Article Preview
TopIntroduction
Denial of Service attack is one of the most popular attacks. The capability of the attack to make the resources of the victim’s system unavailable just by simply flooding the system with ICMP packets gives a huge advantage to the malicious user. It affects the availability in the CIA triad. A DOS attack is performed by overwhelming the victim's machine with a large no. of request packets to exhaust the resources available in the machine. Another manner of performing DoS is to get the victim’s system to perform a resource consuming task, thereby rendering it useless for anyone else (Xiao-Ming, Gong, Qi, & Miao, 2012). Flooding based DoS attack is most commonly performed on the transport layer and the application layer. The transport layer is responsible for establishing the communication channel between two devices, it is more rewarding for an attacker to attack on this layer as a very less amount of research and resource is needed, but the effect is devastating. Internet is still dominated by web traffic which is based on short-lived TCP connection.
Multiple solutions have been proposed over time to solve this problem. The most used methods to solve the problem of flood attack is modifying the packet request queue which can be used to utilize low resources and can be scaled. There are queue management algorithms like FavorQueue (Aneli, Diana, & Lochin, 2014), QRM (Casoni, Grazia, Klapez, & Patriciello, 2015). There are also solutions like Deterministic Fair Sharing (Bedi, Sankardas Roy, & Shiva, 2014).
This paper compares the aforementioned AQM methods with our proposed method (Venkatanarayan, Mohan, Hasan, Singh, & Chhabra, 2017).
There have been attempts to perform a behavioral analysis on the networks to identify malicious networks and have more checks on the traffic coming through it (Noh S., Jung, Choi, & Lee, 2008). However, this doesn’t scale up. Another suggestion of having trace-backs for each packet and using a marking scheme to identify malicious packets, was suggested. Automata based re-allocation of source to make sure that the legitimate user gets the resource, has also been identified.
Another method that was suggested was, a multi-modal design that portraits different jamming attacks by recognizing the interrelationship between three parameters: signal strength variation, strength of the received signal, and packet delivery rate. The above parameter profiles are generated in normal scenarios during training session and are compared with testing session to identify and classify jamming attacks (Sufyan, Saqib, & Zia, 2013).
An alternate method of detection suggested as DOMLEM, uses dominance based rough set and deals with the uncertainty at multiple layers of the network (Ahmed & Acharjya, 2015).
Muraleedharan and Lisa also discussed about jamming attacks and its detection in wireless sensor networks using ant system (Muraleedharan & Osadciw, 2006). Law et al. studied on link layer jamming attacks (Law, Hartel, Hartog, & Havinga, 2005). They are periodic listening interval, periodic control interval, periodic data packet, and periodic cluster. Wood et al. have also suggested four jamming attack models such as interrupt, activity, scan, and pulse (Wood, Stankovic, & Son, 2003).
This paper will look into the drawbacks of some of the above-mentioned Algorithms and will look into the advantages of using a threshold based AQM. This paper starts with the description of some related works. Then it describes about the threshold based AQM. Then goes on to differentiating in a very basic level of the algorithms and then a discussion is done on the basis of the results.