| SIP protocol has recently become the most important protocol in VoIP network. While it is providing flexible and convenient service, SIP faces lots of security threats. DoS attack is just a kind of common and enormous threat against SIP. Today there are various DoS attacks in SIP system. Some attacks, such as INVITE flooding, evolve from old DoS attacks; and some attacks, such as tearing down sessions, come from SIP applications. These attacks are difficult to be prevented from, and will damage system severely.The existing security mechanisms for SIP can not solve this problem well. Some are not secure enough, such as HTTP authentication presented in RFC 3261; and some are not practical enough to be widely used, such as IPSec VPN. So it is necessary to do research on DoS attack and defence in SIP system, and provide more useful security mechanisms and solutions.This paper studies DoS attack and its defence solution in SIP system. According to study on attack, research is put mainly on intrusion behavior detection and authentication mechanism. The paper proposes a framework of anomaly detection including a novel behavior detection method and the FC mode, the ADA authentication mechanism and a whole defence solution.First, study begins from every kind of DoS attacks, and divides them into two classes: attack on SIP resource and attack on SIP behavior. Study goes into each class for more detailed classification. Then, defence mechanism is discussed with main focus on intrusion behavior detection and authentication mechanism. A framework of anomaly detection and a novel two-way authentication mechanism named ADA are presented. Considering every aspect, a comprehensive security solution for DoS is provided. Deep study goes into behavior detection. Specification-Based detection mothed and the FC model are proposed. Finally, simulation is designed and implemented to validate the FC model. |
PDF Full Text Request