Attacks Notification of Differentiated Services Code Point (DSCP) values modifications
The DSCP is an integral component within the Internet Protocol (IP) header of a packet, serving the purpose of categorizing and administering network traffic, as well as facilitating the provision of Quality of Service (QoS) on IP networks. In the context of network communication, it is feasible f...
Saved in:
Main Authors: | , , |
---|---|
Format: | Article |
Language: | English English |
Published: |
IEEE
2023
|
Subjects: | |
Online Access: | http://irep.iium.edu.my/108238/7/108238_Attacks%20Notification%20of%20Differentiated%20Services%20Code%20Point.pdf http://irep.iium.edu.my/108238/13/108238_Attacks%20Notification%20of%20Differentiated%20Services%20Code%20Point_SCOPUS.pdf http://irep.iium.edu.my/108238/ https://ieeexplore.ieee.org/document/10314996 https://doi.org/10.1109/ACCESS.2023.3332119 |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The DSCP is an integral component within the Internet Protocol (IP) header of a packet,
serving the purpose of categorizing and administering network traffic, as well as facilitating the provision
of Quality of Service (QoS) on IP networks. In the context of network communication, it is feasible for
an adversary to transmit packets with a DSCP value of ‘‘x,’’ which represents a high priority. This action
aims to prioritize the specified packet over other network traffic packets without triggering any notifications
during the transmission session. It is possible to use identical DSCP values for both offensive and defensive
purposes. This study therefore proposed a method for generating attack notifications in response to changes
in DSCP values by using binary vectors to represent entries that detect attacks and those that do not. The
method returns a list of Boolean values, each of which indicates whether or not the corresponding packet was
classified as an attack. The study employed an experimental research methodology to generate transmission
scenarios in which an attacker would attempt to transmit packets with a malicious DSCP value so that
they would be prioritized over other traffic. A function was developed to detect deviation from normal and
modification values involving DSCP value operations of normal traffic and generate alert. The finding of the
experimental analysis indicates the vector, represents normal traffic because it does not have a DSCP value
associated with an attack. The vectors representing spoofed, Assured Forwarding (AF), Class Selector (CS)
and Expedited Forwarding (EF) respectively and generate an alert based on their values. This has contributed
in detecting when an attacker tries to send packets with modified DSCP value in order to get them prioritized
over the other packet on the normal traffic. |
---|