A Feedback Mechanism for Mitigating Denial of Service Attacks against Differentiated Services Clients

Abstract

Differentiated Service (DiffServ) networks provide Quality of Service (QoS) guarantees by policing traffic into a fixed number of pre-existing classes. DoS1 attacks against DiffServ clients will be more targeted and require less attack bandwidth than current attacks due to the per-client and per-class bandwidth limitations which must be imposed to ensure QoS guarantees. In this paper, we present a technique for defeating a DoS attack on a DiffServ client through dynamic modification of packet headers. This technique allows the DiffServ network to distinguish valid traffic from malicious traffic, but does not require cryptographic processing on a per-packet basis and does not increase packet size. We also examine the sensitivity of our system to the traffic policer's token bucket size.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 01, 2002
Accession Number
ADA494644

Entities

People

  • Geoffrey G. Xie
  • Matthew Braun

Organizations

  • Naval Postgraduate School

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Algorithms
  • Authentication
  • Bandwidth
  • Communication Systems
  • Computer Science
  • Denial Of Service Attack
  • Detection
  • Feedback
  • Floods
  • Guarantees
  • Information Operations
  • Network Protocols
  • Network Topology
  • Security Protocols
  • Simulations
  • Simulators
  • Wireless Communications

Fields of Study

  • Computer science

Readers

  • Computer Networking
  • Cybersecurity.