Detecting Violation in DiffServ Priority

Due to of the fast growth in network technology structure and spread uses in all our life, in the same time the networks threated are rapidly increased. This paper presents an edge to edge model. The aim is to detect intrusion in the networks with little effort on the network resources. by monitoring and detecting the Denial of Service / Distributed Denial of Service (DoS/DDoS) attacks in case of network congestion and their impact on priority level of users. Hybrid threshold used to know if users are violating the network services or not. Random Early Detection (RED) threshold is an adaptive threshold moves between minimum and maximum values, Service Level Agreement (SLA) threshold is a predefined values determined between customer and service provider (SP). RED algorithm used in Quality of Service (QoS) DiffServ environment to monitor the network, when notice the suspicious users exceed the Hybrid threshold, the Detecting Violation in DiffServ Priority (DVDP) model moves to other phase and computes the throughput for suspicious users. This model used Network Simulator 2 (NS2) to simulate the proposed network, this network has users with low level priority triggered a lot of traffic and effected on the high level priority users and consume their bandwidth. This model detect the malicious users affected on the users have high priority, and differentiate with legal users. The accuracy on detected the malicious users estimates about 94%, and a very high sensitivity to the abnormal traffic.