URED: Upper Threshold RED an Efficient

Congestion Control Algorithm

Chandni M Patel Computer Engineering Department

Government Engineering College, Sector-28, Gandhinagar

Gujarat, India

patel_chandni@ymail.com

Abstract— Recently many prominent web sites face so called

Distributed Denial of Service Attacks (DDoS). DDoS attacks are a

virulent, relatively new type of attack on the availability of

Internet services and resources. To avoid denigration most of the

commercial sites do not expose that they were attacked that is the

biggest challenges of the researchers. Network congestion caused

by DDoS attack can be managed by AQM (Active queue

Management).Random Early Detection (RED) is one of the most

prominent congestion avoidance schemes in the Internet routers.

To overcome the limitations of the basic RED algorithm,

researchers proposed several variants of RED. Our aim is to

design an efficient congestion control algorithm to defend against

the DDoS flood attack using existing algorithm Random Early

Detection (RED) by solving some problems in existing RED. In

this research we propose an algorithm, with minimal changes to

the overall RED algorithm which provides effective solution to

avoid congestion collapse of network services by introducing new

threshold Uth(Upper Threshold). Our proposed algorithm in

URED (Upper threshold RED).Simulation is done in NS- 2.35

simulator environment. Simulation results show that our new

URED algorithm gives better performance than RED and

Adaptive RED. Comparisons are done in terms of total average

throughput, total packet drops, and average packet drops. It will also increase adaptability of RED.

Keywords- URED algorithm, DDoS, RED algorithm, Adaptive RED algorithm, AQM, Packet Drops, Throughput

I. INTRODUCTION

An aim of an internet is to provide scalable, open [1] and secured network. Confidentiality, authentication, message integrity and non repudiation are the basic aspects of the internet security. Distributed denial of service (DDoS) attack targets the availability of services on the Internet. It is one kind of Denial of service attack. High bandwidth traffic aggregates may occur during times of flooding based DDoS attack.[2] This can make network congested and bring servers down with huge packets. DDoS flows that do not cut down their sending rates after their packets are dropped.[3]The defence mechanism of DDoS is one the aggregate based congestion control. Active

Queue Management (AQM) algorithms are the key technology of congestion control.[3]

The main focus on this research is to study Random Early Detection (RED) congestion control algorithms and also to provide effective solution to avoid congestion collapse of network services. We propose new algorithm using existing RED algorithm. We introduced new threshold Uth(Upper Threshold) and have modified RED algorithm. Simulation is done in NS 2.35 simulator. Simulation results are compared with RED and Adaptive RED with our proposed URED algorithm. Results are in terms of throughput and packet drops.

This paper is organized as follows. Chapter II gives the basic idea about DDoS attack while chapter III describes basic RED algorithm, RED drop function, and problems in RED. In chapter IV our proposed algorithm and URED packet Drop function is explained. Chapter V simulation results and comparisons are shown. Chapter VI is the conclusion of the research and Chapter VII is the references used for this research.

II. RELATED WORK

DDoS attacks are a virulent, relatively new type of attack on the availability of Internet services and resources.[4] DDoS attacks are highly distributed, well coordinated, offensive assaults on services, hosts, and infrastructure of the Internet. Effective defensive countermeasures to DDoS attacks will require equally sophisticated, well coordinated, monitoring, analysis, and response.[5]

A malicious host controls large number of zombies which causes network congestion due to DDoS attack. Congestion control algorithm RED is used for congestion management. The RED algorithm is a representative AQM algorithm, and is also the only candidate algorithm recommended by RFC2309. The ability of AQM to detect incipient congestion and convey congestion notification to the end-hosts enables the sources to reduce their sending rates prior to buffer overflow. ECN is used in conjunction with AQM for signaling congestion to sources using packet marking instead of dropping packets.[6]

IEEE - 31661

4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India

The basic idea of RED congestion control mechanism is to estimate the probability of packet marking for the realization of early notification on the calculation of the average queue length.[7] RED gateways keep the average queue size low while allowing occasional bursts of packets in the queue.[8] There are still some drawbacks in RED algorithm. Some improved RED algorithms are such as ARED, FRED, SRED and etc.[7]It is little bit difficult to set configuration parameters of RED to keep network environment stable. Theoretical analysis and simulation results all show that the packet loss and throughput are better that RED and ARED.

III. BASIC RED ALGORITHM

RED can detect congestion by monitoring the average queue length of the output of router, and randomly chooses

connections to notify congestion once the average queue length

is close to congestion. The core of RED is to calculate the

average queue length from the current queue length by the

EWMA (Exponentially Weighted Moving Average)[7].The

average length of the queue is calculated as: [7]

(1)

The formula for temporary packet discard probability of RED

is expressed as : [7]

(2)

Where max p is the largest packet drop probability. Formula

(2) shows the packet discard probability that depends upon the

value of the average queue length. Following Figure 1 shows

the RED drop function.

Figure 1. RED Drop Function

A. Problems in RED

RED performance is sensitive to the number of competing

sources/flows. Its is highly sensitive to its parameter settings. In RED, at least 4 parameters, namely, maximum threshold (maxth), minimum threshold (minth), maximum packet

dropping probability (maxp), and weighting factor (wq), have to be properly set.RED performance is sensitive to the packet size. With RED, wild queue oscillation is observed when the traffic load changes.[9]

IV. PROPOSED URED ALGORITHM

In our algorithm we have introduced new Threshold Uth(Upper threshold) for better use of buffer space, to queue more packets which reduces packet drops due to constant packet drop probability pa is 1 when average queue size is greater than maxth. As in RED and other enhanced RED algorithm pa increases linearly up to packet dropping probability maxp. If average queue size goes greater than maxth then pa is set to 1 and all incoming packets are dropped. In order to get full advantage of the queue buffer packet drop-probability is calculated by another linear function when average queue size reaches between maxth threshold and Uth threshold.

Following is the pseudo code of the URED algorithm with Upper threshold (Uth):

Initialization: avg = 0; count = - 1 For each packet arrival Calculate the new average queue size avg; if the queue is non empty avg = (1 – wq) *avg + wq * q else m = f(time – q_time) avg = ( 1- wq)

m * avg if Minth ≤ avg ≤ Maxth increment count calculate probability Pa Pb = Maxp(avg – Minth)/(Maxth – Minth) Pa = Pb(1- count *Pb) With Probability Pa: Mark the arriving Packet Count =0 else if Maxth ≤ avg < Uth Increment count Calculate probability Pa Pb = (1 - Maxp)*((avg – Maxth)/(Uth – Maxth)) Pa = Pb(1- count *Pb) With Probability Pa: Mark the arriving Packet count = 0 else if Uth ≤ avg < BS Drop the packet count =0 else count = - 1 When queue becomes empty q_time = time Saved Variables: avg : average queue size q_time : start of the queue ideal time count : packets since last marked packet BS : Buffer size

IEEE - 31661

4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India

Fixed Parameters : wq : queue weight Minth : Minimum Threshold Maxth : Maximum Threshold < Half of the BS Uth : Upper Threshold < 3/4th of the BS Maxp : Maximum Value for Pb Pa : Current packet marking probability q : Instantaneous queue size t : time f(t) : Linear function of time t At normal flow buffer is empty and average queue size

becomes zero. The performance of RED is highly dependent on the thresholds. Most of the threshold selection strategies are based on the simulations and network condition. The problem with these approaches is that they might be good for a particular traffic condition and could give worse result under different traffic situation caused by DDoS flood attack. Initially set Maxth = 2 * Minth and Uth will be 4* of the minth will be is set and Uth < ¾ th of the Buffer Size according to rule of thumb.[10]

When average queue size is between maxth and Uth packet drop probability using our derived equation and packet is marked with probability pb.

Pb = (1 - Maxp)*((avg – Maxth)/(Uth – Maxth)) (3) Pa = Pb(1- count *Pb) (4)

In the existing RED algorithm packet marking probability is directly set to 1 when average size reaches to the maxth so all the incoming packets are marked and dropped with probability 1 hence buffer space is wasted. For better buffer space utilization we have introduced new threshold Uth. In our proposed algorithm buffer space is utilized effectively, this will improve the performance of RED.

Following Figure: 2 shows the packet drop function of URED algorithm

Figure 2. URED Packet Drop Function

V. SIMULATION AND RESULTS

The software NS 2.35 is adopted for network simulation.

Following table gives the simulation parameters in details. Graphs are generated using X-graph utility.

TABLE I: SIMULATION TABLE

Network Parameters

The number of nodes 22

The number of links 22

Average hop number 25

Net bandwidth 10[Mbps]

Normal Users 20

No. of attackers 05

Normal Scenario No. of

attackers

0

Link delay 5 [ms]

Queue RED,Droptail

Queue size 100[packets]

Simulation Duration 120 Sec

User Flow Starts 15 Sec

Attacker flow 30- 100 Sec

Experimental network topology map is shown below.

Simulation is done in five different scenarios with different thresholds. Scenario 1(Minth 10 Maxth 30 Uth 60 ),Scenario 2 (Minth 15 Maxth 45 Uth 75), Scenario 3 (Minth 8 Maxth 32 Uth 64),Sceanrio 4(Minth 12 Maxth 36 Uth 72), Scenario 5(Minth 16 Maxth 32 Uth 64).All the simulation are done with RED, Adaptive RED and URED algorithm. Results are compared in terms of Throughput and Packet drops. Figure 3 show the network scenario in normal flow where node 0 is the RED router and node 2 is the sink node and node 1 is the intermediate node other nodes are the user nodes.

Figure 3. Simulation Network in Normal Flow

IEEE - 31661

4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India

Below Figure 4 shows the network scenario in attack flow where red colored squared nodes are the attacker nodes.

Figure 4. Simulation network in Attack Flow

Figure 5 Throughput in Normal Flow 1

Above Figure 5 shows the throughput comparisons of RED,ARED and URED in normal scenario 1.Throughput is measured in kbps(kilobytes per second).

Figure 6 Packet Drops in Normal Flow 1

Above Figure6 shows the packet drops comparisons of RED, ARED and URED in normal Scenario 1.Graph shows total number of packets are dropped per second.

TABLE II THROUGHPUT COMPARISONS IN NORMAL FLOW

Average Throughput

Algorithm RED ARED URED

Scenario1 83.39505208 84.2666667 85.41283

Scenario2 83.35833333 83.4083333 85.83333

Scenario3 82.40833333 83.3333333 83.39167

Scenario4 82.49166667 83.3333333 83.39167

Scenario5 82.5 83.0583333 83.4

Above table II shows the Average throughput comparisons

of RED, ARED and URED with different thresholds in Normal Flow.

TABLE III: PACKET DROP COMPARISONS IN NORMAL FLOW

Total Packet Drops Average Packet Drops

Algorithm RED ARED URED RED ARED URED

Scenario1 1033 989 604 9 8 5

Scenario2 733 689 522 6 5 4

Scenario3 1353 991 589 11 8 4

Scenario4 1181 886 540 9 7 4

Scenario5 1229 959 569 10 7 4

Above table III shows the Total packet drops and average

packet drops comparisons of RED, ARED and URED with different thresholds in Normal Flow.

TABLE IV: THROUGHPUT COMPARISONS IN ATTACK FLOW

Average Throughput

Algorithm RED ARED URED

Scenario1 82.81490885 83.3333333 85.26456

Scenario2 82.46666667 82.4166667 83.33333

Scenario3 80 82.3583333 83.18333

Scenario4 82.95833333 83.25 83.375

Scenario5 82.45 82.8333333 83.3

Above table IV shows the Average throughput comparisons of RED, ARED and URED with different thresholds in attack flow.

IEEE - 31661

4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India

TABLE V: PACKET DROP COMPARISONS IN ATTACK FLOW

Total Packet Drops Average Packet Drops

Algorithm RED ARED URED RED ARED URED

Scenario1 5266 5012 3153 43 41 26

Scenario2 5863 5025 3025 48 41 25

Scenario3 5213 3584 3252 43 29 27

Scenario4 5395 4606 4080 44 38 34

Scenario5 5496 4843 3479 45 40 28

Above table V shows the Total packet drops and average packet drops comparisons of RED, ARED and URED with different thresholds in Attack Flow.

Simulation results show that performance of URED is better than other AQM algorithm RED and Adaptive RED.As it gives higher throughput and lower packet drops in normal flow and congestion due to DDoS flood attack flow.

VI.CONCLUSION

In this paper URED (Upper threshold RED) algorithm is proposed based on study of existing RED algorithm. By introducing new threshold performance of RED is improved in terms of throughput and packet drops. Simulation results show that URED is more efficient than RED and Adaptive RED. It has lower packet drops and higher throughput than RED and Adaptive RED.

VII. REFERENCES

[1] Ketki Arora, Krishan Kumar, Monika Sachdeva “Impact Analysis of

Recent DDoS Attacks” International Journal on Computer

Science and Engineering (IJCSE)ISSN : 0975-3397 Vol. 3 No. 2 Feb

2011

[2] Takanori Komatsu and Akira Namatame,"Effectiveness of close-loop

congestion controls for DDoS attacks",Intelligent and Evolutionary

Systems, Springer, Vol. 187, pp. 79-90, 2009.

[3] Haina Hu, Lin Yao,"Improvement for congetion control algorithms under

DDoS attacks",978-1-4244-4507-3/09/ ©2009 IEEE

[4] Chandni M Patel, Viral H Borisagar,” Survey On Taxonomy Of DDoS

Attacks With Impact And Mitigation Techniques” International

Journal of Engineering Research & Technology (IJERT) Vol. 1

Issue 9, November- 2012 ISSN: 2278-0181

[5] Christos Papadopoulos, Robert Lindell, John Mehringer, Alefiya Hussain,

Ramesh Govindan” COSSACK: Coordinated Suppression of

Simultaneous Attacks” Proceedings of the DARPA Information

Survivability Conference and Exposition (DISCEX’03) 0-7695-1897-

4/03 © 2003 IEEE

[6] Saurabh Sarkar, Geeta Sikka, Ashish Kumar,"Evolution and

Optimization of Active Queue Management Algorithms over High

Bandwidth Aggregates",International Journal of Computer Applications

(0975 – 888) Volume 48– No.12, 11-16,June 2012 new RED

[7] Dashun Que, Zhixiang Chen, Bi Chen,"An Improvement Algorithm

Based on RED and Its Performance Analysis",ICSP2008 Proceedings,

978-1-4244-2179-4/08 2005-2008 ©2008 IEEE

[8] S. Floyd and V. Jacobson, Random Early Detection Gateways for

Congestion Avoidance,IEEE/ACM Transactions on Networking, Vol. 1,

No.4, pages 397- 413, August 1993

[9] Babek Abbasov, Serdar Korukoglu, “An Active Queue Management

Algorithm For Reducing Packet Loss Rate”, Mathematical and

Computational Applications, Vol. 14, No. 1, pp. 65-72, 2009.

[10] S. Floyd. RED: Discussions of setting parameters.

http://www.icir.org/floyd/REDparameters.txt

IEEE - 31661

4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India