The existing Active Queue Management (AQM) algorithms, including the fairness-aimed ones, are notably vulnerable to spoofing DDoS attacks. We propose a Resilient Stochastic Fair Blue (RSFB) algorithm against spoofing DDoS attacks. The basic idea behind RSFB is to record the responsive normal TCP flows and rescue their dropped packets. Simulations and analysis show that the RSFB algorithm is highly robust and can fully preserve the TCP throughput in the presence of spoofing DDoS attacks.
展开▼