The Differentiated Services Code Point (DSCP) field in Internet Protocol (IP) headers lets you set Quality of Service (QoS) priorities. If the DSCP values and packet lengths mismatch, it could mean that the network is not set up correctly, that policies are being broken, or that traffic is being manipulated, which could make the network less fair and less efficient. This research processed benign packet capture files from different types of applications. The rationale for using a benign dataset is that the research focuses on extracting anomalies from an environment where attacks are not expected. If the dataset contained known attacks, it would already have inherent manipulations. By training on a benign dataset, any subsequent manipulation can be more readily detected. Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM), and hybrid CNN–LSTM are utilized. All of the models were able to detect matches and mismatches well without overfitting. CNN had an accuracy of 0.9987, a precision of 0.9984, a recall of 0.9986, an F1-score of 0.9985, and an area under the curve (AUC) of 0.9995. LSTM had an accuracy of 0.9989, a precision of 0.9988, a recall of 0.9990, an F1-score of 0.9989, and an AUC of 0.9996. CNN–LSTM had the best scores: 0.9993 accuracy, 0.9991 precision, 0.9994 recall, 0.9992 F1-score, and 0.9998 AUC. The finding showed that all models made very few mistakes of classification. Deep learning reliably finds DSCP-Packet Length mismatches in IP headers, which makes it possible to monitor QoS and find problems before they happen. The CNN–LSTM hybrid model was the best because it combined feature extraction and learning temporal patterns. This framework provides a scalable, real-time solution for preserving QoS integrity and guaranteeing equitable network resource distribution.
Muhammad A Aldhahery (Thu,) studied this question.