计算机工程2012,Vol.38Issue(23):10-14,5.DOI:10.3969/j.issn.1000-3428.2012.23.003
基于扩展状态机的SIP洪泛攻击自适应检测
Self-adaptive Detection for SIP Flooding Attacks Based on Extended State Machine
摘要
Abstract
In order to solve the problem that recent researches on detection of Session Initiation Protocol(SIP) flooding attacks in IP Multimedia Subsystem(IMS) can not adapt the network environment, this paper puts forward a self-adaptive detection method for SIP flooding attacks based on extended state machine. It builds the extended SIP state machine according to adding a state which described that the network is being attacked or abnormal, then adaptive adjusts the threshold through the introduction of adaptive algorithm based on Kalman filtering. Experimental results prove that this method has better detection performance than detection methods using fixed threshold, and it is more available in the real network.关键词
IP多媒体子系统/会话初始协议/洪泛攻击/状态机/卡尔曼滤波Key words
IP Multimedia Subsystem(IMS)/ Session Initiation Protocol(SIP)/ flooding attack/ state machine/ Kalman filtering分类
信息技术与安全科学引用本文复制引用
谢晓龙,季新生,刘彩霞,刘树新..基于扩展状态机的SIP洪泛攻击自适应检测[J].计算机工程,2012,38(23):10-14,5.基金项目
国家"863"计划基金资助项目(2011AA010604,2008AA011003) (2011AA010604,2008AA011003)
