摘要:
IP多媒体子系统(IMS)中现有的会话初始协议(SIP)洪泛检测方法不能根据网络状况进行自适应检测。针对该问题,提出一种基于扩展状态机的SIP洪泛自适应检测方法。通过增加描述网络受到攻击或出现异常时的状态,构造IMS网络中的SIP扩展状态机,基于卡尔曼滤波设计自适应阈值调整算法,对SIP洪泛攻击进行自适应检测。实验结果表明,该方法比固定阈值的检测方法具有更好的检测性能,更适用于真实网络。
关键词:
IP多媒体子系统,
会话初始协议,
洪泛攻击,
状态机,
卡尔曼滤波
Abstract:
In order to solve the problem that recent researches on detection of Session Initiation Protocol(SIP) flooding attacks in IP Multimedia Subsystem(IMS) can not adapt the network environment, this paper puts forward a self-adaptive detection method for SIP flooding attacks based on extended state machine. It builds the extended SIP state machine according to adding a state which described that the network is being attacked or abnormal, then adaptive adjusts the threshold through the introduction of adaptive algorithm based on Kalman filtering. Experimental results prove that this method has better detection performance than detection methods using fixed threshold, and it is more available in the real network.
Key words:
IP Multimedia Subsystem(IMS),
Session Initiation Protocol(SIP),
flooding attack,
state machine,
Kalman filtering
中图分类号:
谢晓龙, 季新生, 刘彩霞, 刘树新. 基于扩展状态机的SIP洪泛攻击自适应检测[J]. 计算机工程, 2012, 38(23): 10-14.
XIE Xiao-Long, JI Xin-Sheng, LIU Cai-Xia, LIU Shu-Xin. Self-adaptive Detection for SIP Flooding Attacks Based on Extended State Machine[J]. Computer Engineering, 2012, 38(23): 10-14.