Attacks Notification of Differentiated Services Code Point (DSCP) values modifications

The DSCP is an integral component within the Internet Protocol (IP) header of a packet, serving the purpose of categorizing and administering network traffic, as well as facilitating the provision of Quality of Service (QoS) on IP networks. In the context of network communication, it is feasible f...

Full description

Saved in:
Bibliographic Details
Main Authors: Alarood, Ala Abdulsalam, Abubakar, Adamu, Alsubaei, Faisal S.
Format: Article
Language:English
English
Published: IEEE 2023
Subjects:
Online Access:http://irep.iium.edu.my/108238/7/108238_Attacks%20Notification%20of%20Differentiated%20Services%20Code%20Point.pdf
http://irep.iium.edu.my/108238/13/108238_Attacks%20Notification%20of%20Differentiated%20Services%20Code%20Point_SCOPUS.pdf
http://irep.iium.edu.my/108238/
https://ieeexplore.ieee.org/document/10314996
https://doi.org/10.1109/ACCESS.2023.3332119
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:The DSCP is an integral component within the Internet Protocol (IP) header of a packet, serving the purpose of categorizing and administering network traffic, as well as facilitating the provision of Quality of Service (QoS) on IP networks. In the context of network communication, it is feasible for an adversary to transmit packets with a DSCP value of ‘‘x,’’ which represents a high priority. This action aims to prioritize the specified packet over other network traffic packets without triggering any notifications during the transmission session. It is possible to use identical DSCP values for both offensive and defensive purposes. This study therefore proposed a method for generating attack notifications in response to changes in DSCP values by using binary vectors to represent entries that detect attacks and those that do not. The method returns a list of Boolean values, each of which indicates whether or not the corresponding packet was classified as an attack. The study employed an experimental research methodology to generate transmission scenarios in which an attacker would attempt to transmit packets with a malicious DSCP value so that they would be prioritized over other traffic. A function was developed to detect deviation from normal and modification values involving DSCP value operations of normal traffic and generate alert. The finding of the experimental analysis indicates the vector, represents normal traffic because it does not have a DSCP value associated with an attack. The vectors representing spoofed, Assured Forwarding (AF), Class Selector (CS) and Expedited Forwarding (EF) respectively and generate an alert based on their values. This has contributed in detecting when an attacker tries to send packets with modified DSCP value in order to get them prioritized over the other packet on the normal traffic.