摘要: 根据会话初始协议(SIP)拒绝服务攻击的原理和方式,将阈值动态调整和实时动态防御相结合,提出一种抵御SIP洪泛攻击的防御模型,利用卡方流量判定模型与累计和统计模型动态调整阈值,并检测SIP洪泛攻击,通过IP防御模型动态抵御基于IP的SIP洪泛攻击。实验结果表明,该模型可以实时、高效地检测SIP洪泛攻击,在异常发生时有效防止SIP/ IMS服务器被攻击。
关键词:
会话初始协议,
拒绝服务攻击,
洪泛攻击,
卡方流量,
累计和,
IP防御模型
Abstract: By analyzing the principle, mode, characteristics of Denial of Service(DoS) attack aiming at Session Initiation Protocol(SIP) and flooding attack faced by SIP network, this paper proposes a prevention model combining a dynamic threshold adjustment with real-time dynamic prevention for SIP flooding attack. It can dynamically adjust the threshold and detect SIP flooding attack through chi-square traffic judging mode and cumulative statistics mode, and can dynamically prevent IP-based SIP flooding attacks with IP defense model. Experimental result shows that the model can effectively detect and prevent the SIP flooding attack, and reduce the probability of SIP/IMS server being attacked when SIP network is on the abnormity.
Key words:
Session Initiation Protocol(SIP),
Denial of Service(DoS) attack,
flooding attack,
chi-square traffic,
cumulative sum,
IP defense model
中图分类号:
李鸿彬, 林浒, 吕昕, 杨雪华. 一种高效抵御SIP洪泛攻击的防御模型[J]. 计算机工程, 2013, 39(2): 119-124.
LI Hong-Ban, LIN Hu, LV Cuan, YANG Xue-Hua. An Efficient Prevention Model Against SIP Flooding Attack[J]. Computer Engineering, 2013, 39(2): 119-124.