首页 | 本学科首页   官方微博 | 高级检索  
     

一种新的SIP泛洪攻击检测方法
引用本文:常国锋,焦大军,孙悦. 一种新的SIP泛洪攻击检测方法[J]. 电信科学, 2011, 27(12): 48-52
作者姓名:常国锋  焦大军  孙悦
作者单位:1. 新乡学院,新乡,453003
2. 北京邮电大学网络与交换技术国家重点实验室,北京,100876
基金项目:国家"863"计划基金资助项目,国家教育部科学技术研究重点资助项目,河南省教育厅自然科学研究计划科技攻关基金资助项目
摘    要:IMS(IP multimedia subsystem,IP多媒体子系统)是3G系统中核心网的重要部分,它由SIP提供的会话发起能力建立端到端的会话,并获得所需要的服务质量。针对IMS网络中存在的SIP泛洪攻击,本文在详细分析SIP泛洪攻击原理和实现过程的基础上,提出了一种基于累积和算法的SIP泛洪攻击检测方法。该方法首先对接收到的SIP数据分组中的invite消息的数量进行统计,然后将统计结果输入累积和算法,以检测是否发生SIP消息泛洪攻击,最后通过设置的阈值判决检测结果。实验结果表明,本文提出的方法能够有效地检测IMS网络中的SIP泛洪攻击。

关 键 词:IMS网络  SIP  泛洪攻击  invite消息  累积和算法

An Approach for Detecting SIP Flooding Attacks in IMS Network
Chang Guofeng,Jiao Dajun,Sun Yue. An Approach for Detecting SIP Flooding Attacks in IMS Network[J]. Telecommunications Science, 2011, 27(12): 48-52
Authors:Chang Guofeng  Jiao Dajun  Sun Yue
Affiliation:1.Xinxiang College,Xinxiang 453003,China;2.State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China)
Abstract:IMS(IP Multimedia Subsystem) is an important part of 3G system core network,and it uses SIP protocol to initiate session for end-to-end connection establishment,and then gains service quality requirement.Due to the existing of SIP flooding attack in IMS network,this paper detailedly analyzes SIP flooding attack principle and realization process,and proposes a SIP flooding attack detection approach based on cumulative sum algorithm.The approach firstly calculates the number of invite messages from SIP data packages,and then make the number of invite messages as an input to invoke cumulative sum algorithm to detect whether an attack happens,and finally,by setting a threshold value to decide all detection results.Experimental results demonstrate that the proposed approach can detect SIP flooding attack of IMS network effectively.
Keywords:IMS network  SIP  flooding attack  invite message  cumulative sum
本文献已被 CNKI 万方数据 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号