Full-Text Search:
Home|Journal Papers|About CNKI|User Service|FAQ|Contact Us|中文
《Journal of Tsinghua University(Science and Technology)》 2009-S2
Add to Favorite Get Latest Update

VoIP network perimeter defense system

HUANG Wei1,2,LIANG Hongliang1,2,HU Zhengming1,2,YANG Yixian1,2(1.Key Laboratory of Network and Information Attack & Defense Technology of Ministry of Education,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.National Engineering Laboratory for Disaster Backup and Recovery,Beijing University of Posts and Telecommunications,Beijing 100876,China)  
Detection algorithms against VoIP(voice over internet protocol) network attacks need large amounts of computing resources,with current defense systems running out of computing resources for large system loads.This paper presents a transport layer load balancing algorithm which optimizes the distribution of the network traffic and the back-end server load.The defense system was distributed,and parallel processing to identify the signaling flow and RTP(real-time transport protocol) packet flow.The identified RTP packet flows are then associated with their respective VoIP sessions through an asynchronous query for signaling information.The integrity of the VoIP session data is then ensured by the distributed VoIP network perimeter defense.Back-to-back tests with large packet flow rates show that the packet loss rate with this system is much lower than with a single host based system.The malformed SIP(session initial protocol) signaling flood test showed that existing detection algorithms can be applied in this system without any changes.Attacks can be detected in real-time and the response delay is only one second even for a heavy loads.
【Fund】: 国家自然科学基金资助项目(60821001);; 国家“八六三”高技术项目(2008AA011004)
【CateGory Index】: TN916.2
Download(CAJ format) Download(PDF format)
CAJViewer7.0 supports all the CNKI file formats; AdobeReader only supports the PDF format.
【References】
Chinese Journal Full-text Database 2 Hits
1 HU Nan1,2,YUAN Qing-sheng3,WEI Geng-yu1,2,HUANG Wei1,2,YANG Yi-xian1,2(1.Key Laboratory of Network and Information Attack and Defense Technology,Ministry of Education,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.National Engineering Laboratory for Disaster Backup and Recovery,Beijing University of Posts and Telecommunications,Beijing 100876,China; 3.National Computer Network Emergency Response Technical Team/Coordination Center of China,Beijing 100029,China);A SPIT Detection Method Based on Conversation Pattern[J];Journal of Beijing University of Posts and Telecommunications;2011-01
2 ZHANG Wei-bing1,2,WEI Geng-yu1,2,HUANG Wei1,2,HU Zheng-ming1,2,YANG Yi-xian1,2 (1.Key Laboratory of Network and Information Attack & Defense Technology of MOE,Beijing University of Posts and Telecommunications,Beijing 100876,China;2.National Engineering Laboratory for Disaster Backup and Recovery,Beijing University of Posts and Telecommunications,Beijing 100876,China);SPIT Detecting Method Based on Bloom Filter[J];Journal of Information Engineering University;2010-05
【Citations】
Chinese Journal Full-text Database 4 Hits
1 YIN Qian(Chongqing University of Posts and Telecommunications,Chongqing 400065,P.R.China);Research of SIP DoS attack defense mechanism based on queue theory[J];Journal of Chongqing University of Posts and Telecommunications(Natural Science Edition);2008-04
2 FAN Zi-fu,WAN Xiao-yu Chongqing University of Posts and Telecommunications,Chongqing 400065,China;Design of SIP DoS attack detection plugin based on balanced message number[J];Computer Engineering and Applications;2008-20
3 DU Shi-xing,CHEN Hong-chang,YU Hong-tao(Institute of Information Technology,Information Engineering College,PLA Information Engineering University,Zhengzhou 450002);Attack and Defence Aiming at SIP Parser[J];Computer Engineering;2008-23
4 TANG Hui, LI Bi-cheng, QU Dan, ZHANG Lian-hai(Institute of Information Engineering, PLA Information Engineering University, Zhengzhou 450002);Research on Speaker Recognition from Compressed VoIP Packet Stream[J];Computer Engineering;2009-07
【Co-citations】
Chinese Journal Full-text Database 7 Hits
1 FAN Zifu,YANG Junrong,WAN Xiaoyu Key Lab of Electronic Commerce and Modern Logistics,Chongqing University of Posts and Telecommunications,Chongqing 400065,China;SIP DoS attack defense mechanism based on custom weighted fair queue scheming[J];Computer Engineering and Applications;2011-08
2 JIANG Xiu-yu,YANG Feng,CUI Zai-hui(Computer Center,Anshan Normal University,Anshan 114005,China);Improvement of SIP header parsing via static search table[J];Computer Engineering and Design;2010-13
3 LI Da-yu1,2,MA Yue2,LI Hong-bin2,LI Jun-chao2,3(1.Graduate University,Chinese Academy of Sciences,Beijing 100049,China;2.Shenyang Institute of Computing Technology,Chinese Academy of Science,Shenyang 110168,China;3.School of Computer Science and Technology, University of Science and Technology of China,Hefei 230027,China);Design and implementation of automatic SIP testing tool[J];Computer Engineering and Design;2012-01
4 CHEN Hai SHEN Yong-jun YUAN Tao-hong ZHANG Dong-dong(College of Information Science and Engineering,Lanzhou University Lanzhou,China 730000);Reforming of DoS attack defense policies based on SIP[J];Microcomputer Information;2010-15
5 LI Hong-bin1,3,LEI Wei-min2,YANG Xue-hua41(Graduate School of The Chinese Academy of Sciences,Beijing 100039,China) 2(College of Information Science and Engineering,Northeastern University,Shenyang 110819,China) 3(Shenyang Institute of Computing Technology Chinese Academy of Science,Shenyang 110171,China) 4(Software College,Shenyang Normal University,Shenyang 110034,China);Security Testing Tool in SIP-Based VoIP System[J];Journal of Chinese Computer Systems;2010-10
6 WANG Bi-Da~1,LIAN Yi-Feng~ 2,3 (1 State Key Laboratory of Information Security,Graduate University of the Chinese Academy of Sciences,Beijing 100049,China; 2 Institute of Software,Chinese Academy of Sciences,Beijing 100190,China; 3 National Engineering Research Center of Information Security(NERCIS),Beijing 100080,China);An efficiency evaluation methodology of DoS attack and defense mechanisms based on queueing theory[J];Journal of the Graduate School of the Chinese Academy of Sciences;2010-01
7 CHEN Huimin;Researchon IMS Network Threats and Testing Method[J];Modern Science & Technology of Telecommunications;2013-Z1
【Co-references】
Chinese Journal Full-text Database 10 Hits
1 XIN Yang,WEI Jing-zhi,Niu Xin-xin,GU Yang(State Key Laboratory of Networking and Switching Technology,Beijing University of Posts and Telecommunications,Beijing 100876,China);A Fast Multiple Pattern Matching Using in Intrusion Detection[J];Journal of Beijing University of Posts and Telecommunications;2008-03
2 LIN Bei, LI Chun-mei, LI Bing-zhi (Chongqing University of Posts and Telecommunciations, Chongqing 400065,P.R.Chin a);Data management system in signalling system 7 concentrative monitor[J];Journal of Chongqing University of Posts and Telecommunications;2003-04
3 LIU Ming-chuan,PENG Chang-sheng(Chongqing University of Posts and Telecommunications,Chongqing 400065,P.R.China);Research on mail filter algorithm based on bayes probability model[J];Journal of Chongqing University of Posts and Telecommunications;2005-05
4 QI Ying.YANG Song,MAO QI-Jian (College of Communication and Information Engineering, Chongqing University of Posts and Telecommunications, Chongqing 400065, P.R.China);Research of TCP security based on protocol analysis technique[J];Journal of Chongqing University of Posts and Telecommunications(Natural Science);2006-S1
5 ZHU Hai-yi, ZHOU Chun-nan (Yiyang Communication Incorporated Company, Harbin 150090, China);A brief description of VoIP basic principles[J];Information Technology;2003-05
6 GU Feng-na1,2 ZHANG Zhi-bin1 WANG Li-hong3(Institute of Computing Technology,Chinese Academy of Sciences,Beijing 100080,China)1(Graduate School,Chinese Academy of Sciences,Beijing 100039,China)2(National Computer Network and Information Security Management Center,Beijing 100029,China)3;Comparison among Load Balancing Algorithms Based on Distributed NIDS[J];Computer Science;2008-11
7 ZHAO Kai1,2, ZHU Ganghua1,2, XIN Yang1,2, YANG Yixian1,2, NIU Xinxin1,2 (1. Information Security Center, Beijing University of Posts and Telecommunications, Beijing 100876; 2. State Key Laboratory of Networking and Switching, Beijing University of Posts and Telecommunications, Beijing 100876);A New Method of SPIT Detection and Prevention[J];Computer Engineering;2007-12
8 Bai Yunjie Li Na(Department of Information Engineering,Zhengzhou Jiaotong University,Henan Zhengzhou 450062);Research on VoIP and its Security[J];Science Mosaic;2010-05
9 WANG Yang~(1,2), ZHONG Le-hai~1(1.Microcomputer Application Institute, China West Normal University, Nanchong, Sichuan 637002, China; 2.Department of Computer Science , Anhui Normal University, Wuhu, Anhui 241000, China);Design and Implementation of Intranet Basedon Network with Different OS[J];Journal of Neijiang Teachers College;2004-04
10 SI Duan-Feng+, HAN Xin-Hui, LONG Qin, PAN Ai-Min (Institute of Computer Science and Technology, Peking University, Beijing 100871, China);A Survey on the Core Technique and Research Development in SIP Standard[J];Journal of Software;2005-02
©2006 Tsinghua Tongfang Knowledge Network Technology Co., Ltd.(Beijing)(TTKN) All rights reserved