On QoS And Security Techniques For IP Network

We are living in a society based on information technology. Our society is depending on information deeply and demanding information in many aspects. With the rapid development of the Internet and emergence of new business on it, the problem of Internet QoS (Quality of Service) has become a hot research area. At the same time, damages with hostile attacks to the Internet are more serious than before. In recent years, a new style of attack-Distributed Deny of Service attack (DDOS attack) has made devastating damages on Internet. This paper focuses on some of the problems of the two areas. This paper is divided into two parts. In the first part, Differentiated Service (Diffserv) model and its Assured Forward (AF) ramework are analyzed in order to provide QoS on TCP/IP network. Some algorithms such as mark algorithms; queue management algorithms and traffic scheduling algorithms are improved in this paper and some new algorithms are introduced in this paper. In the second part, traffic self-similarty model and DDOS attack are analyzed in details. A new method to detect DDOS attack is introduced in this paper based on a real time parameter-monitoring algorithm and lots of experiments. Researches in this paper are focused on aspects shown below:1. AF framework in Diffserv model is realized and the main components in AF framework are researched in details. A series of modified algorithms are introduced to make Diffserv model more efficient. The details are from chapter 2.2. Queue management algorithms are researched in this paper. A new dynamic queue management algorithm is provided. Traffic scheduling algorithms are also researched in this paper and a traffic-scheduling algorithm is optimized using Latency-Rate servers model. The details are from chapter 3 and chapter 4.3. A method of detecting DDOS attack based on traffic self-similarity is introduced in the first time in this paper. The method is realized using real-time parameter-monitoring algorithm R2S mentioned in this paper. The details are from chapter 5 and chapter 6.The background, status and development of Internet QoS are described in chapter 1. The two models of Internet QoS: Interserv and Diffserv are described. Then the background and development of network self-similarity model and anti-DDOS attack are also described in this chapter. The building of AF framework of Diffserv model is described in chapter2. First, theinfluence on traffics' QoS of different queue management algorithms RIO-C, RIO-DCand WRED are examined. Then a new marker that could improve the utility of bandwidth is introduced. Also a new marker that designed for TCP flows based on TCP's mathematical model is introduced in this chapter. Simulation results show that this marker improves the throughput of TCP flow greatly. Queue management algorithm is researched in details in chapter 3. A dynamic RED algorithm based on the analysis of RED algorithm and its mathematical model. Simulation results show that our algorithm can save network resources greatly without decrease the traffics' performance. Premium service provided by this algorithm called queue-mark scheme is also researched in this chapter. A new QoS analysis model - Latency-Rate Servers model (LR model) is used in chapter4. This model is used to analyse and optimize the traffic-scheduling algorithm. VirtualClock algorithm is proved belong to L-R model and optimize its performance based on above analysis. The good simulation results show that it can improve network resource utility. Traffic self-similarity model is analyzed in chapter 5. After analyzed some methods on calculating network self-similarity parameter, a real-time algorithm named R2S is introduced. This algorithm can calculate H value more efficienctly. The relationship between DDOS attack and the variety of parameter of traffic's self-similarity model is also discussed in this chapter. This discussion is the fundamental for detecting DDOS attack. Detecting model of DDOS attack based on traffic self-similarity is establish...