作者投稿和查稿 主编审稿 专家审稿 编委审稿 远程编辑

计算机工程 ›› 2012, Vol. 38 ›› Issue (23): 10-14. doi: 10.3969/j.issn.1000-3428.2012.23.003

• 专栏 • 上一篇    下一篇

基于扩展状态机的SIP洪泛攻击自适应检测

谢晓龙,季新生,刘彩霞,刘树新   

  1. (国家数字交换系统工程技术研究中心,郑州 450002)
  • 收稿日期:2012-03-19 出版日期:2012-12-05 发布日期:2012-12-03
  • 作者简介:谢晓龙(1988-),男,硕士研究生,主研方向:移动通信网络,网络入侵检测;季新生,教授;刘彩霞,副教授;刘树新,硕士研究生
  • 基金资助:

    国家“863”计划基金资助项目(2011AA010604, 2008AA011003)

Self-adaptive Detection for SIP Flooding Attacks Based on Extended State Machine

XIE Xiao-long, JI Xin-sheng, LIU Cai-xia, LIU Shu-xin   

  1. (National Digital Switching System Engineering and Technological R&D Center, Zhengzhou 450002, China)
  • Received:2012-03-19 Online:2012-12-05 Published:2012-12-03

摘要:

IP多媒体子系统(IMS)中现有的会话初始协议(SIP)洪泛检测方法不能根据网络状况进行自适应检测。针对该问题,提出一种基于扩展状态机的SIP洪泛自适应检测方法。通过增加描述网络受到攻击或出现异常时的状态,构造IMS网络中的SIP扩展状态机,基于卡尔曼滤波设计自适应阈值调整算法,对SIP洪泛攻击进行自适应检测。实验结果表明,该方法比固定阈值的检测方法具有更好的检测性能,更适用于真实网络。

关键词: IP多媒体子系统, 会话初始协议, 洪泛攻击, 状态机, 卡尔曼滤波

Abstract:

In order to solve the problem that recent researches on detection of Session Initiation Protocol(SIP) flooding attacks in IP Multimedia Subsystem(IMS) can not adapt the network environment, this paper puts forward a self-adaptive detection method for SIP flooding attacks based on extended state machine. It builds the extended SIP state machine according to adding a state which described that the network is being attacked or abnormal, then adaptive adjusts the threshold through the introduction of adaptive algorithm based on Kalman filtering. Experimental results prove that this method has better detection performance than detection methods using fixed threshold, and it is more available in the real network.

Key words: IP Multimedia Subsystem(IMS), Session Initiation Protocol(SIP), flooding attack, state machine, Kalman filtering

中图分类号: