A Study On Packet Classification With Packet Markings

With the continuous development of the Internet technology, some networking security problems, such as the uneven distribution of network resources and traffic, the design flaws of TCP/IP protocols, etc., have led to a lot of networking attacks. Therefore, how to identify and classify packets, and filter malicious ones, and ensure the effectiveness of transmission is very important to protect networking communications against attacks. The packet classification technique, which has been widely used in networking monitoring and multimedia communications, etc., has become a common networking security defense measure in recent years.Packet classification is a set of rules used to check the head of packets and classify the packets into different streams. Through examining packets'head, a host or a router can determine how to classify, process the packet accurately, and implement the corresponding operations.In this thesis, we focus on the current Internet infrastructure and have a close study on the Denial of Service (DoS) attacks and networking congestion attacks. Then we combine packet classification schemes with a kind of defense technique, Path identification (Pi). With effective implementation and verification, we propose two optimal and novel schemes. After detailed discussions, we propose the first scheme that combing the packet classification with packet markings. Afterwards we propose another novel scheme, Path identifier with Least-Recently-Used Policy (Pi-LRU), to optimize the final implementation process and improve classification efficiencies.Firstly, based on the packet classification and Pi techniques, we design a novel packet classification scheme, i.e., the Packet Classification with Packet Markings (PCPM). In the scheme, if the current flows'volume with Pi values in communication is much higher than that of the history flows whose information has been stored in the cache table of routers, the RF flag in the IP head is set to 1 which indicates illegal flows. If the volume of current flows with Pi values is nearly equal to that of the history flows in the cache table, a multiple packet classification scheme is used to improve classification performances. In the multiple classification scheme, if the volume of flows with Pi values is greater than the threshold value, the RF flag in a packet is also set to 1, otherwise to 0. Therefore the performance of our scheme is much better through comparing with traditional packet classification schemes centering on the rules-customized kind.Secondly, in order to improve the final efficiency for flows balance and defense, we optimize and manage the Pi markings in the Pi technique and PCPM. Specifically, we adopt a strategy similar to the Least-Recently-Used (LRU) in the Pi seeking stage. In Pi-LRU the Pi information will be updated periodically according to the frequency of appearing Pi items before the final filter stage. The least used Pi item will be eliminated and the most used Pi item will be placed in the top of the Pi table. We provide whole optimization steps in the thesis.Large-scale simulation results based on actual Internet datasets show that the two novel schemes we proposed are effective. Both schemes greatly improve the implementation efficiency and final classification effect.