Abstract:A resilient stochastic fair blue (RSFB) algorithm is proposed to preserve the existing normal network throughput under DDoS attacks. RSFB algorithm identifies benign flows according to their marking probability, which is derived from the stochastic fair blue algorithm. All the identified benign flows are then recorded in a benign flow queue (BFQ). Finally, the RSFB algorithm ensures the transportation of the packets from benign flows to the BFQ. A series of simulations are carried out to evaluate the anti-attack performance of RSFB and a serial of well known AQM algorithms. The results show that the RSFB algorithm i) is highly robust, ii) can well preserve the TCP throughput in the presence of DDoS attacks, iii) and obviously over performs the existing AQM algorithms when facing DDoS attacks.