期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

SIP数据采集系统的设计与实现 被引量:2

Design and implementation of SIP-based data collection system
下载PDF
导出
摘要 SIP数据采集系统作为SIP入侵检测系统不可缺少的一部分,对其检测性能和准确率有着重要的影响。由于目前的数据采集工具不能直接用于处理应用层数据,很难满足SIP入侵检测系统的需求。分析了libpcap和pf_ring两种包捕获技术,描述了pf_ring的工作机制,设计了一种基于pf_ring技术的SIP数据采集系统结构。通过优化oSIP协议栈,采用在内核层和用户层结合的方法开发SIP数据过滤插件,实现了一种高效的SIP数据采集系统。通过比较实验证明本文提出的SIP数据采集系统在SIP数据采集方面具有一定的优越性,保证SIP入侵检测系统采集数据的高稳定性,为SIP入侵检测系统提供稳定可靠的数据来源。 As an important part of an SIP intrusion detection system,SIP-based data collection system has significant impact on its detection performance and accuracy rate on this intrusion detection system.As current data collection tools do not directly deal with data in application layer,it is difficult to meet the requirement of the SIP intrusion detection system.This paper analyzes two kinds of packet capturing technology i.e.libpcap and pf_ring,describes pf_ring working mechanism,and proposes a SIP data collection system structure.Through optimizing the SIP protocol stack and developing the SIP data filtering plugins in the kernel layer and user layer,an efficient SIP-based data collection system is achieved.Experiments show that this SIP data collection system has some advantages in the SIP data collection,which ensures high reliability of data collected for the SIP intrusion detection system and provides a stable and reliable data source.
作者 杨雪华 侯辉超 杨姝 蒋宁
机构地区 沈阳师范大学教育技术学院 中国科学院沈阳计算技术研究所
出处 《沈阳师范大学学报(自然科学版)》 CAS 2012年第2期222-226,共5页 Journal of Shenyang Normal University:Natural Science Edition
基金 辽宁省教育科学"十二五"规划立项课题(JG11DB274)
关键词 SIP pf_ring 入侵检测 网络包捕获技术 数据过滤 session initiation protocol pf_ring intrusion detection network packet capture technology data filtering
分类号 TP393.2 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献16

二级参考文献35

  • 1王佰玲,方滨兴,云晓春.零拷贝报文捕获平台的研究与实现[J].计算机学报,2005,28(1):46-52. 被引量:67
  • 2张宇雷,黄皓.基于网络处理器的零拷贝技术[J].计算机应用研究,2007,24(1):288-290. 被引量:4
  • 3杨雪华,蒋宁,刘杨.OSP协议及在SIP系统中的应用[J].沈阳师范大学学报(自然科学版),2007,25(2):205-208. 被引量:1
  • 4ROSENBERG J, SCHULZRINE H, CAMARILLOG, et al. SIP: Session Initiation Protocol[ EB/OL]. [ 2011 - 01 - 12]. http:// www. apps. ieff. org/rtc/rtc3261, html.
  • 5SISALEM D, EHLERT S, GENEIATAKIS D, et al. Towards a se- cure and reliable VoIP infrastructur[ EB/OL]. [ 2008 -03 - 151. http://www, snocer, org.
  • 6EHLERT S, GENEIATAKIS D, MAGEDANZ T. Survey of network security systems to counter SIP-based denial-of-service attacks [ J]. Computers and Security Journal, 2010, 29(2) : 225 -243.
  • 7LUO M, PENG T, LECKIE C. CPU-based DoS attacks against SIP servers [ C]// International Conference on network Operations and Management Symposium. Piscataway, NJ: IEEE Press, 2008: 41- 48.
  • 8ROESCH M. Snort -- Lightweight intrusion detection for networks [ C]// Proceedings of the 13th USENIX Large Installation System Administration Conference. New Yolk: ACM Press, 1999:229 - 238.
  • 9REBAHI Y. Change-point detection for voice over IP denial of serv- ice attacks [ C]//Proceedings of Communication in Distributcd Sys- tems. Piscataway, NJ: IEEE Press, 2007: 1-7.
  • 10REBAHI Y, SHER M, MAGADANZ T. Detecting flooding attacks against IP Multimedia Subsystem (IMS) Networks [ C]// Proceed- ings of the 6th ACS/IEEE International Conference on Computer Systems and Applications. Piscataway, NJ: IEEE Press, 2008:848 -851.

共引文献60

同被引文献29

  • 1董萍.浅谈基于MSComm控件实现VB串口通信[J].装备制造技术,2007(2). 被引量:15
  • 2周海涛,高兴锁,江晓峰.基于java数据采集串口通讯的设计和实现[J].微计算机信息,2006,22(02S):141-142. 被引量:12
  • 3杨国良.国际VoIP流量特征分析[J].电信科学,2007,23(6):7-16. 被引量:6
  • 43GPP. IP Multimedia Subsystem(IMS)[EB/OL]. (2010-09 -01) [2012-09-07]. http; //www. quintillion. co. jp/3GPP/Specs/23228-940. pdf.
  • 5ROSENBERG J,SCHULZRINNE G,CAMARILLO A,et al. Session Initiation Protocol[EB/OL]. (2002-06-01)[2012-09-07]. http://www. ietf. org/rfc/rfc3261. txt.
  • 6GENEI AT AKIS D,KAMBOURAKIS G,DAUIUKLAS T, et al. SIP security mechanisms:A state-of-the-artreview[G]//Proceedings of 5th international network conference (INC 2005). New York:ACM press, 2005:147-155.
  • 7JACOBSEN V,LERES C. Tcpdump & libpcap[EB/OL]. (2011-07-24) [2012-09-07]. http://www.tcpdump. org.
  • 8VAPNIK V. An overview of statistical learning theory[J]. IEEE Transactions, Neural Network, 2009,10(5):988-999.
  • 9REYNOLDS B, GHOSAL D. Secure IP Telephony using Multi-layered Protection [G] // Annual Network andDistributed ISystem Security Symposium. San Diego:IEEE Computer Society Press,2003:534-538.
  • 10REBAH Y. Change-Point Detection for Voice over IP Denial of Service Attacks [G] // ITG/GI-FachtagungKommunikation in Verteilten Systemen. Bern:IEEE Computer Society Press, 2007:674-788.

引证文献2

二级引证文献5

沈阳师范大学学报(自然科学版)
2012年 第2期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部