Unlock instant, AI-driven research and patent intelligence for your innovation.

Method and device for detecting incomplete session attack

A complete and session-establishing technology, applied in the field of communication, can solve the problems that firewall devices cannot effectively detect SIP-based incomplete session attacks, and cannot protect against incomplete session attacks

Active Publication Date: 2010-10-06
HUAWEI TEHCHNOLOGIES CO LTD
View PDF0 Cites 8 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

Therefore, the firewall device in this solution cannot effectively detect SIP-based incomplete session attacks, nor can it effectively defend against SIP-based incomplete session attacks

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Method and device for detecting incomplete session attack
  • Method and device for detecting incomplete session attack
  • Method and device for detecting incomplete session attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0044] This embodiment is aimed at registered users, and the processing flow of a method for detecting a SIP-based incomplete session attack provided by this embodiment is as follows: figure 1 As shown, the following processing steps are included:

[0045] Step 11, set the detection cycle of incomplete session attack, obtain the number of initial session requests and the received The number of responses that successfully established the session.

[0046] SIP-based incomplete session attacks have relatively small attack traffic, and each independent session cannot be successfully established; the status and resources of the communication peer device of the session will remain until the session ends due to timeout, cancellation or rejection, etc. , the status and resources of the communication peer device of the session can only be released, and the resource consumption time is relatively long.

[0047] In the embodiment of the present invention, firstly, a detection period of a...

Embodiment 2

[0085] In the case that the user is not registered, it is impossible to refer to the "source IP + source port" method to identify the request initiated by a single user (it can be initiated actively or requested, and will not be described in the following), nor can it be based on the user's request. The IMS service authentication data identifies the user. According to the above analysis, only on the SIP access server, such as PCSCF (Proxy Call Server Control Function, proxy session control function), the SIP registration requests in a specific user access network segment can be counted.

[0086] Set an incomplete session attack detection period, and perform statistics on the following two values ​​for a specific user access network segment:

[0087] session_setup_initial_request[n]: the number of session initial requests actively initiated by a specific user access network segment in the nth detection cycle;

[0088] session_setup_final_response[n]: The number of responses fo...

Embodiment 3

[0093] The processing flow of the method for detecting the SIP-based incomplete session attack proposed by this embodiment is as follows: figure 2 As shown, the following processing steps are included:

[0094] Step 21, counting the total number of sessions initiated by registered users in the "session establishment state".

[0095] Perform dynamic statistics on each session initiated by a registered user (it can be initiated actively or requested to be initiated, and will not be described in detail below), and the status of each session is determined. According to the predetermined statistical period, the total number of sessions in the "session establishment state" is counted regularly.

[0096] The session in the above session establishment state includes: the session that has been initiated by the user, has not been successfully established, and has not exited due to timeout, cancellation, rejection, etc.;

[0097] Step 22, judging whether the total number of sessions i...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention provides a method, a device and a system for detecting an incomplete session attack. The method comprises the following steps of: acquiring the initial request number of sessions actively initiated by a user and the response number of successfully created sessions received in one detection cycle of the incomplete session attack, and detecting whether the user initiates the incomplete session attack based on the initial request number of sessions actively initiated by the user, the response number of successfully created sessions received and a preset threshold value. The embodiment of the invention can be used for judging whether the registered user or the unregistered user in a specific user access network segment initiates the incomplete session attack, thereby effectively protecting against the incomplete session attack initiated by the registered user or the unregistered user in the specific user access network segment.

Description

technical field [0001] The invention relates to the technical field of communication, in particular to a method and a device for detecting an incomplete session attack based on the SIP (Session Initiation Protocol, Session Initiatjon Protocol) protocol. Background technique [0002] The IMS (IP Multimedia Subsystem, IP Multimedia Subsystem) / NGN (Next Generation Network, Next Generation Network) solution based on the SIP protocol faces many security threats that traditional telecommunication networks have not experienced. [0003] The service logic of the IMS / NGN solution is relatively complex. The implementation of specific services between users and between users and the network requires the establishment of states on the user and network sides, and resource allocation in the process of state transfer. At the level of SIP signaling, the attacker initiates a SIP request, requiring the communication peer (network side or another user) to allocate resources and establish a sta...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04L9/36
Inventor 陈斌张喆吴平
Owner HUAWEI TEHCHNOLOGIES CO LTD