Chronology of the development of Active Queue Management algorithms of RED family. Part 1: from 1993 up to 2005

This work is the first part of a large bibliographic review of active queue management algorithms of the Random Early Detection (RED) family, presented in the scientific press from 1993 to 2023. The first part will provide data on algorithms published from 1993 to 2005

CBSeq: A Channel-level Behavior Sequence For Encrypted Malware Traffic Detection

Machine learning and neural networks have become increasingly popular solutions for encrypted malware traffic detection. They mine and learn complex traffic patterns, enabling detection by fitting boundaries between malware traffic and benign traffic. Compared with signature-based methods, they have higher scalability and flexibility. However, affected by the frequent variants and updates of malware, current methods suffer from a high false positive rate and do not work well for unknown malware traffic detection. It remains a critical task to achieve effective malware traffic detection. In this paper, we introduce CBSeq to address the above problems. CBSeq is a method that constructs a stable traffic representation, behavior sequence, to characterize attacking intent and achieve malware traffic detection. We novelly propose the channels with similar behavior as the detection object and extract side-channel content to construct behavior sequence. Unlike benign activities, the behavior sequences of malware and its variant's traffic exhibit solid internal correlations. Moreover, we design the MSFormer, a powerful Transformer-based multi-sequence fusion classifier. It captures the internal similarity of behavior sequence, thereby distinguishing malware traffic from benign traffic. Our evaluations demonstrate that CBSeq performs effectively in various known malware traffic detection and exhibits superior performance in unknown malware traffic detection, outperforming state-of-the-art methods.Comment: Submitted to IEEE TIF

Sharing but not Caring - Performance of TCP BBR and TCP CUBIC at the Network Bottleneck

Loss-based congestion control protocols such as TCP CUBIC can unnecessarily fill router buffers adding delays which degrade application performance. Newcomer TCP BBR uses estimates of the bottleneck bandwidth and round trip time (RTT) to try to operate at the theoretical optimum – just enough packets to fully utilize the network without excess queuing. We present detailed experimental results that show in practice, BBR can either over- or under-estimate the bottleneck bandwidth and RTT, causing high packet loss for shallow buffer routers and massive throughput variations when competing with TCP CUBIC flows. We suggest methods for improving BBR’s estimation mechanisms to provide more stability and fairness

A QoS-Based Fairness-Aware BBR Congestion Control Algorithm Using QUIC

Congestion control is a fundamental technology to balance the traffic load and the network. The Internet Engineering Task Force (IETF) Quick UDP Internet Connection (QUIC) protocol has flexible congestion control and at the same time possesses the advantages of high efficiency, low latency, and easy deployment at the application layer. Bottleneck bandwidth and round-trip propagation time (BBR) is an optional congestion control algorithm adopted by QUIC. BBR can significantly increase throughput and reduce latency, in particular over long-haul paths. However, BBR results in high packet loss in low bandwidth and low fairness in multi-stream scenarios. In this article, we propose the enhanced BBR congestion control (eBCC) algorithm, which improves the BBR algorithm in two aspects: (1) 10.87% higher throughput and 74.58% lower packet loss rate in the low-bandwidth scenario and (2) 8.39% higher fairness in the multi-stream scenario. This improvement makes eBCC very suitable for IoT communications to provide better QoS services