VoIP网络边界攻击防护系统  被引量:2

VoIP network perimeter defense system

在线阅读下载全文

作  者:黄玮[1,2] 梁洪亮[1,2] 胡正名[1,2] 杨义先[1,2] 

机构地区:[1]北京邮电大学网络与信息攻防技术教育部重点实验室,北京100876 [2]北京邮电大学灾备技术国家工程实验室,北京100876

出  处:《清华大学学报(自然科学版)》2009年第S2期2215-2221,共7页Journal of Tsinghua University(Science and Technology)

基  金:国家自然科学基金资助项目(60821001);国家"八六三"高技术项目(2008AA011004)

摘  要:网络电话(VoIP)网络攻击检测算法的实现需要较多的计算资源支持,而现有的VoIP网络攻击防护系统在负载提高时会出现计算资源供给瓶颈。针对该问题,该文提出传输层负载均衡算法对网络流量实施优化分配和后端服务器负载均衡。在此基础上,系统进行信令流和RTP(实时传输协议)流分布式并行识别,所识别的RTP流通过异步查询信令流信息关联到所属的VoIP会话,为VoIP会话数据完整性提供保证,从而实现了一种分布式VoIP网络边界攻击防护系统。对比测试证明该系统在大流量条件下的丢包率远低于单机系统;畸形SIP信令泛洪攻击测试表明,现有的VoIP网络攻击检测算法可以无需改动应用在该系统中,并达到重负载条件下的攻击实时检测和秒级延迟响应。Detection algorithms against VoIP(voice over internet protocol) network attacks need large amounts of computing resources,with current defense systems running out of computing resources for large system loads.This paper presents a transport layer load balancing algorithm which optimizes the distribution of the network traffic and the back-end server load.The defense system was distributed,and parallel processing to identify the signaling flow and RTP(real-time transport protocol) packet flow.The identified RTP packet flows are then associated with their respective VoIP sessions through an asynchronous query for signaling information.The integrity of the VoIP session data is then ensured by the distributed VoIP network perimeter defense.Back-to-back tests with large packet flow rates show that the packet loss rate with this system is much lower than with a single host based system.The malformed SIP(session initial protocol) signaling flood test showed that existing detection algorithms can be applied in this system without any changes.Attacks can be detected in real-time and the response delay is only one second even for a heavy loads.

关 键 词:网络电话(VoIP) 负载均衡 边界防御 网络安全 

分 类 号:TN916.2[电子电信—通信与信息系统]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象