一种面向SIP洪泛攻击的检测方法  

Detection method against SIP flooding attacks

在线阅读下载全文

作  者:杨雪华[1] 于涧[1] 李鸿彬[2] 

机构地区:[1]沈阳师范大学教育技术学院,沈阳110034 [2]中国科学院沈阳计算技术研究所,沈阳110168

出  处:《沈阳师范大学学报(自然科学版)》2013年第2期272-276,共5页Journal of Shenyang Normal University:Natural Science Edition

基  金:辽宁省教育科学"十二五"规划立项课题(JG11DB274)

摘  要:针对SIP洪泛攻击检测与防御的研究现状,结合SIP洪泛攻击的流量和SIP用户的实际环境特点,提出了一种基于泊松分布的自适应网络环境变化的检测方法,包括参数初始化、基于概率密度的检测机制和SIP消息过滤器。根据泊松分布和正态分布建立请求消息数目模型,利用概率密度和检测因子建立检测机制可信度,SIP消息过滤器利用指数加权移动平均(EWMA)机制解决因为网络环境的变化导致检测效率下降问题。模拟实际的SIP网络环境进行建模,采用SIP模拟呼叫器发起不同概率的呼叫模拟不同的网络状况。实验结果表明,设计的方法能够实时地检测SIP洪泛攻击,有效地改善针对不同时间段的SIP洪泛攻击的检测效率,适应复杂的网络环境。According to the research of SIP flooding attack detection and defense,combining traffic characteristics of SIP flooding attacks and the actual network environment characteristics of SIP user agent,a detection method for adaptive network environment changes based on Poisson distribution was proposed,which was made up by initialization parameters,detection mechanism based on probability density and SIP messages filter.A model of request messages numbers was established according to Poisson distribution and normal distribution,a detection mechanism credibility was proposed and SIP messages filter made use of weighted moving average(EWMA) mechanism was set to solve the problem for the detection efficiency declining because of actual network environment.The actual SIP network environment was simulated,in which SIP call simulator launched a different probability call to simulate different network conditions.Experimental results show that this method can effectively improve the detection efficiency about different time periods against SIP flooding attacks,and it can real-time detect SIP flooding attacks,improve effectively the detection efficiency for SIP flooding attack of the different time periods and adapt to the complex network environment against SIP flooding attacks.

关 键 词:会话初始协议 SIP洪泛攻击 泊松分布 检测模型 

分 类 号:TP393.2[自动化与计算机技术—计算机应用技术]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象