View article

The existing Random Early Detection (RED) algorithm and its variants are found vulnerable to emerging attacks, especially the Low-rate Denial-of-Service (LDoS) attacks. In this letter we propose a Robust RED (RRED) algorithm to improve the TCP throughput against LDoS attacks. The basic idea behind the RRED is to detect and filter out attack packets before a normal RED algorithm is applied to incoming flows. We conduct a set of simulations to evaluate the performance of the proposed RRED algorithm. The results show that, compared to existing RED-like algorithms, the RRED algorithm nearly fully preserves the TCP throughput in the presence of LDoS attacks.