基于自适应z-score CUSUM算法的IP多媒体子系统寄存器泛洪攻击检测

ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia Pub Date : 2011-11-01 DOI:10.1109/ICIMU.2011.6122765

Elham Nosrati, A. Kashi, Yashar Darabian, S. M. H. Tonekaboni

{"title":"基于自适应z-score CUSUM算法的IP多媒体子系统寄存器泛洪攻击检测","authors":"Elham Nosrati, A. Kashi, Yashar Darabian, S. M. H. Tonekaboni","doi":"10.1109/ICIMU.2011.6122765","DOIUrl":null,"url":null,"abstract":"IP Multimedia Subsystems (IMS) is the core of Next Generation Network (NGN) which provides high quality combination of different multimedia services. Although IMS open core architecture has made it an easy access network for clients, it has result in some security weaknesses and vulnerabilities, by which attacks and threats try to enter network. Denial of service attacks (DoS), prevent legitimate users from using services by overloading network resources. These attacks are usually based on sending flooding packets by spoofed IP addresses and are called Distributed Denial of Service (DDoS), these attacks can be generated through REGISTER messages that are followed by heavy weighted process of registration in Call Session Control Function (CSCF) entities. In this paper an adaptive CUSUM algorithm is proposed which can differ peak time traffic from attack traffic and detect flooding attacks with low values of False Alarm Rates (FAR) and of Detection Delays (DD) and Detection Time (DT).","PeriodicalId":102808,"journal":{"name":"ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia","volume":"52 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-11-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Register flooding attacks detection in IP multimedia subsystems by using adaptive z-score CUSUM algorithm\",\"authors\":\"Elham Nosrati, A. Kashi, Yashar Darabian, S. M. H. Tonekaboni\",\"doi\":\"10.1109/ICIMU.2011.6122765\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"IP Multimedia Subsystems (IMS) is the core of Next Generation Network (NGN) which provides high quality combination of different multimedia services. Although IMS open core architecture has made it an easy access network for clients, it has result in some security weaknesses and vulnerabilities, by which attacks and threats try to enter network. Denial of service attacks (DoS), prevent legitimate users from using services by overloading network resources. These attacks are usually based on sending flooding packets by spoofed IP addresses and are called Distributed Denial of Service (DDoS), these attacks can be generated through REGISTER messages that are followed by heavy weighted process of registration in Call Session Control Function (CSCF) entities. In this paper an adaptive CUSUM algorithm is proposed which can differ peak time traffic from attack traffic and detect flooding attacks with low values of False Alarm Rates (FAR) and of Detection Delays (DD) and Detection Time (DT).\",\"PeriodicalId\":102808,\"journal\":{\"name\":\"ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia\",\"volume\":\"52 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-11-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/ICIMU.2011.6122765\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICIMU.2011.6122765","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 5

摘要

IP多媒体子系统(IMS)是下一代网络(NGN)的核心，能够提供不同多媒体业务的高质量组合。尽管IMS开放核心体系结构使其成为客户端易于访问的网络，但它也导致了一些安全弱点和漏洞，攻击和威胁试图通过这些弱点和漏洞进入网络。拒绝服务攻击(DoS)通过使网络资源过载，阻止合法用户使用服务。这些攻击通常基于欺骗IP地址发送洪水报文，称为分布式拒绝服务攻击(DDoS)，这些攻击可以通过注册消息产生，然后在CSCF (Call Session Control Function)实体中进行重加权注册过程。本文提出了一种自适应CUSUM算法，该算法能区分峰值流量和攻击流量，并能以较低的虚警率(FAR)、检测延迟(DD)和检测时间(DT)值检测洪水式攻击。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

IP Multimedia Subsystems (IMS) is the core of Next Generation Network (NGN) which provides high quality combination of different multimedia services. Although IMS open core architecture has made it an easy access network for clients, it has result in some security weaknesses and vulnerabilities, by which attacks and threats try to enter network. Denial of service attacks (DoS), prevent legitimate users from using services by overloading network resources. These attacks are usually based on sending flooding packets by spoofed IP addresses and are called Distributed Denial of Service (DDoS), these attacks can be generated through REGISTER messages that are followed by heavy weighted process of registration in Call Session Control Function (CSCF) entities. In this paper an adaptive CUSUM algorithm is proposed which can differ peak time traffic from attack traffic and detect flooding attacks with low values of False Alarm Rates (FAR) and of Detection Delays (DD) and Detection Time (DT).

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

ICIMU 2011 : Proceedings of the 5th international Conference on Information Technology & Multimedia

自引率

0.00%

发文量