RED-FT: A Scalable Random Early Detection Scheme with Flow Trust against DoS Attacks

In traditional Active Queue Management algorithms, e.g. RED, each flow, defined with the source and destination IP address of packets, fairly contends for the cache of bottleneck queues. However a malicious flow cannot be identified. And it enables potential network-layer attacks, e.g. the flooding Denial-of-Service (DoS) attack and the low-rate DoS attack. In this letter, we propose a new scheme using the flows trust values to defend against DoS attacks. Different from previous schemes, it employs the flow trust to safeguard legitimate flows. A router monitors network flows and calculates flows trust values, which are used for the relevant queue management. Malicious flows would be with lower trust values while legitimate flows would be with higher ones. Simulation results show that the scheme improves the throughput and delay in DoS attacking scenarios comparing with existing queue management algorithms. We consider the scheme is practical and effective to secure networks.