Can Multipath TCP Be Robust to Cyber Attacks? A Measuring Study of MPTCP with Active Queue Management Algorithms

With the development of social networks, more and more mobile social network devices have multiple interfaces. Multipath TCP (MPTCP), as an emerging transmission protocol, can fit multiple link bandwidths to improve data transmission performance and improve user experience quality. At the same time, due to the large-scale deployment and application of emerging technologies such as the Internet of (ings and cloud computing, cyber attacks against MPTCP have gradually increased. More and more network security research studies point out that low-rate distributed denial of service (LDDoS) attacks are relatively popular and difficult to detect and are recognized as one of the most severe threats to network services. (is article introduces six classic queue management algorithms: DropTail, RED, FRED, REM, BLUE, and FQ. In a multihomed network environment, we perform the performance evaluation of MPTCP under LDDoS attacks in terms of throughput, delay, and packet loss rate when using the six algorithms, respectively, by simulations. (e results show that in an MPTCP-enabled multihomed network, different queue management algorithms have different throughput, delay, and packet loss rate performance when subjected to LDDoS attacks. Considering these three performance indicators comprehensively, the FRED algorithm has better performance. By adopting an effective active queuemanagement (AQM) algorithm, theMPTCP transmission system can enhance its robustness capability, thus improving transmission performance. We suggest that when designing and improving the queue management algorithm, the antiattack performance of the algorithm should be considered: (1) it can adjust the traffic speed by optimizing the congestion control mechanism; (2) the fairness of different types of data streams sharing bandwidth is taken into consideration; and (3) it has the ability to adjust the parameters of the queue management algorithm in a timely and accurate manner.


Introduction
With the development of social networks and the large-scale application of multiple wireless access technologies (i.e., Bluetooth, Wi-Fi, GPRS, and 4G), more and more mobile social network terminal devices are equipped with multiple network interfaces of different standards. Multihomed terminals can access multiple networks at the same time and achieve multipath data transmission by fitting the bandwidth of multiple links so as to improve data transmission performance, maximize network resource utilization, and improve user experience quality [1] while the multipath TCP (MPTCP) protocol [2] can distribute the data across multiple end-to-end transmission paths, by enabling the use of several network interfaces of devices simultaneously, as shown in Figure 1. As a variant of the TCP technology, MPTCP preserves the standard socket application programming interfaces (APIs) that are used by most Internet applications. Hosts can establish an MPTCP connection by using the existing socket APIs, without requiring any modification or addition to the applications and still being compatible on today's Internet. erefore, MPTCP protocol is considered to play a huge role in the application of future Internet data transmission services [3,4]. In spite of MPTCP has some advantages when applied to concurrent transmission in the network, in the real environment, the commonly happening network attacks have led to frequent changes in network quality which makes the network connection has a negative impact on the performance of MPTCP. e MPTCP-based multipath data transmission is a process with complex network behavior. Although each transmission path can independently perform data transmission tasks according to its own network conditions, yet when a certain transmission path in the MPTCP multipath transmission system is attacked by a network, the reduction of the path transmission performance or the path failure will affect the transmission performance of other paths so as to produce adverse effects on the overall performance of multipath transmission such as robustness degradation [5]. Due to the large-scale deployment and application of emerging information technologies such as the Internet of ings (IoT) and cloud computing, a growing trend of various network attacks is presented, especially low-rate distributed denial of service (LDDoS) attacks. It has been pointed out by more and more network security research studies that LDDoS attacks are more prevalent and difficult to detect in the network, and it is recognized as one of the most major threats for network services [6,7].
Taking advantage of the loopholes in the TCP protocol's retransmission timeout (RTO) mechanism, LDDoS sends periodically small pulse traffic separately by controlling multiple puppet machines, so it can reach the victim at the same time and converge into a huge impact traffic, causing the target host resources (such as bandwidth, memory, and CPU) to be exhausted and making the victim lose its ability to respond to the user's reasonable service request for a longtime [8]. Because of the characteristics of small traffic and concealment of LDDoS, when the MPTCP multipath transmission system suffers an LDDoS attack, the attack flow is difficult to be detected so that the defense capabilities of the transmission system will be affected and the robustness of the multi-path transmission system greatly reduced. erefore, when the MPTCP transmission system is attacked by an LDDoS network, it is extremely important to improve the attack and defense capability of the system network. e current academic research is mainly on improving the ability of detecting and defending LDDoS attacks from the perspective of extracting the characteristics of the attack flow. In recent years, it has been found by some scholars [9] that networks with different queue management algorithms have different defense capabilities when they are attacked by LDDoS. Queue management algorithms belong to linkbased congestion control algorithms, which can be divided into passive queue management (PQM) and active queue management (AQM). By actively discarding or marking some data packets on the router side, network congestion can be effectively avoided and the performance of the TCP protocol can be improved by the queue management algorithm [10].
By tracking the research trends of MPTCP in academic circles, we find that there are insufficient research studies on the survivability analysis and robustness optimization of the MPTCP multipath transmission system. is paper introduces six network queue management algorithms: DropTail, random early detection (RED), fair random early detection (FRED), random exponential marking (REM), BLUE, and fair queuing (FQ). We compare and analyze their performance through simulation experiments. e conclusion of this paper provides a method for enhancing the robustness of the MPTCP network and provides effective suggestions for improving the queue management algorithm. Our research work in this paper is the first time to focus on the robustness of MPTCP from the perspective of AQM, hoping to attract the attention of relevant scholars through our research and promote the research on the adaptability and robustness of MPTCP congestion control. e rest of this paper is organized as follows. e second part introduces the related research of LDDoS attack detection and defense and queue management mechanism. e third part will briefly introduce the basic ideas, advantages, and disadvantages of the six queue management algorithms. In the fourth part, the simulation experiment design and the evaluation of three performance indexes will be carried on. In the last part, we will give a summary.

Related Work
In recent years, various network attacks have shown a significant growth trend due to the large-scale deployment and application of emerging information technologies such as the IoT and cloud computing, especially LDDoS attacks [11]. It uses the weakness of the TCP protocol congestion control mechanism to periodically launch malicious attack traffic at a low rate, thereby reducing network throughput. Compared with traditional DDoS, LDDoS has a low attack rate and strong concealment. It is difficult to be discovered by traditional DDoS attack defense systems. LDDoS attacks can last longer, resulting in a rapid decline of network quality [12]. LDDoS is showing more and more serious harm to the network environment and has become a hot spot in the field of network security research at home and abroad. At present, many research institutions have carried out research on LDDoS attacks. In the network based on TCP protocol, the detection and defense of LDDoS have achieved a series of results.
For the research on LDDoS attacks, Kuzmanovic and Knightly [13] first proposed the concept of "Shrew" attacks.
ey collected relevant data about LDDoS attacks on the backbone network and conducted related research. After that, many researchers have proposed solutions for the detection and defense of LDDoS attacks by extracting LDDoS traffic characteristics or combining machine learning methods. Sahoo et al. [14] proposed a measurement method based on generalized entropy. According to the characteristics of Software-Defined Network (SDN) data flow, they used information distance to quantify the deviation of traffic under different probability distributions as a metric to detect attack behavior. Ren et al. [15] proposed a smart NCAP that supports LDDoS detection and proposed a method to detect LDDoS attack traffic using a linear multiple regression model with Simple Network Management Protocol (SNMP) content. Agrawal and Tapaswi [16] proposed a power spectral density (PSD)-based method to detect and mitigate LDDoS attacks in the frequency domain. is method can monitor and analyze real-time aggregated traffic for attack detection. Gu et al. [17] proposed a semisupervised clustering detection method with multiple characteristics, which can effectively detect DDoS attacks from massive data streams. Li et al. [18] proposed a DDoS detection model and defense system in a Software-Defined Network environment based on deep learning. e model can learn patterns from network traffic sequences, track network attack activities in a historical manner, and effectively clear DDoS attack traffic. de Lima Filho et al. [19] proposed a DoS detection system based on machine learning and inferred from signatures extracted from network traffic samples. Han et al. [20] proposed a cross-plane DDoS attack defense framework and detection mechanism in a Software Defined Network. e mechanism consists of a coarse-grained flow monitoring algorithm on the data plane and an attack classification algorithm based on fine-grained machine learning on the control plane. Kavitha and Padmavathi [21] developed an effective defense technology against LDoS attacks and proposed an advanced random time queue blocking (ARTQB) scheme. Lin et al. [22] proposed a "double check priority queue" structure, which can effectively reduce the impact of DDoS attacks so that ordinary users can still access the service. Yue et al. [23] found that the random early detection (RED) algorithm is vulnerable to LDoS attacks, which limits the sending rate of TCP senders. Wei et al. [9] analyzed and compared the defense capabilities of three classic queue management algorithms in ad hoc networks attacked by DDoS.
For the detection and defense of network attacks such as LDDoS, different scholars have conducted research from different perspectives. We find that there are few research results that combine queue management algorithms with LDDoS defense. Queue management algorithm is one of the research hotspots in the field of network congestion control. By actively discarding or marking some data packets on the router side, the queue management algorithm can effectively avoid network congestion and improve the performance of the TCP protocol. Researchers have proposed many improved techniques for queue management algorithms. Karmeshu and Bhatnagar [24] proposed an adaptive queue management mechanism with a random drop algorithm. Compared with the existing active queue management algorithm, it significantly improves system performance in terms of throughput, average queue size, utilization, and queue delay. Bisoy and Pattnaik [25] proposed a rate and queue-based active queue management (RQ-AQM) algorithm to improve the stability of network systems supporting TCP streams. Although these algorithms can be applied to various network conditions, most of the existing queue management algorithms are designed without considering their antiattack performance.
Based on the previous research on LDDoS defense methods and queue management algorithms, we introduced six classic queue management algorithms-DropTail, RED, Fred, REM, BLUE, and FQ. And we compare the performance of throughput, delay, and packet loss rate when MPTCP networks are under LDDoS attacks.
is paper provides a solution for enhancing the defense capability of the MPTCP transmission system against LDDoS and other network attacks and enriches the theoretical results of the antiattack research of queue management algorithms.

Queue Management Algorithm
Currently, the phenomenon of network congestion can be seen everywhere, and the most effective way to solve network congestion is to manage the queues in the network. e queue management mechanism is mainly to control the network transmission node to buffer the transmission of information in the form of a queue. When the queue length reaches a critical value, the corresponding service message is discarded to achieve the purpose of controlling the queue length. erefore, routers should manage the queues and maintain a small queue length, resulting in a series of queue management algorithms [26]. Current queue management algorithms can be divided into passive queue management algorithms and active queue management algorithms. e idea of PQM is that the queue management module only takes corresponding measures when the queue buffer overflows. e most commonly used in routers is the passive queue management algorithm DropTail. e idea of AQM is to make early judgments and take a series of measures before the queue buffer overflows so as to avoid the occurrence of congestion as soon as possible [27][28][29]. According to the design principle, the existing AQM algorithms can be divided into three types: queue length-based, network loadbased, and both queue length and network load-based. is paper selects five AQM algorithms (RED, FRED, BLUE, REM, and FQ) belonging to different design principles. In addition, these AQM algorithms have been extensively studied by the academic community, and the experimental results have certain representativeness and reference value.

DropTail Algorithm.
e DropTail algorithm is a typical passive queue management algorithm and the most widely used queue management algorithm in the network. e basic idea of the DropTail queue management algorithm is when a data message arrives at a network node, it needs to be queued in different output port buffers. Regardless of the length of its own queue, it will put the data message in the queue and wait to be sent. However, when the data flow is large, the queue length has exceeded the set buffer capacity value, and the network node has no space to temporarily store these new data messages [30]. erefore, when the network is Security and Communication Networks congested, all newly arrived data packets that are too late to be processed will be stored in the buffer, and these saved data packets will be processed when the system is idle. When the network continues to be congested, the buffer will be filled, and all newly arrived end packets will be discarded. When the sender detects that a data packet is discarded, it will reduce the data transmission rate until the congestion is eliminated. e advantage of DropTail lies in its simple algorithm. Due to the simple way of processing data messages, it is supported by almost all network node platforms. However, the DropTail algorithm cannot avoid the occurrence of network congestion in advance, so there may be problems such as "global synchronization of TCP flows," continuous full queue status, and deadlock of service flows to the buffer, which affects the overall transmission speed and reduces network efficiency.

RED Algorithm.
e RED algorithm [31] is a typical active queue management algorithm. e basic idea of the RED queue management algorithm is to judge congestion by monitoring the average length of the output port queue of the router. When the average length of the queue reaches a certain threshold, the router will randomly select some newly arrived packets to discard or mark and send a congestion notification.
is algorithm can ensure that the sending window is reduced before the queue overflow causes packet loss, thereby reducing the sending rate and alleviating network congestion. e RED queue management algorithm has two important computer mechanisms [32]. One is to calculate the average queue length and to predict congestion in advance by monitoring the average length of the buffer queue. e other is to calculate the drop probability P of data packets. If the average queue length is within the set threshold range, the arriving packets are discarded according to probability P.
In order to avoid unnecessary congestion control caused by sudden data, the RED queue management algorithm calculates the average queue length using an exponential weighted moving average algorithm; the formula is where L is the current queue length, L first is the previous estimated value of the average queue length, L now is the current average queue length, w is the weighted coefficient of the current queue length, and its value range is between [0, 1]. At the same time, RED queue management mechanism needs to set two thresholds for the average queue length, which are the minimum threshold L min and the maximum threshold L max . Comparing L now with the threshold L min and L max , the following operation is performed: (1) If L now < L min , all data packets are allowed to enter the queue (2) If L now > L max , all data packets are discarded (3) If L min ≤ L now ≤ L max , then calculate the transition packet loss probability p a and discard the arriving data packets according to the probability P In the RED queue management algorithm, the probability P of packet dropping by grouping is calculated according to the following formula: P max is the maximum packet loss rate. Obviously, the relationship between P a , P max , L min , L max , and L now is shown in Figure 2.
en, the final packet loss probability is P � (Pa/(1− count × Pa)), where count is the number of packets accepted since the last packet was dropped.
Compared with the DropTail algorithm, the RED algorithm controls the flow rate through its own congestion control, thereby avoiding the problems of long delay time and low link utilization caused by the long-time full queue state of the data receiving node. However, the RED algorithm has parameter sensitivity problems and cannot effectively control the cache size. In addition, the RED algorithm fails to consider different types of data streams on the network when calculating the packet loss probability, so it cannot effectively handle the congestion notification connections of different data streams, resulting in various connections sharing bandwidth unfairly and affecting network performance [33].

FRED Algorithm.
e FRED algorithm belongs to the active queue management algorithm and is a new algorithm based on the improvement of the fairness of the RED queue management algorithm [34]. e FRED queue management algorithm uses accounting for each active flow to make different marking packet decisions for flows that use different bandwidths, thereby improving the fairness of different flows sharing bandwidth. e FRED algorithm is mainly based on the basic framework of the RED algorithm, so the algorithm also has two main parts: calculating the average queue length and calculating the probability of dropped packets, and the calculation formula is consistent with the RED algorithm. However, there is a big difference from the RED algorithm. It needs to recalculate the average queue length in the buffer when the packet arrives and leaves.
Compared with the RED algorithm, the FRED algorithm has more advantages in terms of fairness, and it effectively discriminates and restricts the nonadaptive data flow. However, because the FRED algorithm needs to record the active flows in the entire cache queue and maintain its corresponding flow state, when the number of flows is large, the router will be overloaded and computational overhead will increase.

REM Algorithm.
e REM algorithm is one of the active queue management algorithms, which uses link prices to represent the network congestion metric. e basic idea of the REM queue management algorithm is to use the price concept to detect and control the congestion state of the network. e REM algorithm uses the cumulative sum of the price values of all connections on a channel as the congestion measure of this channel. And it embeds the metric value into the end-to-end packet marking probability that can be detected by the source so that the packet arrival rate matches the link bandwidth. Since calculating the data packet arrival rate needs to save certain state information, in order to avoid calculating the data packet arrival rate, the rate difference is approximated by the queue difference [35].
Price P l (t) of link l is calculated as follows: Among them, c > 0, α 1 > 0, [z] + � max 0, z { }, b l (t) is the instantaneous queue length of the queue of link l at time t, and b * is the target queue length. e marking probability of the queue of link l at time t is m l (t) � 1 − ϕ − P l (t) . ϕ is constant, and ϕ > 1, and the end-toend marking probability of the message is 1 − ϕ − Σ l P l (t) . In practice, c � 0.001, ϕ � 1.001, α 1 � 0.1, and b * � 20.
e REM algorithm has opened up a new field for flow control, which can achieve the technical goal of AQM, but its performance is not ideal at present.

BLUE Algorithm.
e BLUE algorithm is an active queue management algorithm based on network load. It uses packet loss events and links idle events to manage and notify congestion. e basic idea of the BLUE queue management algorithm is when the queue in the router overflows, the data packets will be continuously discarded. At this time, the BLUE algorithm will increase the probability of discarding the data packets and adjust the sending speed of the data packets. On the contrary, if the link is relatively idle at this time and the queue is empty, then the drop probability is reduced to increase the speed of sending data packets, thereby effectively controlling the speed of sending congestion notification information to improve the performance of the network [36]. e biggest advantage of the BLUE queue management algorithm is that a relatively small buffer can be used to complete congestion control, which improves the throughput of TCP streams and allows routers to have more free space. However, the BLUE algorithm also has a parameter setting problem. When the RTT of a data packet changes greatly or the number of connections suddenly changes, the set parameters will be invalid and the queue will fluctuate between packet loss and low usage.

FQ Algorithm.
e FQ algorithm is an active management algorithm based on fair queues. e FQ algorithm establishes an independent output queue for each connection in the router. e router processes each queue in a round-robin manner to ensure fairness between each data flow. When a line is idle, the router scans all queues in turn and sends out the first packet of the queue each time. When a flow's data packets arrive too fast, its queue will quickly fill up, and new data packets belonging to this flow will be discarded [37].
With the FQ algorithm, it is impossible for each data stream to sacrifice other data streams and occupy more resources. In addition, it separates data streams so that data streams that do not comply with the congestion control mechanism will not affect other streams. So, it provides fairness without sacrificing statistical reuse.

Experimental Design.
In order to study the performance of six queue management algorithms when an MPTCPenabled multihomed network suffers from LDDoS attacks, we develop a basic double dumbbell simulation topology with reasonable LDDoS attack traffic in NS-2 [38], as shown in Figure 3. e router R 1,1 on path A is connected to five edge nodes that send UDP attack flows, and router R 1,2 is connected to five edge nodes that receive attack flows. We set the bandwidth between the node sending and receiving the attack stream and its connected router to 50 Mb and the propagation delay to 25 ms. e bandwidth between R 1,1 and R 1,2 and between R 2,1 and R 2,2 is set to 5 Mb, the propagation delay is 25 ms, and the queue management algorithm uses the DropTail algorithm. e total simulation time is 60 seconds. LDDoS attacks usually use the UDP protocol with constant bit rate (CBR) traffic to take a lot of bandwidth, so all attackers will generate UDP/CBR packets and start the attack after 2 s. e following three parameter values are used to describe the characteristics of LDDoS attacks [39]: 100ms, 100ms, 1Mbps)

. (4)
Among them, T is the attack period, L is the duration of the attack (the width of the attack pulse), and R is the strength of the attack pulse (the attack rate). If the parameter values of T, L, and R are set reasonably, the LDDoS traffic can reject the bandwidth of the regular TCP stream and avoid being detected by the DoS defense system. When the congestion control mechanism is triggered, the data packet will enter the timeout retransmission state. When an LDDoS attack occurs, the higher the R, the greater the bandwidth loss caused.
We choose the most commonly used DropTail algorithm in the simulation experiment to set the parameters of the best  Figure 4 shows the congestion window (cwnd) size of path A when LDDoS is attacked and when it is not attacked. When an LDDoS attack is launched (after 2 s), the cwnd size of path A drops sharply. is is because the LDDoS attack can use MPTCP's RTO mechanism to make the MPTCP sender stay in the timeout retransmission state on path A and cannot exit. e congestion control mechanism of MPTCP is similar to that of TCP. In order to test the congestion of the network, the cwnd size is set to 1 at the initial slow start. As long as the sender judges that the network is congested, it is necessary to set the slow start threshold to half of the sender window value when congestion occurs (but not less than 2), then reset cwnd size to 1, and return to slow start stage. After the 20 s of simulation time in this experiment, the size of cwnd is maintained at 1. e network attack keeps the TCP data packet on path A in the timeout retransmission state, which shows that the LDDoS attack has achieved the best attack effect. is confirms that the DropTail algorithm, which is analyzed later, has a throughput of 0 for the normal TCP data flow on path A after the 20 s.

Simulation Analysis.
Based on the MPTCP network, this paper analyzes and compares the defense capabilities of six classic network queue management algorithms such as DropTail, RED, FRED, REM, BLUE, and FQ when they are attacked by LDDoS. During the simulation, we test and analyze the performance of the throughput, end-to-end delay, and packet loss rate.

Comparison of the
roughput Performance. roughput is the amount of successfully transmitted data per unit time. We measure the throughput between the sender and receiver when the MPTCP-enabled multihomed network is attacked by LDDoS. Figure 5 shows the comparison of the throughput performance of the MPTCP network transmission system using six queue management algorithms in a 60 s simulation time. For the convenience of observation, we plot the comparison of throughput performance when the LDDoS attack reaches stability, that is, after 20 s. Figure 6 tests the throughput of the MPTCP network transmission system (including path A and path B). Figure 7 tests the throughput of path A attacked by LDDoS.
We can see that when path A is attacked by LDDoS, using the DropTail algorithm and the BLUE algorithm will lose the data transmission capability of the normal TCP stream after the 20 s. In addition, regardless of the single path or the entire transmission system, the FRED algorithm has the best throughput performance. is is because RED predicts congestion in advance by monitoring changes in the average length of the buffer queue so that data transmission nodes can control traffic speed through their own congestion control, thus avoiding low link utilization due to long periods of full queues.

Security and Communication Networks
In the MPTCP-enable multihomed networks, different queue management algorithms have different throughput performances when subjected to LDDoS attacks. We find that if the queue management algorithm cannot distinguish between different types of data streams, it is very likely that bad-behaving data streams will occupy a large number of data streams. From this, it can be seen that the queue management algorithm can improve the defense ability in the case of network attacks when considering the fairness of different types of data streams sharing bandwidth, which shows higher throughput performance. However, the RED algorithm fails to consider that the data streams on the network are of different types when calculating the packet loss probability, which leads to unfair sharing of bandwidth among various connections and affects network performance. e FRED algorithm improves the fairness of the RED algorithm. It makes different marking packet decisions by accounting for each active stream, thereby improving the fairness of different streams sharing bandwidth. When data streams with different competition capabilities compete for limited bandwidth, fairness ensures that the throughput performance of less competitive data streams will not suffer great damage, but a part of the transmission capacity is maintained. In addition, the FQ algorithm is slightly worse than FRED in throughput performance, but compared with the other four algorithms, because the fairness between different flows is also considered, when the network is under LDDoS attacks, it also retains a part of the throughput performance. e DropTail algorithm, as a typical passive queue management algorithm, cannot avoid network congestion in advance. When a sudden attack flow is encountered, the queue of the router will always be in a full state, a large number of TCP data flows will jointly slow down the sending rate to reduce congestion, and the utilization rate of the network will decrease accordingly. e REM algorithm and the BLUE algorithm also do not consider the fairness of different data streams sharing bandwidth, so when the number of router connections suddenly changes drastically, it will lead to poor throughput.
In the MPTCP-enabled multihomed networks, different queue management algorithms have different throughput performance when subjected to LDDoS attacks. If the queue management algorithm cannot distinguish between different types of data streams, it is very likely that bad-behaving data streams will occupy a lot of bandwidth. It can be seen that the queue management algorithm, when considering the   fairness of different types of data streams sharing bandwidth, can improve the defense capability in the event of network attacks, which is manifested in higher throughput performance.

Comparison of the End-to-End Delay Performance.
e end-to-end delay is the time required for a message or packet to be transmitted from one end of a network to another. It includes transmission delay, propagation delay, processing delay, and queuing delay. We test the delay of TCP data flow on path A. Figure 8 shows the comparison of the delay performance of the six queue management algorithms when the network is under LDDoS attacks. We mainly observe and analyze the comparison of delay performance when the network attack reaches a stable state (20 s).
From Figure 8, the delay performance of the RED algorithm is the best and the FRED performance is second. e RED algorithm can control the flow rate through its own congestion control, thereby avoiding the long delay time caused by the data receiving node due to the full queue state for a long time. e FRED algorithm considers the fairness issue more than the RED algorithm. It needs to record the active flow in the entire cache queue and maintain its corresponding flow state, which causes the router to be overloaded and increases the computational overhead. erefore, in terms of delay performance, the FRED algorithm is slightly worse than the RED algorithm. e DropTail algorithm only sends a congestion signal to the router or the sender when the queue is full, resulting in prolonged queuing time of data packets in the queue and increased end-to-end delay. In addition, from Figure 8, we find that the time delay data of the DropTail algorithm disappear after 25 s. is is because the TCP stream on path A has been severely attacked by LDDoS and has been in a timeout retransmission state, so the delay of this type of data stream cannot be calculated. Although the BLUE algorithm adjusts the sending speed of data packets when the queue overflows in the router, when the router is attacked by a network such as LDDoS, the set parameters will become invalid. e delay of the REM algorithm shows obvious fluctuations because the algorithm's operating mechanism is to match the data packet arrival rate with the link bandwidth. When subjected to periodic LDDoS attacks, the data packet transmission rate will also change accordingly. We find that the delay of the FQ algorithm is in the middle of the delay of these six algorithms and presents a horizontal straight line.
is is consistent with its design philosophy of ensuring fairness between each flow and allowing routers to process each queue in a polling manner.
In the MPTCP-enabled multihomed network, different queue management algorithms have different delay performances when subjected to LDDoS attacks. e queue management algorithm can adjust the flow rate by optimizing the congestion control mechanism and avoiding the long delay time caused by the long-time full queue state of the data receiving node, thereby improving the defense ability in the case of network attacks.

Comparison of the Packet Loss Rate Performance.
e packet loss rate refers to the ratio of the number of data packets lost in the test to the data group sent. We test the packet loss of TCP data flow on path A. Table 1 shows the detailed data of the total number of packets, the number of lost packets, and the packet loss rate of the six queue management algorithms when the network is under LDDoS attacks. It can be seen from Figure 9 that the FQ algorithm has no packet loss during the entire data transmission process. e packet loss rates of the FRED, DropTail, BLUE, and REM algorithms are 0.02%, 2.68%, 3.15%, and 4.22%, respectively. e packet loss rate of RED is the highest, with a packet loss rate of 5.23%.
In a network environment, it is entirely possible that an application does not use the TCP protocol.
e LDDoS attack flow can bypass the end-to-end congestion control mechanism and send its own data packets to the router arbitrarily, causing normal application data packets to be discarded. e FQ algorithm solves this problem. In the FQ algorithm, the router has a queue for each output line. e router processes packets in a "polling" manner to ensure fairness between each flow. erefore, the packet loss rate using the FQ algorithm is low. However, when data packets of a flow arrive too fast, its queue will quickly fill up, and new data packets belonging to this flow will also be discarded. Although the RED algorithm proposes a method to deal with sudden data flow, it uses an exponentially weighted moving average algorithm to make the average queue length change relatively slowly, but because the algorithm has the disadvantage of parameter sensitivity, the parameters (such as the maximum threshold L max ) cannot be modified in time, resulting in a large number of packets being discarded. Compared with the RED algorithm, the FRED algorithm recalculates the average queue length in the buffer when the packet arrives and leaves. It can more timely and accurately reflect the queue changes and modify the parameters, so the packet loss rate is very low. We find that when DropTail, BLUE, and REM algorithms are attacked by LDDoS and other network attacks, more data packets will be discarded by the queue, which reduces the efficiency of the network.
It can be seen that when it is subjected to network attacks such as LDDoS, the queue management algorithm should have the ability to adjust parameters in a timely and accurate manner so as to effectively ensure the transmission of normal TCP data streams. In addition, improving the fairness of the algorithm can also reduce the packet loss rate and show better transmission performance.
e results show that in the MPTCP-enabled multihomed networks, different queue management algorithms have different throughput, delay, and packet loss rate performance when subjected to LDDoS attacks. In terms of throughput performance, considering fairness, the FRED algorithm has the best performance and the FQ algorithm has the second-highest performance. In view of delay performance, the RED algorithm is the best, and the performance of FRED is slightly worse than that of RED. However, with the development of technology, the small delay gap can be made up by increasing the operating speed of hardware devices. In consideration of packet loss rate performance, the FQ and FRED algorithms can maintain a lower packet loss rate when subjected to network attacks of LDDoS compared with other algorithms. rough an overall consideration of the three performance indicators of throughput, delay, and packet loss rate, it is evident that the FRED algorithm has better performance.

Conclusion
is paper introduces six queue management algorithms: DropTail, RED, FRED, REM, BLUE, and FQ. rough simulation experiments, we compare the performance of different queue management algorithms in the MPTCP network under LDDoS attack. e results show that in the multihost network using MPTCP, when one of the paths is attacked by LDDoS, the other paths can still transmit normally and the whole system will not collapse. Different queue management algorithms have different throughput, latency, and packet loss rates. rough an overall consideration of the three performance indicators of throughput, delay, and packet loss rate, it is evident that the FRED algorithm has better performance. By adopting an effective queue management algorithm, the MPTCP transmission system can enhance its robustness and defense capability, thus improving transmission performance. In addition, our research conclusions provide effective suggestions for the technical improvement of the queue management algorithm. In the future, the antiattack performance of the algorithm should be taken into consideration when designing and improving the queue management algorithm. An effective queue management algorithm should achieve three aspects: (i) it can adjust the traffic speed by optimizing the congestion control mechanism; (ii) the fairness of different types of data streams sharing bandwidth is taken into consideration; and (iii) it has the ability to adjust the Average loss rate (%)  Security and Communication Networks parameters of the queue management algorithm in a timely and accurate manner, thereby effectively ensuring the transmission performance of normal TCP data streams so as to improve the defense capability against network attacks.

Data Availability
No data were used to support this article.

Conflicts of Interest
e authors declare that they have no conflicts of interest.