IoT Servers that receive and process packets from IoT devices should meet the QoS needs of incoming packets, and support Attack Detection software that analyzes the incoming traffic to identify and discard packets that may be part of a Cyberattack. Since UDP Flood Attacks can overwhelm IoT Servers by creating congestion that paralyzes their operation and limits their ability to conduct timely Attack Detection, this paper proposes and evaluates a simple architecture to protect a Server that is connected to a Local Area Network, using a Quasi Deterministic Transmission Policy Forwarder (SQF) at its input port. This Forwarder shapes the incoming traffic, sends it to the Server in a manner which does not modify the overall delay of the packets, and avoids congestion inside the Server. The relevant theoretical background is briefly reviewed, and measurements during a UDP Flood Attack are provided to compare the Server performance, with and without the Forwarder. It is seen that during a UDP Flood Attack, the Forwarder protects the Server from congestion allowing it to effectively identify Attack Packets. On the other hand, the resulting Forwarder congestion can also be eliminated at the Forwarder with "drop" commands generated by the Forwarder itself, or sent by the Server to the Forwarder.

翻译：物联网服务器在处理物联网设备发送的数据包时，需满足数据包服务质量需求，并支持攻击检测软件分析传入流量，以识别和丢弃可能属于网络攻击的数据包。由于UDP洪泛攻击会通过引发拥塞导致服务器瘫痪，并削弱其及时进行攻击检测的能力，本文提出并评估了一种简单架构——在局域网连接的服务器输入端部署准确定向传输策略转发器（SQF）。该转发器对传入流量进行整形，在不改变数据包整体延迟的前提下将流量发送至服务器，从而避免服务器内部拥塞。本文简要回顾了相关理论基础，并提供了UDP洪泛攻击期间的实测数据，对比了有无转发器时服务器的性能表现。结果表明，在UDP洪泛攻击期间，转发器能保护服务器免受拥塞影响，使其有效识别攻击数据包。另一方面，转发器产生的拥塞也可通过转发器自身生成的"丢弃"指令或服务器向转发器发送的丢弃指令来消除。