计算机工程 ›› 2012, Vol. 38 ›› Issue (06): 145-147.doi: 10.3969/j.issn.1000-3428.2012.06.047

• 安全技术 • 上一篇    下一篇

旁路监听下VoIP行为分析与内容还原

赵寒松,吴承荣,王国平   

  1. (复旦大学计算机科学技术学院,上海 200433)
  • 收稿日期:2011-04-11 出版日期:2012-03-20 发布日期:2012-03-20
  • 作者简介:赵寒松(1988-),男,硕士,主研方向:网络安全;吴承荣,副教授;王国平,讲师

VoIP Behavior Analysis and Content Recovery Under Bypass Monitoring

ZHAO Han-song, WU Cheng-rong, WANG Guo-ping   

  1. (School of Computer Science, Fudan University, Shanghai 200433, China)
  • Received:2011-04-11 Online:2012-03-20 Published:2012-03-20

摘要: 针对以会话启动协议(SIP)为基础的VoIP会话,通过对捕捉到的数据包进行分析,提出一种旁路监听时VoIP行为分析与内容还原的方法。该方法能够有效过滤与VoIP通信无关的数据包,正确还原并记录VoIP的通信行为与通信内容。利用该方法在SNORT中实现VoIP行为分析与内容还原系统,已成功应用于实际项目中。

关键词: VoIP技术, 会话初始化协议, 会话描述协议, 网络入侵检测软件, 旁路监听, 行为分析, 内容还原

Abstract: Through analysis of the network data packets about Session Initiation Protocol(SIP)-based Voice over Internet Protocol(VoIP) in the case of bypass monitoring, a method is proposed to recover the VoIP information on bypass monitoring. This method can deal with all kinds of complex situation, filter out the network data packets which have nothing to do with VoIP communications effectively and recover the behaviors and contents of VoIP communications correctly. This method implements a VoIP behavior analysis and content recovery system based on SNORT that is applied to practical projects.

Key words: Voice over Internet Protocol(VoIP) technology, Session Initiation Protocol(SIP), Session Description Protocol(SDP), network intrusion detection software, bypass monitoring, behavior analysis, content recovery

中图分类号: