摘要： 根据会话初始协议(SIP)拒绝服务攻击的原理和方式，将阈值动态调整和实时动态防御相结合，提出一种抵御SIP洪泛攻击的防御模型，利用卡方流量判定模型与累计和统计模型动态调整阈值，并检测SIP洪泛攻击，通过IP防御模型动态抵御基于IP的SIP洪泛攻击。实验结果表明，该模型可以实时、高效地检测SIP洪泛攻击，在异常发生时有效防止SIP/ IMS服务器被攻击。

关键词: 会话初始协议, 拒绝服务攻击, 洪泛攻击, 卡方流量, 累计和, IP防御模型

Abstract: By analyzing the principle, mode, characteristics of Denial of Service(DoS) attack aiming at Session Initiation Protocol(SIP) and flooding attack faced by SIP network, this paper proposes a prevention model combining a dynamic threshold adjustment with real-time dynamic prevention for SIP flooding attack. It can dynamically adjust the threshold and detect SIP flooding attack through chi-square traffic judging mode and cumulative statistics mode, and can dynamically prevent IP-based SIP flooding attacks with IP defense model. Experimental result shows that the model can effectively detect and prevent the SIP flooding attack, and reduce the probability of SIP/IMS server being attacked when SIP network is on the abnormity.

Key words: Session Initiation Protocol(SIP), Denial of Service(DoS) attack, flooding attack, chi-square traffic, cumulative sum, IP defense model

中图分类号: 

• TP393