The inconsistency of responding to network congestion leaves the Interent protocols be potentially the targets of malicious users. Since unresponsive flows (e.g., UDP) do not cut down their sending rate while experiencing packet losses, they could deplete fair share of the bandwidth allocated for responsive flows (e.g., TCP). In this paper, we propose an approach to filter high rate unresponsive malicious flows while they are aiming at normal traffics, which are made by about 85% TCP flows and 15% UDP flows. Our approach is a window-based filter mechanism. It is an additional packet filtering mechanism processed before any queue management policy is applied. Setting the window size properly and dropping packets reaching the next window can catch the nature of unresponsive flows. The performance of our proposed scheme is demonstrated through extensive NS-2 simulations.
展开▼