Intrusion prevention system against SIP distributed flooding attacks
LI Hong-bin1,2, LIN Hu1, Lü Xin1,2, YANG Xue-hua3
1.Shenyang Institute of Computing Technology, Chinese Academy of Sciences, Shenyang Liaoning 110168, China
2. Graduate University of Chinese Academy of Sciences, Beijing 100039, China
3.College of Educational Technology, Shenyang Normal University, Shenyang Liaoning 110034, China
Abstract��According to the research of distributed SIP flooding attack detection and defense, in combination with the characteristics of IP-based distributed flood attack and SIP messages, the two-level defense architecture against SIP distributed flooding attacks (TDASDFA) was presented. Two-level defensive components made up TDASDFA logically: the First level Defense Subsystem (FDS) and the Second level Defense Subsystem (SDS). FDS coarse-grained detected and defended SIP signaling stream to filter out non-VoIP messages and discard SIP messages of the IP addresses exceeding the specified rate to ensure service availability| SDS fine-grained detected and defended SIP messages using a mitigation method based on security level to identify the cunning attacks and low-flow attacks with obvious features of malicious DoS attacks. FDS and SDS detected and defended network status in real-time together to weaken SIP distributed flooding attacks. The experimental results show that TDASDFA can detect and defend SIP distributed flooding attacks, and reduces the probability of SIP proxy server or IMS server being attacked when the network is on the abnormity.
���� ��� ��� ��ѩ��. ����SIP�ֲ�ʽ�鷺���������ַ���ϵͳ[J]. �����Ӧ��, 2011, 31(10): 2660-2664.
LI Hong-bin LIN Hu L�� Xin YANG Xue-hua. Intrusion prevention system against SIP distributed flooding attacks. Journal of Computer Applications, 2011, 31(10): 2660-2664.
2011, Vol. 31 
