Mitigating massive access with Quasi-Deterministic Transmission: Experiments and stationary analysis [1]

The Massive Access Problem arises due to devices that forward packets simultaneously to servers in rapid succession, or by malevolent software in devices that flood network nodes with high-intensity traffic. To protect servers from such events, attack detection (AD) software is installed on servers, and the Quasi-Deterministic Transmission Policy (QDTP) has been proposed to ‘‘shape traffic’’ and protect servers, allowing attack detection to proceed in a timely fashion by delaying some of the incoming packets individually based on their arrival times. QDTP does not cause packet loss, and can be designed so that it does not increase end-to-end packet delay. Starting with measurements taken on an experimental test-bed where the QDPT algorithm is installed on a dedicated processor, which precedes the server itself, we show that QDPT protects the server from attacks by accumulating arriving packets at the input of the QDTP processor, then forwarding them at regular intervals to the server. We compare the behaviour of the server, with and without the use of QDTP, showing the improvement it achieves, provided that its ‘‘delay’’ parameter is correctly selected. We analyze the sample paths associated with QDTP and prove that when its delay parameter is chosen in a specific manner, the end-to-end delay of each packet remains unchanged as compared to an ordinary First-In-First-Out system. An approach based on stationary ergodic processes is developed for the stability conditions. Assuming mutually independent and identically distributed inter-arrival times, service times and QDTP delays, we exhibit the positive recurrent structure of a two-dimensional Markov process and its regeneration points.