Design of Secure Diffserv Ingress Edge Routers
Classical Differentiated Service (DiffServ) routers have not considered the security problem in their designs, generally, they have no ability to countering Denial of Service (DoS ) attacks because of their simple system structures. DoS attacks against DiffServ clients are more targeted and require less attack bandwidth than current attacks for classical DiffServ routers due to the per-client and perclass bandwidth limitations, since they must be imposed to ensure QoS guarantees. To solve the problem, in this paper, we present the design of new ingress DiffServ edge router(IDER) for defeating DoS attacks on DiffServ clients. The classifier and access control model of ingress DiffServ edge routers(IDERs) secure the Quality of Service (QoS) by policing traffics and limiting the data rate and access number of traffics, and distinguish the traffics with higher priorities from malicious traffics. The algorithms of secure TCP AQM and UDP AQM are derived from two fluid models. The network behaviors of proposed secure IDERs have been simulated by several to two fluid models with the traffic policing.
Index Terms—hybrid traffics network security edge routers control protocol congestion control stability
Yang Xiao Guangzhi Qu Kiseon Kim
Institute of Information and Science, Beijing Jiaotong University, Beijng 100044, China 2Dept.of Engineering and Computer Science, Oakland University, Rochester, MI 48309, USA 3Dept.of Information and Comm.,Gwangju Institute of Science and Technology, Gwangju 500-712, Korea
国际会议
北京
英文
55-59
2010-09-26(万方平台首次上网日期,不代表论文的发表时间)