{"title":"一种抵抗SIP服务器畸形和泛洪攻击的方法","authors":"Ming-Yang Su, Chen-Han Tsai","doi":"10.4304/jnw.10.2.77-84","DOIUrl":null,"url":null,"abstract":"As a result of its low costs and high degree of integration with other services, Voice over Internet Protocol (VoIP) has become very widely used, while Session Initiation Protocol (SIP) is one of the most important protocols for providing the VoIP service. Since SIP is an open source code with a simple structure and high expansibility, SIP servers are more vulnerable to attack by SIP messages malformed in order to stunt the server, or by a flood of SIP messages causing server congestion or shutdown. The system proposed in this paper therefore has two functions; one is to filter malformed messages that conflict with the SIP protocol, and the other is to determine whether an SIP server is under flooding attack. This study used the Chi- square test, usually applied in statistics, to identify flooding attacks. The proposed system can automatically modify an SIP server's blacklist to deter an attacker's subsequent attempts.","PeriodicalId":14643,"journal":{"name":"J. Networks","volume":"94 1","pages":"77-84"},"PeriodicalIF":0.0000,"publicationDate":"2015-03-03","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":"{\"title\":\"An Approach to Resisting Malformed and Flooding Attacks on SIP Servers\",\"authors\":\"Ming-Yang Su, Chen-Han Tsai\",\"doi\":\"10.4304/jnw.10.2.77-84\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As a result of its low costs and high degree of integration with other services, Voice over Internet Protocol (VoIP) has become very widely used, while Session Initiation Protocol (SIP) is one of the most important protocols for providing the VoIP service. Since SIP is an open source code with a simple structure and high expansibility, SIP servers are more vulnerable to attack by SIP messages malformed in order to stunt the server, or by a flood of SIP messages causing server congestion or shutdown. The system proposed in this paper therefore has two functions; one is to filter malformed messages that conflict with the SIP protocol, and the other is to determine whether an SIP server is under flooding attack. This study used the Chi- square test, usually applied in statistics, to identify flooding attacks. The proposed system can automatically modify an SIP server's blacklist to deter an attacker's subsequent attempts.\",\"PeriodicalId\":14643,\"journal\":{\"name\":\"J. Networks\",\"volume\":\"94 1\",\"pages\":\"77-84\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-03-03\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"7\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"J. Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.4304/jnw.10.2.77-84\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"J. Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.4304/jnw.10.2.77-84","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
摘要
VoIP (Voice over Internet Protocol)由于其低成本和与其他业务的高度集成而得到了广泛的应用,而SIP (Session Initiation Protocol)是提供VoIP业务的最重要的协议之一。由于SIP是开源代码,结构简单,可扩展性高,因此SIP服务器更容易受到恶意破坏服务器的SIP消息的攻击,或者受到大量SIP消息导致服务器拥塞或关闭的攻击。因此,本文提出的系统具有两个功能;一是过滤与SIP协议冲突的畸形消息,二是判断SIP服务器是否受到泛洪攻击。本研究使用统计学中常用的卡方检验来识别洪水攻击。该系统可以自动修改SIP服务器的黑名单,以阻止攻击者的后续攻击。
An Approach to Resisting Malformed and Flooding Attacks on SIP Servers
As a result of its low costs and high degree of integration with other services, Voice over Internet Protocol (VoIP) has become very widely used, while Session Initiation Protocol (SIP) is one of the most important protocols for providing the VoIP service. Since SIP is an open source code with a simple structure and high expansibility, SIP servers are more vulnerable to attack by SIP messages malformed in order to stunt the server, or by a flood of SIP messages causing server congestion or shutdown. The system proposed in this paper therefore has two functions; one is to filter malformed messages that conflict with the SIP protocol, and the other is to determine whether an SIP server is under flooding attack. This study used the Chi- square test, usually applied in statistics, to identify flooding attacks. The proposed system can automatically modify an SIP server's blacklist to deter an attacker's subsequent attempts.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
