期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

抵御SIP分布式洪泛攻击的入侵防御系统 被引量:5

Intrusion prevention system against SIP distributed flooding attacks
下载PDF
导出
摘要 针对SIP分布式洪泛攻击检测与防御的研究现状,结合基于IP的分布式洪泛攻击和SIP消息的特点,提出了一种面向SIP分布式洪泛攻击的两级防御分布式拒绝服务(DDoS)攻击体系结构(TDASDFA):一级防御子系统(FDS)和二级防御子系统(SDS)。FDS对SIP的信令流进行粗粒度检测与防御,旨在过滤非VoIP消息和丢弃超出指定速率的IP地址的SIP信令,保证服务的可用性;SDS利用一种基于安全级别设定的攻击减弱方法对SIP信令流进行细粒度检测,并过滤具有明显DoS攻击特征的恶意攻击和低流量攻击。FDS和SDS协同工作来实时检测网络状况,减弱SIP分布式洪泛攻击。实验结果表明,TDASDFA能实时地识别和防御SIP分布式洪泛攻击,并且在异常发生时有效地减弱SIP代理服务器/IMS服务器被攻击的可能性。 According to the research of distributed SIP flooding attack detection and defense,in combination with the characteristics of IP-based distributed flood attack and SIP messages,the two-level defense architecture against SIP distributed flooding attacks(TDASDFA) was presented.Two-level defensive components made up TDASDFA logically: the First level Defense Subsystem(FDS) and the Second level Defense Subsystem(SDS).FDS coarse-grained detected and defended SIP signaling stream to filter out non-VoIP messages and discard SIP messages of the IP addresses exceeding the specified rate to ensure service availability;SDS fine-grained detected and defended SIP messages using a mitigation method based on security level to identify the cunning attacks and low-flow attacks with obvious features of malicious DoS attacks.FDS and SDS detected and defended network status in real-time together to weaken SIP distributed flooding attacks.The experimental results show that TDASDFA can detect and defend SIP distributed flooding attacks,and reduces the probability of SIP proxy server or IMS server being attacked when the network is on the abnormity.
作者 李鸿彬 林浒 吕昕 杨雪华
机构地区 中国科学院沈阳计算技术研究所 中国科学院研究生院 沈阳师范大学教育技术学院
出处 《计算机应用》 CSCD 北大核心 2011年第10期2660-2664,共5页 journal of Computer Applications
基金 国家水体污染控制与治理科技重大专项(2009ZX07528-006-05)
关键词 会话初始协议 分布式洪泛攻击 两级防御 安全级别 攻击减弱 协同 Session Initiation Protocol(SIP) distributed flooding attack two-level defense security level attack mitigation collaboration
分类号 TN915.08 [电子电信—通信与信息系统] TN918.91 [电子电信—通信与信息系统]
  • 相关文献

参考文献13

  • 1ROSENBERG J, SCHULZRINE H, CAMARILLOG, et al. SIP: Session Initiation Protocol[ EB/OL]. [ 2011 - 01 - 12]. http:// www. apps. ieff. org/rtc/rtc3261, html.
  • 2CAMARILLO G.SIP揭秘[M].北京:人民邮电出版社,2003.
  • 3SISALEM D, EHLERT S, GENEIATAKIS D, et al. Towards a se- cure and reliable VoIP infrastructur[ EB/OL]. [ 2008 -03 - 151. http://www, snocer, org.
  • 4EHLERT S, GENEIATAKIS D, MAGEDANZ T. Survey of network security systems to counter SIP-based denial-of-service attacks [ J]. Computers and Security Journal, 2010, 29(2) : 225 -243.
  • 5LUO M, PENG T, LECKIE C. CPU-based DoS attacks against SIP servers [ C]// International Conference on network Operations and Management Symposium. Piscataway, NJ: IEEE Press, 2008: 41- 48.
  • 6ROESCH M. Snort -- Lightweight intrusion detection for networks [ C]// Proceedings of the 13th USENIX Large Installation System Administration Conference. New Yolk: ACM Press, 1999:229 - 238.
  • 7REBAHI Y. Change-point detection for voice over IP denial of serv- ice attacks [ C]//Proceedings of Communication in Distributcd Sys- tems. Piscataway, NJ: IEEE Press, 2007: 1-7.
  • 8REBAHI Y, SHER M, MAGADANZ T. Detecting flooding attacks against IP Multimedia Subsystem (IMS) Networks [ C]// Proceed- ings of the 6th ACS/IEEE International Conference on Computer Systems and Applications. Piscataway, NJ: IEEE Press, 2008:848 -851.
  • 9REYNOLDS B, GHOSAL D. Secure IP telephony using multi-lay- ered protection [ EB/OL]. [ 2011 - 01 - 10]. http://www, isoc. org/ isoc/ conferences/ ndss/03 /proceedings/ papers/ 3 . pdf.
  • 10SENGAR H, WANG H D, WIRJESEKERA D, et al. Detecting VolP floods using the Hellinger distance [ J]. IEEE Transactions on Parallel and Distributed Systems, 2008, 19(6) :794 -805.

二级参考文献13

  • 1索望,方勇,王昆.SIP协议中的安全机制[J].信息网络安全,2004(10):32-35. 被引量:8
  • 2储泰山,潘雪增.SIP安全模型研究及实现[J].计算机应用与软件,2004,21(12):101-104. 被引量:15
  • 3司端锋,韩心慧,龙勤,潘爱民.SIP标准中的核心技术与研究进展[J].软件学报,2005,16(2):239-250. 被引量:96
  • 4郭力,王时龙,张腾.基于SIP通信的安全性研究[J].信息安全与通信保密,2005,27(11):55-58. 被引量:8
  • 5TZVETKOV V, ZULEGER H. Service provider implementation of SIP regarding security[A]. Proceedings of the 21st International Conference Advanced Information Networking and Applications Workshops[C]. Washington, DC, USA, 2007.30-35.
  • 6GENEIATAKIS D, DAGIUKLAS T, LAMBRINOUDAKIS C, et al. Novel protecting mechanism for sip-based infrastructure against malformed message attacks: performance evaluation study[A]. Proc of the 5th International Conference on Communication Systems, Networks and Digital Signal Processing (CSNDSP'06)[C]. Patras, Greece, 2006. 261-270.
  • 7ZHANG R S, WANG X Y, YANG X H, et al. Billing attacks on SIP-based VolP systems[A]. Proceedings of the First Conference First USENIX Workshop on Offensive Technologies[C]. Boston, MA, 2007.4-4.
  • 8BILIEN J, ERIK E, JOACHIM O. Secure VoIP: Call Establishment and Media Protection[R]. KTH, Royal Institute of Technology, Stockholm, 2005.
  • 9MAHAJAN R, BELLOVIN S, FLOYD S, et al. Controlling high bandwidth aggregates in the network[J]. ACM SIGCOMM CCR, 2002, 32(3):62-73.
  • 10WANG H N, ZHANG D L, KANG G S. Detecting SYN flooding attacks[J]. IEEE Computer and Communication Society, 2002,3(6): 1530-1539.

共引文献9

同被引文献42

  • 1王景琪,左明,张功杰.BPF数据包过滤器的分析与研究[J].计算机工程与设计,2005,26(9):2384-2385. 被引量:5
  • 2李晓芳,姚远.入侵检测工具Snort的研究与使用[J].计算机应用与软件,2006,23(3):123-124. 被引量:36
  • 3闫丽丽,涂天禄,周兴涛.Libpcap数据包捕获机制剖析与研究[J].网络安全技术与应用,2006(4):38-40. 被引量:12
  • 4杨国良.国际VoIP流量特征分析[J].电信科学,2007,23(6):7-16. 被引量:6
  • 53 GPP. IP Multimedia Subsystem(IMS) [ EB/OL]. (2010-09-01) [ 2011-11-07 ]. http: ,//www. quintillion, co. jp/3 GPP/ Specs/23228-940, pdf.
  • 6COMBS G. Ethereal : A network protocol analyzer [ EB/OL ]. (2007-03-01) [ 2011 - 11-07 ]. http://www, ethereal, com.
  • 7JACOBSEN V, LERES C. Tcpdump & libpcap [ EB/OL ]. (2011-07-24 ) [ 2011 - 11-07 ]. http:////www, tcpdump, org.
  • 8ROSENBERG J, SCHULZRINNE G, CAMARILLO A, et al. Session Initiation Protocol [ EB/OL]. (2002-06-01) [ 2011 - 11-07 ]. http ://www. ieff. org/ffc/rfc3261, txt.
  • 9SISALEM D, EHLERT S,GENEIATAKIS D, et al. SNOCER-Low Cost Tools for and High Available VoIP Communication Services [ EB/OL ]. ( 2005-03-05 ) [ 2011 - 11 - 07 ]. http://www, fokus, fraunhofer, de/en/ngni/projects/archive/archive _2006/snocer/index. html.
  • 10MOIZARD A. The GNU oSIP library[ EB/OL]. ( 2005-01 -19 ) [ 2011 -11-07 ]. http:///www, gnu. org/software/osip.

引证文献5

二级引证文献3

计算机应用
2011年 第10期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部