基于C4.5决策树的IMS网络畸形SIP消息检测方法

Detection Method for Malformed SIP Messages Based on C4.5 Decision Tree in IMS Network

下载PDF

导出

摘要针对现有方法对与正常消息相似度较高的畸形SIP消息检测效果不佳的问题,提出了一种基于C4.5决策树的IMS网络畸形SIP消息检测方法。该方法首先利用n-gram技术将SIP消息映射至高维空间,利用样本属性的信息增益进行特征提取;然后基于C4.5决策树算法,根据特征属性的信息增益率构建决策树并对畸形SIP消息进行检测;最后定义了畸形SIP消息构造函数并构建相应样本数据集,对该方法进行了仿真验证。仿真结果表明,该方法对与正常消息相似度较高的畸形SIP消息具有94.8%的检测率。 In order to solve the problem that the existing detection methods couldn＇ t effectively de- tect the malformed SIP messages which are extremely similar to the normal messages, this paper pro- poses a detection method for malformed SIP messages based on C4.5 Decision Tree. First,this meth- od maps the SIP messages to a high dimension space using the n-gram technique, and extracts the characteristics based on the information gain of sample attribute. And then,a decision tree model is built using the information gain ratio of the features, and malformed SIP messages are detected through seeking in the decision tree model. Finally, with the definition of the construction functions of such kinds of SIP messages and the corresponding sample messages set, the method is demonstra- ted by simulations. Simulation results prove that this method could detect the malformed messages that are extremely similar to the normal ones with 94.8% detection rate.

作者刘彩霞郭严赞谢晓龙李志刚

机构地区信息工程大学国家数字交换系统工程技术研究所信息工程大学理学院

出处《信息工程大学学报》 2013年第1期42-48,共7页 Journal of Information Engineering University

基金国家863计划资助项目(2011AA010604) 国家863计划资助项目(2008AA011003)

关键词 IMS网络畸形SIP消息信息增益 C4 5决策树 n—gram技术 IMS Network malformed SIP messages information gain C4. 5 decision tree n-gram technique

分类号 TN391 [电子电信—物理电子学]

引文网络
相关文献

参考文献10

1Poikselka M, Mayer G, Khartabil H,et al. IMS :移动领域的IP多媒体概念和服务[M].北京:机械工业出版社,2005:1一28,75-90,125-174,223-233.
2Network Working Group. SIP: Session Initiation Protocol[S]. IETF RFC 3261,2002.
3Geneiatakis D,dagiuklas T. Survey of Security Vulnerability in Session Initiation Protocol[J]. IEEE Communications Surveys and Tutorials,2006,8 ( 3 ) : 68-81.
4Geneiatakis D,Kambourakis G, Lambrinoudakis C,et al. A Framework for Protecting a SIP-based Infrastructure Against Mal- formed Message Attacks [ J ]. Computer Networks,2007,51 ( 10 ) : 2580-2593.
5Li H B, Lin L, Yang X H,et al. A Rules-based Intrusion Detection Prevention Framework Against SIP Malformed Messages Attacks[ C ]//Proc. of the 3rd IEEE International Conference on Broadband Network and Multimedia Technology. 2010: 700- 705.
6Rieck K, Wahl S, Laskoy P,et al. A Self-learning System for Detection of Anomalous SIP Messages [C]//Proc. of the 2rd Principles,Systems and Applications of IP Telecommunications. 2008: 90-106.
7Sparks R, Hawrylyshen A, Johnston A,et al. Session Initiation Protocol (SIP) Torture Test Messages[ S]. USA: IETF RFC 4475,2006.
8Rieck K, Laskov P. Language Models for Detection of Unknown Attacks in Network Traffic[ J]. Journal in Computer Virology, 2007,2(4) : 243-256.
9Quinlan J R. C4.5 : Programs for Machine Learning[M]. San Mateo: Morgan Kaufmann Publishers Inc, 1993 : 17-42.
10Levenshtein I V. Binary Codes Capable of Correcting Deletions,Insertions, and Reversals [ J ]. Cybernetics and Control Theory, 1966 : 707-710.

1眭新光,朱中梁.基于IP包的信息隐藏技术[J].计算机工程,2008,34(15):142-143. 被引量：2
2朱伟松,曾鹏.基于SIP和H.323的IP电话网互通研究[J].电信快报,2004(10):40-43.
3纪晓蓉,张军,马耿,李建群.实际应用中一种新的数字滤波方法[J].济南大学学报（社会科学版）,1999,10(5):72-75.
4王朋磊,包叶男.下一代网络中H.248协议与SIP协议的互通[J].广东通信技术,2005,25(1):49-51. 被引量：1
5肖波,徐昌庆.基于QAM调制信号的构造函数盲均衡算法[J].信息技术,2004,28(11):32-34. 被引量：6
6包叶男,王朋磊.SIP和H.323协议互通的研究[J].电信快报,2005(2):17-19. 被引量：1
7陈凯,曹晓光,杨冀红,史良树,战鹰.基于C4.5决策树算法的全国积雪模型生成[J].电子设计工程,2014,22(17):44-47. 被引量：3
8韩丽娜,韩改宁.决策树算法在学生成绩分析中的应用研究[J].电子设计工程,2017,25(2):18-21. 被引量：16
9王晓东,白长河.改进的构造函数盲均衡算法研究[J].无线电通信技术,2012,38(6):20-21.
10孙赢.基于信息增益的特征选择算法在语音识别系统中的应用[J].科技通报,2012,28(12):185-187.

信息工程大学学报

2013年第1期

浏览历史

内容加载中请稍等...

基于C4.5决策树的IMS网络畸形SIP消息检测方法

参考文献10

相关作者

相关机构

相关主题

浏览历史