Protecting bursty applications against traffic aggressiveness

Aggressive use of networks, in particular the Internet, either by malicious or innocent users, threatens the service availability and quality of polite applications. Common queueing mechanisms which supposedly solve the problem, are shown in this work to be ineffective for bursty applications, including Web applications. This can be exploited by malicious users to conduct a new kind of Denial of Service attacks. We propose a new traffic control mechanism called Aggressiveness Protective Queuing (APQ) which is based on attributing importance weights to the users and which solves this problem by dynamically decreasing the weight of the aggressive users. The actual weight used for a flow is a dynamically varying parameter reflecting the past bandwidth usage of the flow. We show that under heavy load (deterministic model), APQ significantly restricts the amount of traffic an aggressive user can send and bounds it, at most, to twice the amount of traffic sent by a polite (regular) user. Simulation results demonstrate the effectiveness of APQ under a stochastic environment.