| 基于扩展状态机的SIP洪泛攻击自适应检测 |
| |
| 引用本文: | 谢晓龙,季新生,刘彩霞,刘树新. 基于扩展状态机的SIP洪泛攻击自适应检测[J]. 计算机工程, 2012, 38(23): 10-14 |
| |
| 作者姓名: | 谢晓龙 季新生 刘彩霞 刘树新 |
| |
| 作者单位: | 国家数字交换系统工程技术研究中心,郑州,450002 |
| |
| 基金项目: | 国家"863"计划基金资助项目 |
| |
| 摘 要: | IP多媒体子系统(IMS)中现有的会话初始协议(SIP)洪泛检测方法不能根据网络状况进行自适应检测。针对该问题,提出一种基于扩展状态机的SIP洪泛自适应检测方法。通过增加描述网络受到攻击或出现异常时的状态,构造IMS网络中的SIP扩展状态机,基于卡尔曼滤波设计自适应阈值调整算法,对SIP洪泛攻击进行自适应检测。实验结果表明,该方法比固定阈值的检测方法具有更好的检测性能,更适用于真实网络。
|
| 关 键 词: | IP多媒体子系统 会话初始协议 洪泛攻击 状态机 卡尔曼滤波 |
| 收稿时间: | 2012-03-19 |
Self-adaptive Detection for SIP Flooding Attacks Based on Extended State Machine |
| |
| XIE Xiao-long , JI Xin-sheng , LIU Cai-xia , LIU Shu-xin. Self-adaptive Detection for SIP Flooding Attacks Based on Extended State Machine[J]. Computer Engineering, 2012, 38(23): 10-14 |
| |
| Authors: | XIE Xiao-long JI Xin-sheng LIU Cai-xia LIU Shu-xin |
| |
| Affiliation: | (National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China) |
| |
| Abstract: | In order to solve the problem that recent researches on detection of Session Initiation Protocol(SIP) flooding attacks in IP Multimedia Subsystem(IMS) can not adapt the network environment, this paper puts forward a self-adaptive detection method for SIP flooding attacks based on extended state machine. It builds the extended SIP state machine according to adding a state which described that the network is being attacked or abnormal, then adaptive adjusts the threshold through the introduction of adaptive algorithm based on Kalman filtering. Experimental results prove that this method has better detection performance than detection methods using fixed threshold, and it is more available in the real network. |
| |
| Keywords: | IP Multimedia Subsystem(IMS) Session Initiation Protocol(SIP) flooding attack state machine Kalman filtering |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机工程》浏览原始摘要信息 |
|
点击此处可从《计算机工程》下载免费的PDF全文 |
