ISSN ONLINE(23209801) PRINT (23209798)
C.Gnana Prakash^{1}, K.Shanthi^{2}

Related article at Pubmed, Scholar Google 
Visit for more related articles at International Journal of Innovative Research in Computer and Communication Engineering
A distributed scheme to detect if a node has debased its rate limits. To address the challenge that it is difficult to count all the packets or replicas sent by a node due to lack of statement infrastructure, our detection adopts claimcarryand check: each node itself counts the number of packets or replicas that it has sent and claims the count to other nodes; the getting nodes carry the claims when they move, and crosscheck if their carried claims are inconsistent when they contact. The claim structure uses the pigeonhole standard to guarantee that an attacker will make conflicting claims which may lead to discovery. We present rigorous analysis on the probability of detection, and assess the effectiveness and efficiency of our scheme with extensive trace driven simulations. Using Lyapunov optimization, we extend this examination to design a utility Maximizing algorithm that uses explicit delay information from the headofline packet at each user. The consequential policy is shown to ensure deterministic worstcase delay guarantees and to yield a throughput utility that differs from the optimally fair value by an amount that is inversely proportional to the delay guarantee. Our results hold for a general class of 1hop networks, including packet switches and multiuser wireless systems with time varying reliability.
Keywords 
Lyapunov optimization, claimcarryand check, 1hop networks, packet switches. 
INTRODUCTION 
In this paper, we employ rate limiting [15] to defend beside flood attacks in DTNs. In our approach, each node has a limit over the number of packets that it, as a source node, can send to the network in each time interval. Each node also has a boundary over the numeral of replicas that it can generate for each packet (i.e., the number of nodes that it can forward each packet to). The two limits are used to mitigate packet flood and model flood attacks, respectively. If a node violates its rate limits, it will be detected and its data traffic will be filtered. In this way, the amount of flooded traffic can be controlled. 
Our main role is a procedure to notice if a node has violated its rate limits. Although it is easy to detect the violation of rate limit on the Internet and in telecommunication networks where the egress router and base station can account each user’s traffic, it is challenging in DTNs due to lack of communication infrastructure and consistent connectivity. Since a node moves approximately and may send data to any contacted node, it is very difficult to count the number of packets or replicas sent out by this node. Our essential idea of detection is claimcarryandcheck. Each node itself counts the number of packets or replicas that it has sent out, and claims the count to other nodes; the receiving nodes carry the claims around when they move, swap some claims when they contact, and crosscheck if these claims are inconsistent. If an attacker floods more packets or replicas than its limit, it has to use the same calculate in more than one claim according to the pigeonhole principle, and this inconsistency may lead to detection. Based on this idea, we use different cryptographic constructions to detect packet flood and replica flood attacks. 
Because the contacts in DTNs are opportunistic in nature, our approach provides probabilistic detection. The more traffic an attacker floods, the more likely it will be detected. The detection probability can be flexibly adjusted by system parameters that control the amount of claims exchanged in a contact. We provide a inferior and better bound of detection probability and examine the problem of parameter selection to maximize detection probability under a certain amount of exchanged claims. The effectiveness and efficiency of our scheme are evaluated with extensive tracedriven simulations. This paper fills that gap. We use a delaybased Lyapunov function and extend the examination to treat joint stability and presentation optimizat ion via the Lyapunov optimization technique from our prior work [2], [13], [14]. The extension is not obvious. Indeed, the flow control decisions in the prior work [2], [13], [14] are made immediately when a new packet arrives, which directly affects the drift of backlogbased Lyapunov functions. However, such decisions do not directly affect the delay value of the headofline packets, and hence do not directly affect the drift of delaybased Lyapunov functions. We overcome this challenge with a novel flow control policy that queues all arriving data, but makes packet dropping decisions just before advancing a new packet to the headofline. This policy is structurally different from the service optimization works [2] and [13]–[20]. This new structure leads to deterministic guarantees on the worstcase delay of any nondropped packet and provides throughput utility that can be pushed arbitrarily close to optimal. Specifically, for any integer we Similar performance tradeoffs are shown for queuebased Lyapunov functions in the previous work [2], [13], [14] (see also [24]–[26] for improved tradeoffs), but these guarantees apply only to queue size, slightly than delay. 
The deterministic delay guarantees we obtain in this present paper are quite strong and show the advantages of our new flow control structure. However, a disadvantage is that admit/drop decisions are delayed until a packet is at the headofline, rather than being determined immediately upon arrival. Moreover, due to correlation issues unique to this delaybased scenario, analysis is simplified if we assume the scheduler knows the vector of arrival rates to each link (although we also generalize to cases when these rates are unknown). Furthermore, while our deterministic delay guarantees hold for general arrival sample paths, our utility analysis assumes all entrance processes are independent of each other (possibly with different rates for each process) and independent and identically distributed (i.i.d.) over timeslots. Nevertheless, it is important to analyze these delaybased policies because they improve our understanding of complex delay, and because the deterministic guarantees they offer are useful for many practical systems. 
We further show via simulation that our algorithms maintain good performance when the i.i.d. arrivals are replaced by ergodic but temporally correlated “bursty” arrivals with the same rates. However, the worstcase delay required to achieve the same utility performance is amplified in this case. This is not surprising if we compare to known results for backlogbased Lyapunov algorithms. Backlogbased algorithms were first developed under i.i.d. assumptions, but later shown to work—with increased delay—for noni.i.d. cases (see [28] and references therein). Thus, while we limit our analytical proofs to the i.i.d. setting, we expect the algorithm to approach optimal utility in more general cases, as supported by our simulations. While our algorithm can be used to enforce any desired delay guarantee, it is important to emphasize that it does not maximize throughput utility subject to this guarantee. Such a problem can be addressed with Markov decision theory, which brings with it the curse of dimensionality (see structural results and approximations in [29] and weighted stochastic shortestpath approaches in [30]). proaches in [30]). In this paper, we claim only that the achieved utility is within of the largest probable utility of any stabilizing algorithm. However, because (for large ) our utility is close to this ideal utility value, it is even closer to the maximum utility that can be achieved subject to the worstcase delay constraint. That is because a basic stability constraint is less stringent than a worstcase delay constraint, and so the optimal utility under a stability constraint is greater than or equal to the optimal utility under a worstcase delay constraint. Furthermore, our approach offers the lowcomplexity advantages associated with Lyapunov drift and Lyapunov optimization. Specifically, the policy makes realtime broadcast decisions based only on the current system state and does not require apriori knowledge of the channelstate probabilities. The flow control decisions here can also be implemented in a distributed fashion at each link, as is the case with most other Lyapunovbased utility optimization algorithms. 
II. OVERVIEW 
2.1 Problem Definition 
Defense against Packet Flood Attacks 
We consider a scenario where each node has a rate limit L on the number of unique packets that it as a source can generate and send into the network within each time interval T. The time intervals start from time 0, T, 2T, etc. The packets generated within the rate limit are deemed genuine, but the packets generated beyond the limit are deemed flooded by this node. To defend against packet flood attacks, our goal is to detect if a node as a source has generated and sent more unique packets into the network than its rate limit L per time interval. The span of time interval should be set appropriately. If the interval is too long, rate limiting may not be very efficient against packet flood attacks. If the interval is too short, the number of associates that each node has during one interval may be too nondeterministic and thus it is difficult to set an appropriate rate limit. Generally speaking, the space should be short under the condition that most nodes can have a significant number of contacts with other nodes within one interval, but the appropriate length depends on the contact patterns between nodes in the specific deployment scenario. 
Defense against Replica Flood Attacks 
As motivated in Section 2, the defense against replica flood considers singlecopy and multicopy routing protocols. These protocols need that, for each packet that a node buffers no matter if this packet has been generated by the node or forwarded to it, there is a limit l on the number of times that the node can forward this packet to other nodes. The values of l may be different for different buffered packets. Our goal is to detect if a node has violated the routing protocol and forwarded a packet more times than its limit l for the packet. A node’s limit l for a buffered packet is firm by the routing protocol. In multi copy routing, l ¼ L is a parameter of routing) if the node is the source of the packet, and l ¼ 1 if the node is an intermediate hop (i.e., it received the packet from another node). In singlecopy routing, l ¼ 1 no matter if the node is the source or an intermediate hop. Note that the two limits L and l do not depend on each other. We discuss how to protect against replica flood attacks for quotabased routing. 
III. CLAIMCARRYANDCHECK 
Packet Flood Detection 
To detect the attackers that abuse their rate limit L, we must count the number of unique packets that each node as a basis has generated and sent to the network in the current interval. However, since the node may send its packets to any node it contacts at any time and place, no other node can monitor all of its sending behavior. To address this challenge, our idea is to let the node itself count the number of unique packets that it, as a source, has sent out, and claim the upto date packet count (together with a little auxiliary information such as its ID and a timestamp) in each packet sent out. The node’s rate limit certificate is also attached to the packet, such that other nodes receiving the packet can learn its official rate limit L. 
If an attacker is flooding more packets than its rate limit, it has to deceitfully claim a count smaller than the real value in the flooded packet, since the real value is larger than its rate limit and thus a clear indicator of attack. The claimed count must have been used before by the attacker in another claim, which is guaranteed by the pigeonhole principle, and these two claims are inconsistent. The nodes which have conventional packets from the attacker carry the claims included in those packets when they move around. When two of them contact, they check if there is any variation between their collected claims. The attacker is detected when an inconsistency is found. 
IV. THE INTELRATE CONTROLLER DESIGN 
fuzzy logic traffic controller for controlling traffic in the network system defined Called the IntelRate, it is a TISO (TwoInput SingleOutput) controller. The TBO (Target Buffer Occupancy) q>0 is the queue size level we aim to achieve upon congestion. The queue deviation is one of the two inputs of the controller. In order to remove the steady state error, we choose the integration of e(t) as the other input of the controller, i.e. g The aggregate output is Under heavy traffic situations, the IntelRate controller would compute an allowed sending rate for flow i according to the current IQSize so that q(t) can be stabilized around q. In our design, IQSize q(t) is the only parameter each router needs to calculate in order to complete the closedloop control. FLC is a nonlinear map of inputs into outputs, which consists of four steps, i.e., rule base building, fuzzification, inference and defuzzification. The concepts of fuzzy set and logic of FLC were introduced in 1965 by Zadeh, and it was basically extended from twovalued logic to the continuous interval by adding the intermediate values between absolute TRUE and FALSE. Interested readers are referred to some normal tutorials/texts like [36], [45] for the details of the fuzzy logic theory. In the sequel, we formulate our new controller by following those four steps along with designing the fuzzy linguistic descriptions and the membership functions. The parameter design issues and the traffic control process are also discussed at the end of the section. 
Linguistic Description and Rule Base 
V. DELAYBASED FLOW CONTROL 
Let be the vector of arrival rates, so that is the arrival rate to link (in units of packets/slot). The network capacity region is defined as the closure of the set of all longterm throughput vectors that the scheme can support. The set is known to be the same as the closure of the set of all arrival rate vectors for which there exists a stabilizing preparation algorithm, subject to the constraint that the flow controllers are turned off (so that no packets are dropped and for all and all ) [4], [12]. Specifically, in [12] it is shown that the set is given by the set of all timeaverage transmission rates that can be achieved by motionless and randomized algorithms, called only algorithms, that observe every slot and choose a (possibly random) diffusion vector according to a probability distribution that depends only on the observed channel state. Thus, for every vector ,with 
are important for solving problems of maximizing a concave function of a time average and are critical for network utility maximization with randomly arriving traffic [2], [28]. To ensure that the constraints (16) are satisfied, we use a virtual queue for each link , with update equation as follows: 
C. DelayBased Lyapunov Function 
We now impose the following structure on our control policy. Every slot, a packet transmission decision is made first.Ifa transmission over link l is successful (so that ), then the packet is removed from the queue, and no packet is dropped from link l (so that ). Else, if link either did not attempt transmission or if its transmission was unsuccessful, we can decide whether or not to drop the packet, but no other packet can be dropped from link l Thus, every slot ,we have 
VI. CONCLUSIONS 
we employed rate limiting to ease flood attacks in DTNs, and a scheme which exploits claimcarryandcheck to probabilistically notice the violation of rate limit in DTN environments. Our scheme uses efficient constructions to keep the computation, communication and storage cost low. Also, we analyzed the lower bound and upper bound of detection probability We have established a delaybased policy for joint stability and utility optimization. The policy provides deterministic worstcase delay bounds, with total throughput value that is inversely proportional to the delay guarantee. The Lyapunov optimization approach for this delaybased problem is significantly different from that of backlogbased policies. We believe these results add significantly to our understanding of network delay and delayefficient control laws. 
References 
[1] M. J. Neely, “Delaybased network utility maximization ,” in Proc. IEEE INFOCOM, Mar. 2010, pp. 1–9. [2] L. Georgiadis, M. J. Neely, and L. Tassiulas, “Resource allocation and crosslayer control in wireless networks,” Found. Trends Netw.,vol.1, no. 1, pp. 1–149, 2006. [3] L. Tassiulas and A. Ephremides, “Stability proper ties of constrained queueing systems and scheduling policies for maxi mum throughput in multihop radio networks,” IEEE Trans. Autom. Con trol, vol. 37, no. 12, pp. 1936–1948, Dec. 1992. [4] L. Tassiulas and A. Ephremides, “Dynamic server allocation to parallel queues with randomly varying connectivity,” IEE E Trans. Inf. Theory, vol. 39, no. 2, pp. 466–478, Mar. 1993. [5] N. McKeown, A. Mekkittikul, V. Anantharam, and J. Walrand, “Achieving 100% throughput in an inputqueued sw itch,” IEEE Trans. Commun., vol. 47, no. 8, pp. 1260–1267, Aug. 1999. [6] P. R. Kumar and S. P. Meyn, “Stability of queueing networks and scheduling policies,” IEEE Trans. Autom. Co ntrol,vol.40,no.2,pp. 251–260, Feb. 1995. [7] E. Leonardi, M. Mellia, F. Neri, and M. A. Mars an, “Bounds on average delays and queue size averages and va riances in inputqueued cellbased switches,” in Proc. IEEE INFOCO,M, 2001, vol. 2, pp. 1095–1103. [8] N. Kahale and P. E. Wright, “Dynamic glob al packet routing in wireless networks,” in Proc. IEEE INFOCOM, 1997, vol. 3, pp. 1414–1421. [9]M.Andrews,K.Kumaran,K.Ramanan,A.Stolyar, P. Whiting, and R. Vijaykumar, “Providing quality of service over a shared wireless link,”IEEE Commun. Mag., vol. 39, no. 2, pp. 150–154, Feb. 2001. [10] M. J. Neely, E. Modiano, and C. E. Rohrs, “ Dynamic power allocation and routing for time varying wireless networks,” IEEE J. Sel. Areas Commun., vol. 23, no. 1, pp. 89–103, Jan. 2005. [11] M. Kobayashi, G. Caire, and D. Gesbert, “ Impact of multiple transmit antennas in a queued SDMA/TDMA downl ink,” in Proc. 6th IEEE SPAWC, Jun. 2005, pp. 540–544. [12] M. J. Neely and R. Urgaonkar, “Optimal backpressure routing in wireless networks with multireceiver diversity,” Ad Hoc Netw., vol. 7, no.5, pp. 862–881, July 2009. [13] M. J. Neely, E. Modiano, and C. Li, “Fa irness and optimal stochastic control for heterogeneous networks,” in Proc. IEEE INFOCOM,Mar. 2005, vol. 3, pp. 1723–1734. [14] M. J. Neely., “Dynamic power allocation and routing for satellite and wireless networks with time varying channels,” Ph.D. dissertation, Massachusetts Institute of Technology, Cambridge, MA, 2003, LIDS. [15] A. Stolyar, “Maximizing queueing network utility subject to stability: Greedy primaldual algorithm,”Queueing Syst.,vol.50,no.4,pp. 401–457, 2005. [16] X. Lin and N. B. Shroff, “Joint rate control and scheduling in multihop wireless networks,” in Proc. 43rd IEEE Conf. Decision Control,Paradise Island, Bahamas, Dec. 2004, vol. 2, pp. 1484–1489. [17] A. Eryilmaz and R. Srikant, “Fair resource allocation in wireless networks using queuelengthbased scheduling and congestion control,” in Proc. IEEE INFOCOM,Mar.2005, vol. 3, pp. 1794–1803. [18] J. W. Lee, R. R. Mazumdar, and N. B . Shroff, “Opportunistic power scheduling for dynamic multi server wireless systems,” IEEE Trans.Wireless Commun., vol. 5, no. 6, pp. 1506–1515, Jun. 2006. [19] R. Agrawal and V. Subramanian, “Optimality of certain channel aware scheduling policies,” in Proc. 40th Annu. Allerton Conf. Commun., Control, Comput., Monticello, IL, Oct. 2002, pp. 1532–1541. [20] H. Kushner and P. Whiting, “Asymptotic properties of proportionalfair sharing algorithms,” in Proc. 40th Annu. Allerton Conf. Commun.,Control, Comput., 2002, pp. 1051–1059. [21] A. Mekkittikul and N. McKeown, “A starvation free algorithm for achieving 100%throughput in an inputqueued switch,” in Proc. ICCN,1996, pp. 226–231. [22] M. Andrews, K. Kumaran, K. Ramanan, A. Stolyar, R. Vijaykumar, and P. Whiting, “Scheduling in a queueing system with asynchronously varying service rates,” Probab.Eng.Inf.Sci., vol. 18, no. 2,pp. 191–217, April 2004. [23] S. Shakkottai and A. Stolyar, “Scheduling for multiple flows sharing a timevarying channel: The exponential rule,” Anal. Methods Appl. Probab., Amer. Math. Soc. Transl., vol. 207, pp. 185–202, 2002. [24] R. Berry and R. Gallager, “Communication over fading channels with delay constraints,” IEEE Trans. Inf. Theory, vol. 48, no. 5, pp. 1135– 1149, May 2002. [25] M. J. Neely, “Superfast delay tradeoffs for utility optimal fair scheduling in wireless networks,” IEEE J. Sel. Areas Commun., vol. 24, no. 8, pp. 1489–1501, Aug. 2006. [26] L. Huang and M. J. Neely, “Delay reduction via Lagrange multipliers in stochastic network optimization,” IEEE Trans. Autom. Control, vol. 56, no. 4, pp. 842–857, Apr. 2011. [27] D. P. Bertsekas and R. Gallager,DataNetworks. Upper Saddle River, NJ: PrenticeHall, 1992. [28] M. J. Neely, Stochastic Network Optimization With Application to Communication and Queueing Systems. San Francisco, CA: Morgan & Claypool, 2010. [29] B. Sadiq, S. Baek, and G. de Veciana, “Delayoptimal opportunistic scheduling and approximations: The log rule,” in Proc. IEEE INFOCOM, Apr. 2009, pp. 1692–1700. [30] M. J. Neely, “Stochastic optimization for Markov modulated networks with application to delay constrained wireless scheduling,” in Proc. IEEE CDC, Shanghai, China, Dec. 2009, pp. 4826–4833. [31] J. K. MacKieMason and H. R. Varian, “Pricing congestible network resources,” IEEE J. Sel. Areas Commun., vol. 13, no. 7, pp. 1141–1149, Sep. 1995. [32] M. J. Neely and E. Modiano, “Convexity in queues with general inputs,” IEEE Trans. Inf. Theory, vol. 51, no. 2, pp. 706–714, Feb. 2005. [33] P. Giaccone, E. Leonardi, and D. Shah, “Throughput region of finite buffered networks,” IEEE Trans. Parallel Distrib. Syst., vol. 18, no. 2, pp. 251–263, Feb. 2007. [34] M. J. Neely, “Energy optimal control for time varying wireless networks,” IEEE Trans. Inf. Theory, vol. 52, no. 7, pp. 2915–2934, Jul. 2006. [35] L. B. Le, E. Modiano, and N. B. Shroff, “Optimal control of wireless networks with finite buffers,” in Proc. IEEE INFOCOM, 2010, pp. 1–9. [36] L. Ying, S. Shakkottai, A. Reddy, and S. Liu, “On combining shortestpath and backpressure routing over multihop wireless networks,” IEEE/ACM Trans. Netw., vol. 19, no. 3, pp. 841–854, Jun.2011. [37] M. J. Neely, “Opportunistic scheduling with worst case delay guarantees in single and multihop networks,” in Proc. IEEE INFOCOM, 2011, pp. 1728–1736. [38] R. Daniels and R. W. Heath, Jr., “An online learning framework for link adaptation in wireless networks,” in Proc. Inf. Theory Appl. Workshop, San Deigo, CA, Feb. 2009, pp. 138–140. [39] F. Kelly, “Charging and rate control for elastic traffic,” Eur. Trans. Telecommun., vol. 8, no. 1, pp. 33–37, Jan.–Feb. 1997. 