URED: Upper Threshold RED an Efficient
Congestion Control Algorithm
Chandni M Patel Computer Engineering Department
Government Engineering College, Sector-28, Gandhinagar
Gujarat, India
Abstract— Recently many prominent web sites face so called
Distributed Denial of Service Attacks (DDoS). DDoS attacks are a
virulent, relatively new type of attack on the availability of
Internet services and resources. To avoid denigration most of the
commercial sites do not expose that they were attacked that is the
biggest challenges of the researchers. Network congestion caused
by DDoS attack can be managed by AQM (Active queue
Management).Random Early Detection (RED) is one of the most
prominent congestion avoidance schemes in the Internet routers.
To overcome the limitations of the basic RED algorithm,
researchers proposed several variants of RED. Our aim is to
design an efficient congestion control algorithm to defend against
the DDoS flood attack using existing algorithm Random Early
Detection (RED) by solving some problems in existing RED. In
this research we propose an algorithm, with minimal changes to
the overall RED algorithm which provides effective solution to
avoid congestion collapse of network services by introducing new
threshold Uth(Upper Threshold). Our proposed algorithm in
URED (Upper threshold RED).Simulation is done in NS- 2.35
simulator environment. Simulation results show that our new
URED algorithm gives better performance than RED and
Adaptive RED. Comparisons are done in terms of total average
throughput, total packet drops, and average packet drops. It will also increase adaptability of RED.
Keywords- URED algorithm, DDoS, RED algorithm, Adaptive RED algorithm, AQM, Packet Drops, Throughput
I. INTRODUCTION
An aim of an internet is to provide scalable, open [1] and secured network. Confidentiality, authentication, message integrity and non repudiation are the basic aspects of the internet security. Distributed denial of service (DDoS) attack targets the availability of services on the Internet. It is one kind of Denial of service attack. High bandwidth traffic aggregates may occur during times of flooding based DDoS attack.[2] This can make network congested and bring servers down with huge packets. DDoS flows that do not cut down their sending rates after their packets are dropped.[3]The defence mechanism of DDoS is one the aggregate based congestion control. Active
Queue Management (AQM) algorithms are the key technology of congestion control.[3]
The main focus on this research is to study Random Early Detection (RED) congestion control algorithms and also to provide effective solution to avoid congestion collapse of network services. We propose new algorithm using existing RED algorithm. We introduced new threshold Uth(Upper Threshold) and have modified RED algorithm. Simulation is done in NS 2.35 simulator. Simulation results are compared with RED and Adaptive RED with our proposed URED algorithm. Results are in terms of throughput and packet drops.
This paper is organized as follows. Chapter II gives the basic idea about DDoS attack while chapter III describes basic RED algorithm, RED drop function, and problems in RED. In chapter IV our proposed algorithm and URED packet Drop function is explained. Chapter V simulation results and comparisons are shown. Chapter VI is the conclusion of the research and Chapter VII is the references used for this research.
II. RELATED WORK
DDoS attacks are a virulent, relatively new type of attack on the availability of Internet services and resources.[4] DDoS attacks are highly distributed, well coordinated, offensive assaults on services, hosts, and infrastructure of the Internet. Effective defensive countermeasures to DDoS attacks will require equally sophisticated, well coordinated, monitoring, analysis, and response.[5]
A malicious host controls large number of zombies which causes network congestion due to DDoS attack. Congestion control algorithm RED is used for congestion management. The RED algorithm is a representative AQM algorithm, and is also the only candidate algorithm recommended by RFC2309. The ability of AQM to detect incipient congestion and convey congestion notification to the end-hosts enables the sources to reduce their sending rates prior to buffer overflow. ECN is used in conjunction with AQM for signaling congestion to sources using packet marking instead of dropping packets.[6]
IEEE - 31661
4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India
The basic idea of RED congestion control mechanism is to estimate the probability of packet marking for the realization of early notification on the calculation of the average queue length.[7] RED gateways keep the average queue size low while allowing occasional bursts of packets in the queue.[8] There are still some drawbacks in RED algorithm. Some improved RED algorithms are such as ARED, FRED, SRED and etc.[7]It is little bit difficult to set configuration parameters of RED to keep network environment stable. Theoretical analysis and simulation results all show that the packet loss and throughput are better that RED and ARED.
III. BASIC RED ALGORITHM
RED can detect congestion by monitoring the average queue length of the output of router, and randomly chooses
connections to notify congestion once the average queue length
is close to congestion. The core of RED is to calculate the
average queue length from the current queue length by the
EWMA (Exponentially Weighted Moving Average)[7].The
average length of the queue is calculated as: [7]
(1)
The formula for temporary packet discard probability of RED
is expressed as : [7]
(2)
Where max p is the largest packet drop probability. Formula
(2) shows the packet discard probability that depends upon the
value of the average queue length. Following Figure 1 shows
the RED drop function.
Figure 1. RED Drop Function
A. Problems in RED
RED performance is sensitive to the number of competing
sources/flows. Its is highly sensitive to its parameter settings. In RED, at least 4 parameters, namely, maximum threshold (maxth), minimum threshold (minth), maximum packet
dropping probability (maxp), and weighting factor (wq), have to be properly set.RED performance is sensitive to the packet size. With RED, wild queue oscillation is observed when the traffic load changes.[9]
IV. PROPOSED URED ALGORITHM
In our algorithm we have introduced new Threshold Uth(Upper threshold) for better use of buffer space, to queue more packets which reduces packet drops due to constant packet drop probability pa is 1 when average queue size is greater than maxth. As in RED and other enhanced RED algorithm pa increases linearly up to packet dropping probability maxp. If average queue size goes greater than maxth then pa is set to 1 and all incoming packets are dropped. In order to get full advantage of the queue buffer packet drop-probability is calculated by another linear function when average queue size reaches between maxth threshold and Uth threshold.
Following is the pseudo code of the URED algorithm with Upper threshold (Uth):
Initialization: avg = 0; count = - 1 For each packet arrival Calculate the new average queue size avg; if the queue is non empty avg = (1 – wq) *avg + wq * q else m = f(time – q_time) avg = ( 1- wq)
m * avg if Minth ≤ avg ≤ Maxth increment count calculate probability Pa Pb = Maxp(avg – Minth)/(Maxth – Minth) Pa = Pb(1- count *Pb) With Probability Pa: Mark the arriving Packet Count =0 else if Maxth ≤ avg < Uth Increment count Calculate probability Pa Pb = (1 - Maxp)*((avg – Maxth)/(Uth – Maxth)) Pa = Pb(1- count *Pb) With Probability Pa: Mark the arriving Packet count = 0 else if Uth ≤ avg < BS Drop the packet count =0 else count = - 1 When queue becomes empty q_time = time Saved Variables: avg : average queue size q_time : start of the queue ideal time count : packets since last marked packet BS : Buffer size
IEEE - 31661
4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India
Fixed Parameters : wq : queue weight Minth : Minimum Threshold Maxth : Maximum Threshold < Half of the BS Uth : Upper Threshold < 3/4th of the BS Maxp : Maximum Value for Pb Pa : Current packet marking probability q : Instantaneous queue size t : time f(t) : Linear function of time t At normal flow buffer is empty and average queue size
becomes zero. The performance of RED is highly dependent on the thresholds. Most of the threshold selection strategies are based on the simulations and network condition. The problem with these approaches is that they might be good for a particular traffic condition and could give worse result under different traffic situation caused by DDoS flood attack. Initially set Maxth = 2 * Minth and Uth will be 4* of the minth will be is set and Uth < ¾ th of the Buffer Size according to rule of thumb.[10]
When average queue size is between maxth and Uth packet drop probability using our derived equation and packet is marked with probability pb.
Pb = (1 - Maxp)*((avg – Maxth)/(Uth – Maxth)) (3) Pa = Pb(1- count *Pb) (4)
In the existing RED algorithm packet marking probability is directly set to 1 when average size reaches to the maxth so all the incoming packets are marked and dropped with probability 1 hence buffer space is wasted. For better buffer space utilization we have introduced new threshold Uth. In our proposed algorithm buffer space is utilized effectively, this will improve the performance of RED.
Following Figure: 2 shows the packet drop function of URED algorithm
Figure 2. URED Packet Drop Function
V. SIMULATION AND RESULTS
The software NS 2.35 is adopted for network simulation.
Following table gives the simulation parameters in details. Graphs are generated using X-graph utility.
TABLE I: SIMULATION TABLE
Network Parameters
The number of nodes 22
The number of links 22
Average hop number 25
Net bandwidth 10[Mbps]
Normal Users 20
No. of attackers 05
Normal Scenario No. of
attackers
0
Link delay 5 [ms]
Queue RED,Droptail
Queue size 100[packets]
Simulation Duration 120 Sec
User Flow Starts 15 Sec
Attacker flow 30- 100 Sec
Experimental network topology map is shown below.
Simulation is done in five different scenarios with different thresholds. Scenario 1(Minth 10 Maxth 30 Uth 60 ),Scenario 2 (Minth 15 Maxth 45 Uth 75), Scenario 3 (Minth 8 Maxth 32 Uth 64),Sceanrio 4(Minth 12 Maxth 36 Uth 72), Scenario 5(Minth 16 Maxth 32 Uth 64).All the simulation are done with RED, Adaptive RED and URED algorithm. Results are compared in terms of Throughput and Packet drops. Figure 3 show the network scenario in normal flow where node 0 is the RED router and node 2 is the sink node and node 1 is the intermediate node other nodes are the user nodes.
Figure 3. Simulation Network in Normal Flow
IEEE - 31661
4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India
Below Figure 4 shows the network scenario in attack flow where red colored squared nodes are the attacker nodes.
Figure 4. Simulation network in Attack Flow
Figure 5 Throughput in Normal Flow 1
Above Figure 5 shows the throughput comparisons of RED,ARED and URED in normal scenario 1.Throughput is measured in kbps(kilobytes per second).
Figure 6 Packet Drops in Normal Flow 1
Above Figure6 shows the packet drops comparisons of RED, ARED and URED in normal Scenario 1.Graph shows total number of packets are dropped per second.
TABLE II THROUGHPUT COMPARISONS IN NORMAL FLOW
Average Throughput
Algorithm RED ARED URED
Scenario1 83.39505208 84.2666667 85.41283
Scenario2 83.35833333 83.4083333 85.83333
Scenario3 82.40833333 83.3333333 83.39167
Scenario4 82.49166667 83.3333333 83.39167
Scenario5 82.5 83.0583333 83.4
Above table II shows the Average throughput comparisons
of RED, ARED and URED with different thresholds in Normal Flow.
TABLE III: PACKET DROP COMPARISONS IN NORMAL FLOW
Total Packet Drops Average Packet Drops
Algorithm RED ARED URED RED ARED URED
Scenario1 1033 989 604 9 8 5
Scenario2 733 689 522 6 5 4
Scenario3 1353 991 589 11 8 4
Scenario4 1181 886 540 9 7 4
Scenario5 1229 959 569 10 7 4
Above table III shows the Total packet drops and average
packet drops comparisons of RED, ARED and URED with different thresholds in Normal Flow.
TABLE IV: THROUGHPUT COMPARISONS IN ATTACK FLOW
Average Throughput
Algorithm RED ARED URED
Scenario1 82.81490885 83.3333333 85.26456
Scenario2 82.46666667 82.4166667 83.33333
Scenario3 80 82.3583333 83.18333
Scenario4 82.95833333 83.25 83.375
Scenario5 82.45 82.8333333 83.3
Above table IV shows the Average throughput comparisons of RED, ARED and URED with different thresholds in attack flow.
IEEE - 31661
4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India
TABLE V: PACKET DROP COMPARISONS IN ATTACK FLOW
Total Packet Drops Average Packet Drops
Algorithm RED ARED URED RED ARED URED
Scenario1 5266 5012 3153 43 41 26
Scenario2 5863 5025 3025 48 41 25
Scenario3 5213 3584 3252 43 29 27
Scenario4 5395 4606 4080 44 38 34
Scenario5 5496 4843 3479 45 40 28
Above table V shows the Total packet drops and average packet drops comparisons of RED, ARED and URED with different thresholds in Attack Flow.
Simulation results show that performance of URED is better than other AQM algorithm RED and Adaptive RED.As it gives higher throughput and lower packet drops in normal flow and congestion due to DDoS flood attack flow.
VI.CONCLUSION
In this paper URED (Upper threshold RED) algorithm is proposed based on study of existing RED algorithm. By introducing new threshold performance of RED is improved in terms of throughput and packet drops. Simulation results show that URED is more efficient than RED and Adaptive RED. It has lower packet drops and higher throughput than RED and Adaptive RED.
VII. REFERENCES
[1] Ketki Arora, Krishan Kumar, Monika Sachdeva “Impact Analysis of
Recent DDoS Attacks” International Journal on Computer
Science and Engineering (IJCSE)ISSN : 0975-3397 Vol. 3 No. 2 Feb
2011
[2] Takanori Komatsu and Akira Namatame,"Effectiveness of close-loop
congestion controls for DDoS attacks",Intelligent and Evolutionary
Systems, Springer, Vol. 187, pp. 79-90, 2009.
[3] Haina Hu, Lin Yao,"Improvement for congetion control algorithms under
DDoS attacks",978-1-4244-4507-3/09/ ©2009 IEEE
[4] Chandni M Patel, Viral H Borisagar,” Survey On Taxonomy Of DDoS
Attacks With Impact And Mitigation Techniques” International
Journal of Engineering Research & Technology (IJERT) Vol. 1
Issue 9, November- 2012 ISSN: 2278-0181
[5] Christos Papadopoulos, Robert Lindell, John Mehringer, Alefiya Hussain,
Ramesh Govindan” COSSACK: Coordinated Suppression of
Simultaneous Attacks” Proceedings of the DARPA Information
Survivability Conference and Exposition (DISCEX’03) 0-7695-1897-
4/03 © 2003 IEEE
[6] Saurabh Sarkar, Geeta Sikka, Ashish Kumar,"Evolution and
Optimization of Active Queue Management Algorithms over High
Bandwidth Aggregates",International Journal of Computer Applications
(0975 – 888) Volume 48– No.12, 11-16,June 2012 new RED
[7] Dashun Que, Zhixiang Chen, Bi Chen,"An Improvement Algorithm
Based on RED and Its Performance Analysis",ICSP2008 Proceedings,
978-1-4244-2179-4/08 2005-2008 ©2008 IEEE
[8] S. Floyd and V. Jacobson, Random Early Detection Gateways for
Congestion Avoidance,IEEE/ACM Transactions on Networking, Vol. 1,
No.4, pages 397- 413, August 1993
[9] Babek Abbasov, Serdar Korukoglu, “An Active Queue Management
Algorithm For Reducing Packet Loss Rate”, Mathematical and
Computational Applications, Vol. 14, No. 1, pp. 65-72, 2009.
[10] S. Floyd. RED: Discussions of setting parameters.
http://www.icir.org/floyd/REDparameters.txt
IEEE - 31661
4th ICCCNT - 13 July 4 - 6, 2013, Tiruchengode, India