A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients
Loading...
Authors
Braun, M.
Xie, Geoffrey
Subjects
Advisors
Date of Issue
2002-10
Date
October 2002
Publisher
Language
Abstract
Differentiated Service (DiffServ) networks provide Quality of Service (QoS)
guarantees by policing traffic into a fixed number of pre-existing classes. DoS¹
attacks against DiffServ clients will be more targeted and require less attack
bandwidth than current attacks due to the per-client and per-class bandwidth
limitations which must be imposed to ensure QoS guarantees. In this paper, we
present a technique for defeating a DoS attack on a DiffServ client through
dynamic modification of packet headers. This technique allows the DiffServ
network to distinguish valid traffic from malicious traffic, but does not require
cryptographic processing on a per-packet basis and does not increase packet
size. We also examine the sensitivity of our system to the traffic policerâ s token
bucket size.
Type
Description
Proc. Tenth Int. Conf. on Telecommunication Systems: Modeling and Analysis, pp. 204-213, Monterey, CA, October 2002.
Series/Report No
Department
Computer Science (CS)
Organization
Identifiers
NPS Report Number
Sponsors
Funder
Format
Citation
Distribution Statement
Rights
This publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.