RECHOKe: A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks

RECHOKe: A Scheme for Detection, Control and Punishment of Malicious Flows in IP Networks

In this paper, we are proposing a scheme called RECHOKe (REpeatedly CHOose and keep for malicious flows, REpeatedly CHOose and Kill for non-malicious flows) to be used for detecting, controlling and punishing of malicious flows in IP networks. It is an extension of xCHOKe, CHOKe and RED-PD schemes,...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Hauptverfasser: Govindaswamy, V.V., Zaruba, G., Balasekaran, G.
Format: Tagungsbericht
Sprache:eng
Schlagworte:
Bandwidth
Computer networks
Computer science
Counting circuits
History
Inductors
IP networks
Performance analysis
Protection
Table lookup
Online-Zugang:Volltext bestellen
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:In this paper, we are proposing a scheme called RECHOKe (REpeatedly CHOose and keep for malicious flows, REpeatedly CHOose and Kill for non-malicious flows) to be used for detecting, controlling and punishing of malicious flows in IP networks. It is an extension of xCHOKe, CHOKe and RED-PD schemes, combining both CHOKe hit and RED drop/mark histories, to detect, control and punish these flows more accurately while providing better protection to non-malicious flows. However, unlike xCHOKe and CHOKe, RECHOKe does not drop packets during CHOKe hits; thereby eliminating the complexity of dropping or marking randomly selected packets already queued and the unreliability of CHOKe hits. We analyze xCHOKe and RECHOKe in detail using ns-2 and show that RECHOKe performs better than RED, CHOKe and xCHOKe which are limited in what they can achieve as malicious flows get much more than their fair share and non-malicious flows get mistakenly penalized.
ISSN:1930-529X
2576-764X
DOI:10.1109/GLOCOM.2007.11