首页 | 本学科首页   官方微博 | 高级检索  
     

抵御SIP分布式洪泛攻击的入侵防御系统
引用本文:李鸿彬,林浒,吕昕,杨雪华. 抵御SIP分布式洪泛攻击的入侵防御系统[J]. 计算机应用, 2011, 31(10): 2660-2664. DOI: 10.3724/SP.J.1087.2011.02660
作者姓名:李鸿彬  林浒  吕昕  杨雪华
作者单位:1.中国科学院 沈阳计算技术研究所, 沈阳 1101682.中国科学院研究生院,北京 1000393.沈阳师范大学 教育技术学院, 沈阳 110034
基金项目:国家水体污染控制与治理科技重大专项(2009ZX07528-006-05)
摘    要:针对SIP分布式洪泛攻击检测与防御的研究现状,结合基于IP的分布式洪泛攻击和SIP消息的特点,提出了一种面向SIP分布式洪泛攻击的两级防御分布式拒绝服务(DDoS)攻击体系结构(TDASDFA):一级防御子系统(FDS)和二级防御子系统(SDS)。FDS对SIP的信令流进行粗粒度检测与防御,旨在过滤非VoIP消息和丢弃超出指定速率的IP地址的SIP信令,保证服务的可用性;SDS利用一种基于安全级别设定的攻击减弱方法对SIP信令流进行细粒度检测,并过滤具有明显DoS攻击特征的恶意攻击和低流量攻击。FDS和SDS协同工作来实时检测网络状况,减弱SIP分布式洪泛攻击。实验结果表明,TDASDFA能实时地识别和防御SIP分布式洪泛攻击,并且在异常发生时有效地减弱SIP代理服务器/IMS服务器被攻击的可能性。

关 键 词:会话初始协议  分布式洪泛攻击  两级防御  安全级别  攻击减弱  协同  
收稿时间:2011-04-19
修稿时间:2011-06-09

Intrusion prevention system against SIP distributed flooding attacks
LI Hong-bin,LIN Hu,Lü Xin,YANG Xue-hua. Intrusion prevention system against SIP distributed flooding attacks[J]. Journal of Computer Applications, 2011, 31(10): 2660-2664. DOI: 10.3724/SP.J.1087.2011.02660
Authors:LI Hong-bin  LIN Hu  Lü Xin  YANG Xue-hua
Affiliation:1.Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang Liaoning 110168, China
2. Graduate University of Chinese Academy of Sciences, Beijing 100039, China
3.College of Educational Technology, Shenyang Normal University, Shenyang Liaoning 110034, China
Abstract:According to the research of distributed SIP flooding attack detection and defense, in combination with the characteristics of IP-based distributed flood attack and SIP messages, the two-level defense architecture against SIP distributed flooding attacks (TDASDFA) was presented. Two-level defensive components made up TDASDFA logically: the First level Defense Subsystem (FDS) and the Second level Defense Subsystem (SDS). FDS coarse-grained detected and defended SIP signaling stream to filter out non-VoIP messages and discard SIP messages of the IP addresses exceeding the specified rate to ensure service availability| SDS fine-grained detected and defended SIP messages using a mitigation method based on security level to identify the cunning attacks and low-flow attacks with obvious features of malicious DoS attacks. FDS and SDS detected and defended network status in real-time together to weaken SIP distributed flooding attacks. The experimental results show that TDASDFA can detect and defend SIP distributed flooding attacks, and reduces the probability of SIP proxy server or IMS server being attacked when the network is on the abnormity.
Keywords:Session Initiation Protocol (SIP)   distributed flooding attack   two-level defense   security level   attack mitigation   collaboration  
本文献已被 CNKI 等数据库收录!
点击此处可从《计算机应用》浏览原始摘要信息
点击此处可从《计算机应用》下载全文
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号