provide congestion avoidance
How:
Control average queue size
Low-rate
Denial-of-Service
(LDoS) attacks
Robust Random Early Detection
(RRED)
Proposed algorithm to improve TCP throughput against LDoS attacks
Conclusion
H. H. Grønsleth
14031693

Outline
Random Early Detection (RED)
Ta:
attack period,
Tb:
attack burst duration,
Rb:
attack burst rate
Relatively easy to detect due to attacker's high rate
Goal:
Make TCP flow repeatedly enter retransmission timeout (RTO) state by sending high-rate (Rb), short-duration bursts (Tb), and repeating this periodically (Ta)
Problem
RED-like algorithms vulnerable to attacks that causes oscillating TCP queue size [1]
Counter-DoS mechanisms tuned for high rate attacks [4]
References
[1] Zhang, C. et al. 2010,
RRED: robust RED algorithm to counter low-rate denial-of-service attacks
, Web. 17 Nov 2014 <http://ieeexplore.ieee.org/xpls/icp.jsp?arnumber=5456075>

[2] Floyd, S. et al. 1993,
Random early detection gateways for congestion avoidance
, Web. 17 Nov 2014 <http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=251892>

[3] Wikipedia,
Random early detection
, Web. 17 Nov 2014 <http://en.wikipedia.org/wiki/Random_early_detection>

[4] Kuzmanovic, A. et al. 2003,
Low-Rate TCP-Targeted Denial of Service Attacks
, Web. 17 Nov 2014 <http://www.cs.northwestern.edu/~akuzma/rice/doc/shrew.ppt>
[3]
[1]
[1]
Benign vs. malicious
TCP flows
Benign:
new packets delayed if loss is detected
Malicious:
new packets sent within a short-range after packet is dropped
[1]
f
.T1:
arrival time of last the packet from flow
f
that is dropped by the D&F block
T2:
arrival time of the last packet from
any
flow that is dropped by the RED block
Tmax
= max(
f
.T1, T2)
T*
is a short time period (10ms based on simulation results)
RED-like algorithms
Good for congestion control
Not designed to handle LDoS-like attacks
RRED algorithm
Uses arrival time intervals to mark TCP flows before feeding packets to RED algorithm
Outperforms existing RED-like algorithms during simulated LDoS attacks
Further research
Make
T*
adaptive
Possible UDP issues
[1]
Solution?
Full transcript