SIP-protocol-based method and system for detecting communication network attack
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
A technology of SIP protocol and detection method, which is applied in the field of communication security, can solve the problems of no detection and protection, and achieve the effect of protecting security and avoiding attacks
Inactive Publication Date: 2015-04-15
上海信擎信息技术有限公司
View PDF0 Cites 10 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
The SIP firewall attack detection method of the existing network is usually similar to the firewall of the traditional Internet, and there is no effective detection and protection at the service layer for the characteristics of SIP calls
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0033] like figure 1 As shown, the present invention provides a method for detecting a communication network attack based on the SIP protocol, including steps S1 to S6.
[0034] Step S1, binding the calling number of the user with the IP address of the user; specifically, binding the calling number of the user with the IP address of the user here is to facilitate the SIP call in subsequent steps Perform authentication to prevent user account theft and prohibit illegal users from calling;
[0035] Step S2, when a SIP call occurs, obtain SIP signaling from the SIP packet at the link layer of the control plane, parse out the calling number and IP address from the SIP signaling, and determine whether the two are in the binding relationship , if so, go to step S3, otherwise go to step S4;
[0036] Step S3, the IP message of the link layer of the control plane is illegal data, and the subsequent IP message of the SIP call of the calling number is intercepted;
[0037] Preferably,...
Embodiment 2
[0054] like figure 2 and 3 As shown, the present invention also provides another SIP protocol-based communication network attack detection system 3 , including a binding module 31 , a first judging module 32 , an intercepting module 33 and a second judging module 34 .
[0055] A binding module 31, configured to bind the user's calling number with the user's IP address;
[0056] The first judging module 32 is used to obtain the SIP signaling from the SIP message of the link layer of the control plane when a SIP call occurs, parse out the calling number and the IP address from the SIP signaling and judge whether the two are all The above-mentioned binding relationship, if so, then start the interception module 33, if not, then start the second judging module 34;
[0057] Intercepting module 33, is used for determining that the IP message of control surface link layer is illegal data, intercepts the follow-up IP message of the SIP call of this calling number;
[0058] Prefera...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
PUM
Login to view more
Abstract
The invention provides an SIP-protocol-based method and system for detecting communication network attack. The method comprises the following steps of binding a calling number of a user with an IP (Internet Protocol) address of the user; when an SIP call is initiated, obtaining SIP signaling from an SIP message of a control plane link layer, obtaining a calling number and an IP address from the signaling through analysis, and judging whether the calling number and the IP address have binding relationship; intercepting follow-up messages of the SIP call of the calling number if that the calling number and the IP address have binding relationship is determined and IP messages from the control plane link layer are invalid data; judging whether call time slot of the SIP signaling is greater than a predetermined call frequency if that the calling number and the IP address do not have binding relationship is determined; and controlling the call time slot of the SIP signaling through INVITE information if the call time slot of the SIP signaling is greater than the predetermined call frequency. According to the invention, without changing prior signaling and network equipment, analysis and detection are carried out on the SIP signaling and the media streams which flow through the network so as to judge whether the messages are an attack messages and whether corresponding safeguard measures need to be taken, so that the security of a core network is protected, and the attack to a network layer and an application layer is prevented.
Description
technical field [0001] The invention relates to the field of communication security, in particular to a method and system for detecting a communication network attack based on the SIP protocol. Background technique [0002] The SIP firewall of the existing network is usually built in the session border controller (SBC) and superimposed on the edge of the IP network. It integrates the session message and media control functions, and is a back-to-back user agent of SIP messages. It can play the role of NAT, Network topology hiding and other functions to realize the forwarding of signaling and media streams. The attack detection method of the SIP firewall in the existing network is usually similar to the firewall of the traditional Internet, and there is no effective detection and protection at the service layer according to the characteristics of the SIP call. Contents of the invention [0003] The object of the present invention is to provide a method and system for detect...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to view more 
Login to view more