Abstract
The current Internet is dramatically suffering the Distributed Denial of Service (DDoS) attacks. In this paper, we investigate an Internet transmission control protocol/active queue management (TCP/AQM) router subject to DDoS attacks. We utilize the time delay control theory to analyze the dynamics of the congestion control windows and the queues at the router. We derive some explicit conditions under which the TCP/AQM system under DDoS attacks is asymptotically stable. We discuss the convergence of the queue lengths in the router. Our results suggest that, if the network parameters in the TCP window updating and control parameters in the AQM algorithm satisfy certain conditions, the TCP/AQM system is stable and its queue lengths can converge to any given target. This result is important and promising in terms of applications in that, when the DDoS attacked traffic is differentiated from the legitimate traffic, one is able to choke the DDoS attacks by limiting their rates and then to improve the bandwidth usage of the normal flows. We illustrate the theoretical results using the network simulation platform ns2 and demonstrate that the controlled network can achieve good performance, enhancing the Internet robustness and performance against DDoS attacks.
| Original language | English |
|---|---|
| Pages (from-to) | 3042-3056 |
| Journal | IEEE Transactions on Network Science and Engineering |
| Volume | 7 |
| Issue number | 4 |
| Online published | 27 Jul 2020 |
| DOIs | |
| Publication status | Published - Oct 2020 |
Research Keywords
- Asymptotic stability
- Computer crime
- distributed denial of service (ddos) attack
- feedback control
- Internet
- Machine learning
- Machine learning algorithms
- Mathematical model
- Stability
- Stability analysis
- tcp/aqm system
- time-delay control