北京邮电大学学报

  • EI核心期刊

北京邮电大学学报 ›› 2014, Vol. 37 ›› Issue (6): 11-16.doi: 10.13190/j.jbupt.2014.06.003

• 论文 • 上一篇    下一篇

基于Map-Reduce模型的畸形SIP消息检测方法

双锴, 夏千林   

  1. 北京邮电大学 网络与交换技术国家重点实验室, 北京 100876
  • 收稿日期:2014-03-07 出版日期:2014-12-28 发布日期:2014-10-17
  • 作者简介:双锴(1977-),男,副教授,E-mail:shuangk@bupt.edu.cn.
  • 基金资助:

    北京邮电大学青年科研创新计划专项项目(2013RC1102); 国家重点基础研究发展计划(973计划)项目(2011CB302506); 国家自然科学基金项目(61170274)

Detection of Malformed SIP Messages Based on Map-Reduce Model

SHUANG Kai, XIA Qian-lin   

  1. State Key Laboratory of Networking and Switching Technology, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:2014-03-07 Online:2014-12-28 Published:2014-10-17

摘要:

提出一种支持检测规则动态更新的畸形会话发起协议(SIP)消息检测模型,采用正向规则和反向规则结合的方式,以有效应对未知类型的畸形攻击. 采用Map-Reduce模型实现检测规则,检测过程分为常规检测和特殊检测,常规检测阶段检测消息的基本格式,特殊检测阶段将SIP消息分割后并行检测语法规则. 实验结果表明,提出的检测模型能准确高效地检测出SIP消息中的畸形特征.

关键词: 畸形会话发起协议消息, 检测模型, Map-Reduce模型

Abstract:

This paper proposed a session initiation protocol(SIP) message inspection model combining the forward and backward rules inspection. With the capability of updating rules dynamically, this model can detect unknown type of malformed attack efficiently. Based on Map-Reduce model, the inspection procedure is divided into two phases: routine inspection and special inspection. In routine inspection, the basic format of SIP message is detected. In special inspection, the consistency with the grammar rules is verified in parallel after the segmentation of the SIP message. Experimental results show that the proposed inspection model can detect malformed features in the SIP message efficiently and accurately.

Key words: malformed session initiation protocol message, inspection model, Map-Reduce model

中图分类号: 

版权所有 © 2018 《北京邮电大学学报》编辑部 京ICP备14033833号     在线人数:今日访问 当前在线 总访问

通信地址:北京市海淀区西土城路10号北京邮电大学195信箱    邮编:100876    电话:(010)62281995    QQ:307514248    微博    留言    电子邮箱:byxb@bupt.edu.cn