The Research Of Internet Traffic Control And Usability Of Information

Through about ten years quickly development, Internet shows serious congestion problem. At the same time, the draw back of TCP/IP protocol is a main source of unfair flow and vicious attack. From the point of view of usability in information security, this paper designs a reasonable scheme to resolve the network congestion. Then, this paper proposes some approaches to detect and defense the unfair flow or attack flow, and research the technique of IP traceback. Generally, the main achievements in this paper include:(1) Propose the scheme of active network based on mobile agent-ANSMA. Then, we present the mechanism of congestion control-CCANSMA. By providing congestion detection and congestion control mechanism in both network nodes and endpoints, CCANSMA greatly reduces the congestion reaction delay in source endpoint. On the other hands, through punish and restrict attacking stream and UDP stream of no TCP-friendly, DCCMA reduces the danger of the attacking stream, and shows TCP-friendly of UDP stream to confirm the usability of information.(2) Propose the algorithm of traffic prediction based on fuzzy neural networks. Traditional traffic control technique has the problem of detain, because it only consider the currently status of networks resource. The fuzzy neural network scheme can solve this limitation satisfactorily for its good capability of processing inaccurate information and self-learning.(3) Presents a Certified Quality TCP-Friendly Congestion Control Algorithm (CQTCCA). The mechanism includes the ehd-to-end congestion control and the gateway queue management. Providing the rate adjustment based on equation at the end host, the UDP streams show TCP-Friendly. Though modify the RED algorithm to Marked-RED, the gateway can differentiates the marked and unmarked packets, so it can guarantees the minimum rate guarantees to real-time multimedia traffic.(4)Presents the methods of detecting and protecting the IP hijack and Smurf attack based on analyzing their attacking principle.(5) Imposing the limitation of TCP/IP, DDoS (distributed Denial of Service attacks) send out a lot of legal data package, causing other user can't get the normal service. For this attack is effective and difficult to be defended, it has been a great threat to the security of Internet. After analyzing the characteristic of the attack package and flow, we design an IDC (Intrusion Detection System) based on DataMining.(6) Presents a Weight Marking Scheme (WMS) to trace the source of the attacks. To resolve the problem of high false positive rate, WMS research the character of HASH. Using the combination of optimum HASH, WMS compress the IP form 64 bits to 11 bits and reduce the false positive rate. In pervious works, there are no difference between the attack paths and normal stream. WMS import the weight information to edges and paths, so the victim can find the attack paths more clearly by comparing weight of paths in the normal condition with weight of paths in the abnormal condition. Both the theory and the experiment result show the validity of WMS.