Professional Documents
Culture Documents
Red 4 PDF
Red 4 PDF
being able to deliver a single packet. Thus the throughput incoming flow is considered. It has been proved that,
of TCP is reduced to near zero due to LDoS attack[3]. variation in buffer size has an impact on LDoS attacks [8].
Problems Associated with LDoS Attack: Larger the buffer size gives out higher probability in
According to Aleksandar Kuzmanovic and Edward W. detecting the LDoS attacks. The proposed testing scheme
Knightly[4] the main threats put forward by LDoS are as is that within a time out of the flow, the buffer size must
follows: come back to size L, which is an optimum size considered
• Low-rate DoS attacks degrade the performance of else it is suspected that the attacking packets are not
both short and long lived TCP traffic. filtered out and again the detection process is carried out.
• IF RTT of packets are low then effect of attack is 5. PREFERENTIAL DROPPING RED (RED-
more. PD)
• Low-rate periodic packets can be very harmful to RED-PD proposes partial flow-based mechanism that
short-RTT TCP traffic. combines simplicity and protection by keeping state for
• Both network-routers an end-point-based mechanism just the high-bandwidth flows. RED-PD [10] uses the
can only reduce, but not eliminate the attack. packet drop history at the router to detect high-bandwidth
LDoS attack disrupts internet routing: Ying Zhang et flows in times of congestion and preferentially drop
al. showed that LDoS attack can disrupt Internet routing packets from these flows. Flows are identified when their
[5]. According to them low-rate TCP targeted DoS attacks arrival rate is more than the target bandwidth T.
have a significant effect on the Border Gateway Protocol Probabilistically implementing dropping on these
(BGP). BGP is the critical infrastructure for monitored flows their bandwidth is kept below T at times
communication reachability information across the global of congestion. RED-PD is successful in detecting Denial
Internet. But if LDoS attack occurs, then BGP routing of Service attacks, but cannot prevent LDoS attack.
sessions can be reset leading to delay in routing. This will CHOKe: CHOose and Keep for responsive flows and
in turn effect routing stability and network reachability. CHOose and Kill for Unresponsive Flows aims to
• LDoS Attacking Application Servers: GabrielMaci´a- approximate max-min fairness for the flows that pass
Fern´andez et al, studied how LDoS attack effects through the congested router. When a packet arrives at a
Application Servers [6]. The LDoS attack tries to congested router, CHOKe draws a packet random from the
consume the resources of the target server with only FIFO queue, and compares it within coming packet. If
low-rate traffic so that most of the server protection they both belong to the same flow they both are dropped,
mechanisms are bypassed. else the randomly chosen packet is kept intact and the
• LDoS Attack on Monoprocess Servers: Vulnerability arriving packet is allowed in to the RED queue with a
in monoprocess or mono threaded servers due to probability depending on the level of congestion[11].
LDoS attack is studied in [7].Low rate feature makes RED-FT: RED with Flow Trust (RED-FT) using
the attack less vulnerable to detection by current networks flow characteristics to ensure the legitimate
Intrusion Detection Systems, which usually expect users’ communications and the fairness of the queue as
high rate traffic. If intruder can get knowledge about much as possible. In other words, It introduce the
cycle time of server he can accurately build the attack. networks flow trust as an important decision-making
This attack threatens the application level by making factor of AQM and improve the robustness of previous
the server engaged with serving intruder requests. algorithms. A router monitors network flows and
4. EXISTING METHODS TO PROTECT calculates flows trust values, which are used for the
RED FROM LDOS ATTACK relevant queue management. Malicious flows would be
Researchers have proposed some methods to protect RED with lower trust values while legitimate flows would be
from LDoS attack, among which some of them use partial with higher ones[12].
state flow analysis where as others use per flow analysis. RRED-PD: ROBUST PREFERENTIAL DROPPING
Per-flow scheduling mechanisms provide max-min RED removes LDoS attack from initially identified high
fairness but are more complex, keeping track of all flows bandwidth consuming flows. By using partial flow
going through the router. Robust Red (RRED): RRED analysis we are able to prevent the attack[s].It is
introduced in [13] is considered as a variant of RED that combination of Robust Red (RRED) and Preferential
can effectively throttle LDoS attack. It adds a LDoS Dropping RED (RED-PD).In this method to detect LDoS
packet detection and filtering mechanism before RED attack only partial flow analysis is needed because by
block to filter out all attacking packets before they feed to using RED-PD, a max-min fairness of bandwidth is
RED. An incoming packet from flow is suspected to be an obtained among different flows, and only the high
attacking packet if it arrives within a short-range after a bandwidth consuming flows need to be monitored[14].
packet from f that is dropped by the detection and filter
block or after a packet from any flow that is dropped by
the RED block. Hence it uses per-flow analysis to detect
attack. Robust RED with Testing: Additional to the
detection and filtering mechanism of RRED a testing
phase [9] is added. In the testing phase, buffer space of the