| dc.description.abstract | Virtualization has been vastly implemented in many organizations, facilitating the installation of more than one operating system in one physical machine. This helps save on costs associated with the physical hardware. This technology is employed in data centers which hold mission critical resources for organizations. This requires that there be secured and uninterrupted communication between various terminals and these centers. Congestion control algorithms have emerged as ideal mechanisms of preventing the sender from overwhelming the receiver and other network entities with data packets. However, these algorithms in their current operations in detecting network congestions and responding to it, can be utilized for malicious activities. As an illustration, the TCP acknowledgements that are employed by some congestion control algorithms to detect network congestion can be employed to launch SYN flooding attacks. Continuous SYN flooding attacks lead to denial of services. Both SYN flooding and DOS raise security challenges in networked enterprises. Therefore, poor detection and handling of network congestion can compromise the security of the data in transit. This paper provides an in-depth evaluation of the various congestion control algorithm such as slow start, congestion avoidance, fast retransmit and fast recovery. Since these protocols are normally implemented in TCP variants, a
review of TCP variants such as TCP Tahoe, TCP Reno, TCP Vegas, TCP CUBIC, BIC TCP, TCP Hybla, TCP Westwood and Compound TCP is provided. The ultimate goal was to demonstrate that even though they are implemented in a wide variety of networks, these algorithms are deficient in a number of ways. For instance, in TCP Tahoe, when congestion is detected, the congestion window is set to one maximum segment size. This catastrophic reduction in data rates can greatly affect the ongoing communications, such as video transfers. Moreover, all of the TCP variants employ acknowledgements either to establish a connection, detect packet loss or to react to packet losses. Attacks such as TCP SYN have been shown to take advantage of these acknowledgements during the three way handshake to launch denial of service attacks. The significance of this study then lies on the fact that based on the observed discrepancies; it justifies the development of a novel congestion control algorithm to address the identified setbacks. The results clearly indicated the inefficient utilization of the network bandwidth by the existing congestion control algorithms and the ease with which intruders can deny availability to the legitimate users by flooding the senders with acknowledgements during the three way handshake phase. | en_US |
