A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients
MetadataShow full item record
Differentiated Service (DiffServ) networks provide Quality of Service (QoS) guarantees by policing traffic into a fixed number of pre-existing classes. DoS¹ attacks against DiffServ clients will be more targeted and require less attack bandwidth than current attacks due to the per-client and per-class bandwidth limitations which must be imposed to ensure QoS guarantees. In this paper, we present a technique for defeating a DoS attack on a DiffServ client through dynamic modification of packet headers. This technique allows the DiffServ network to distinguish valid traffic from malicious traffic, but does not require cryptographic processing on a per-packet basis and does not increase packet size. We also examine the sensitivity of our system to the traffic policerÃ¢ s token bucket size.
Proc. Tenth Int. Conf. on Telecommunication Systems: Modeling and Analysis, pp. 204-213, Monterey, CA, October 2002.
RightsThis publication is a work of the U.S. Government as defined in Title 17, United States Code, Section 101. Copyright protection is not available for this work in the United States.
Showing items related by title, author, creator and subject.
Wang, Beng Wei (Monterey, California. Naval Postgraduate School, 2007-03);Wireless sensor networks have been widely researched for use in both military and commercial applications. They are especially of interest to the military planners as they can be deployed in hostile environments to collect ...
Gallup, Shelley P.; Anderson, Tom; Garza, Victor (Bob); Irvine, Nelson; Wood, Brian (Woodie) (Monterey, California. Naval Postgraduate School, 2016); NPS-N16-N201-CThere is no process or system capable of detecting obfuscated network traffic on DOD networks, and the quantity of obfuscated traffic on DOD networks is unknown. The presence of obfuscated traffic on a DOD network creates ...
Turksoyu, Faith (2001-03);Traffic modeling is an important component of the design of any communication network. This is even more crucial emerging networks, which are expected to operate in high speed and high bandwidth environments. As the design ...