Open Access Open Access  Restricted Access Subscription or Fee Access

Optimized AQM Strategy to Encounter Low-Rate DoS Attacks

A. Karthik Velayudhan, S.A. Arunmozhi


The Internet router typically maintains a set of queues, which schedules data packets from source node to destination node. One such queue management technique is the Active Queue Management (AQM) which efficiently handles congestion control. The Low-rate Denial of Service (LDoS) attacks are those which transmit attack pulses at a low average rate, hence creates congestion, giving way for the legitimate packets to be dropped. Defense against LDoS attacks is a challenging issue, because detection of such low rate attacks is difficult by the routers. Random Early Detection (RED) is one among the AQM algorithms, which helps in defending against LDoS attacks. In this paper, an RED based counter mechanism is proposed, which involves elimination of LDoS attacks. The basic idea behind the proposed work is to detect and filter out low rate attack packets and also to ensure that only legitimate packets enter the queue. For this a randomized time has been incorporated into the AQM system such that the time of enqueueing of packets cannot be predicted by the attackers and the probability of legitimate packets entering the system becomes more. The proposed scheme offers an increased system performance and better TCP throughput


AQM, TCP, RTO, LDoS, RED, Throughput

Full Text:



Changwang Zhang, Jianping Yin, Zhiping Cai, and Weifeng Chen,” RRED: Robust RED Algorithm to Counter Low-rate Denial-of-Service Attacks,” IEEE Communications Letters, vol. 14, pp. 489-491, 2010

Kuzmanovic and E. W. Knightly, “Low-rate TCP-targeted denial of service attacks and counter strategies,” IEEE/ACM Trans. Netw., vol. 14,no. 4, pp. 683–696, 2006.

Amey Shevtekar and Nirwan Ansari, “A Proactive test based differentiation technique to mitigate low rate DoS attack”, New Jersey Institute of technology.

Sandeep Sarat and Andreas Terzis, “On effect of Router buffer sizes on Low-rate DoS attacks”, Johns Hopkins University.

Zhu Lina and Zhu Dongzhao, “A route based technique to detect and defend against Low-rate DoS”, Gaungdong Police Officer College, Guangzhou, China.

V. Anil Kumar, P. S. Jayalekshmy, G. K. Patra, and R. P. Thangavelu,” On Remote Exploitation of TCP Sender for Low-Rate Flooding Denial-of-Service Attack”, IEEE Communication Letters, vol. 13. No. 1, January 2009.

Amey Shevtekar, Karunakar Anantharam, and Nirwan Ansari,” Low Rate TCP Denial-of-Service Attack Detection at Edge Routers”, IEEE Communications Letters, vol. 9, no. 4, April 2005.

Guang Yang, Mario Gerla and M. Y. Sanadidi Computer Science Department, UCLA,” Defense against Low-rate TCP-targeted Denial-of-Service Attacks”,IEEE Conference 2004.

Qing Hui, Xiapu Luo, and Wenke Lee,” Control of Low-Rate enial-of-Service Attacks on Web Servers and TCP Flows”,IEEE Conference 2010.


  • There are currently no refbacks.

Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.