Apparatus and method for detecting SIP message flooding attack based on CUSUM algorithm

A technology of flooding attacks and messages, applied in the field of network information security, can solve the problems of no NGN being introduced to the market, slowing down of security problems, blankness, etc.

Inactive Publication Date: 2009-06-17
BEIJING UNIV OF POSTS & TELECOMM
View PDF0 Cites 9 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, up to now, the use of CUSUM method in China to detect flooding attacks has only stayed at the stage of TCP messages, and the research results of detection and defense methods for flooding attacks of SIP messages are almost blank; the main reason is that ope

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Apparatus and method for detecting SIP message flooding attack based on CUSUM algorithm
  • Apparatus and method for detecting SIP message flooding attack based on CUSUM algorithm
  • Apparatus and method for detecting SIP message flooding attack based on CUSUM algorithm

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0043] In order to make the object, technical solution and advantages of the present invention clearer, the present invention will be further described in detail below in conjunction with the accompanying drawings.

[0044] see figure 1 , which introduces a schematic structural composition diagram of a device for detecting SIP message flooding attacks based on the CUSUM algorithm of the present invention.

[0045] The device of the present invention is made up of a plurality of functional modules of the four-layer architecture of the collection layer, the data layer, the detection layer and the response layer, wherein a packet capture module is provided in the collection layer, and the packet capture module is responsible for calling UNIX / LINUX system functions and Use the SIP protocol stack to capture the SIP data packets transmitted in the network, and complete the function of collecting SIP data packets in the network. In the data layer, there is a data preprocessing modul...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a device and a method for detecting SIP message flood attacking based on a CUSUM algorithm, wherein the device is formed by a multifunction module formed by a gathering layer, a data layer, a detecting layer and a response layer, wherein a bale grabber module of the gathering layer gathers an SIP data packet in network, a module of the data layer preprocesses the SIP data packet from the gathering layer, and respectively stores the grabbed total amount of INVITE messages and REGISTER messages, a CUSUM module of the detecting layer adopts a CUSUM algorithm to correct INVITE message value and REGISTER message value, which are stored to detect and output detection results. An alarm module of the response layer judges whether the detection result gives alarm or not to the detection result, if the detection result exceeds a preset threshold value, SIP information flood attacking is regarded to come across, and alarm signals are sent out, if not, network is represented to be normal. The device and the method are simple and practical, which are easily achieved, and can effectively detect out flood attacking aiming at SIP information in NGN network.

Description

technical field [0001] The invention relates to a method for ensuring the safe transmission of network information, specifically, a device and method for detecting flood attacks of SIP messages (including INVITE messages and REGISTER messages) based on a CUSUM algorithm, and belongs to the technical field of network information security. . Background technique [0002] NGN (Next Generation Network) uses Session Initiation Protocol (SIP) to create, manage and terminate multimedia services of various types of messages through a session control mechanism. NGN is a milestone in the history of telecommunication, marking the coming of a new generation of telecommunication network era. With the rapid popularization of computer networks and the continuous rise of various new services in telecommunication networks, network security issues have gradually penetrated into various fields of social life and become more and more serious. Because NGN has the characteristics of network IP ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
IPC IPC(8): H04L12/26H04L29/08
Inventor 孙其博闫丹凤杨放春龙湘明王尚广
Owner BEIJING UNIV OF POSTS & TELECOMM
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap