Research On Detection And Defence Of DoS Attack Based On SIP

The Session Initiation Protocol (SIP) is becoming the core of multimedia communication network through the IP, based on which the3G network has been operated in our country. The easy implementation, high destruction and hard tracking against attacking source which are the characters of DoS Flood attack cause the great security threat to SIP. And the research about SIP at home and abroad is not mature. Thus, the study about the detection and defense of the DoS attacks has the great social and scientific significance.This thesis firstly study and analyze the shortage of the traditional detection algorithm based on200(OK) or180(RING) balanced message, and proposes an improved detection algorithm based on the balance of group messages. On this basis, a comprehensive detection model called ARS detection model is developed, which consists of Authentication Detection, Authentication Detection and Sum Total Detection. Three level detections raise the alarm independently according to the state of different affairs and give the feature of this attack behavior. By the validation of simulation, it is found that ARS detection model is more suitable and has a great improvement by comparison with traditional message balanced detection algorithm. Next, the security strategy of the SIP protocol and the IP feature of SIP-oriented DoS Flood attacks are studied and analyzed in this thesis. Based on this, we build up a ARS three-level queue defense model (M/M/1/(K/3)) in which the relationship between average response time QR of messages and average arrival rate λ is given. This thesis designs ARS defense mechanism including resource management, attack source analysis and rule maintenance mechanism. Among this, resource management consists of insider scanner, Authentication buffer pool and LIFO stochastic release mechanism. ARS defense mechanism not only adopts the ARS three-level queue defense model but also uses ARS linkage mechanism. Finally, the simulation of ARS defense mechanism is given and the simulation results show that SIP system with ARS defense mechanism is far superior to that with two-level priority queue.This thesis firstly introduces SIP protocol and DoS attacks technology. And the types of SIP-oriented DoS attacks are analyzed. Next, we study and design a detection algorithm of SIP-oriented DoS attack, and give its simulations. Finally, the comprehensive defense mechanism of DoS Flood attack is studied and designed, and its simulations are given.