Design And Implementation Of Malformed Sip Message Detection Module For Sbc In IMS

As an important technology for the network convergence, IMS(IP Multimedia Subsystem) has attracted a widespread attention. SIP is the signaling protocol in the IMS. However, the security vulnerabilities of SIP have become an obstacle for the deployment and use of the IMS. When IETF designed the SIP protocol, it did not consider much on its security. Since the SIP protocol is a text-based protocol, when SIP messages are transmitted in the network, they can be easily forged or tampered to threat the security of the IMS. Malformed SIP message attack, which aims to exploit the security flaws in the protocol implementation, is a kind of greatly harmful IMS attack that is very easy to launch. As a key boundary access equipment of the IMS network, SBC takes the responsibility of defending the IMS from SIP based attacks. In view of the importance of IMS and the significant role of SIP in the IMS, adding malformed SIP message detection function to SBC is particularly important for the security of IMS.This paper aims to design a malformed SIP message detection module for the SBC. The module will find all of the messages that do not satisfy the BNF form defined in RFC3261. Moreover, it also aims to reduce the detection delay as lower as possible. In this way we can enhance the security defense ability of the SBC and protect core entities of the IMS network from malformed SIP messages attack.The paper analyzes the security requirements of IMS and the working mechanism of SBC. Based on the analysis, this paper further analyzes the BNF paradigm of SIP messages and the construction of malformed SIP messages. Based on the analysis, the paper proposes the parallel and serial rules for the detection of malformed SIP messages. According to these rules, the paper designs and implements the detection plug-ins, which supports the detection of various. kinds of malformed SIP messages using the regular expression technology and the Python programming language. In order to improve the performance for detecting flooding malformed message attacks, the paper adopts the MapReduce technology in the design of the detection process of the module. The paper also designs the interface for the communication between the SBC and the P-CSCF. With the interface, the SBC is able to block the malformed SIP messages besides alert when they are found. The test results evaluate the effectiveness of the implemented malformed SIP message detection module of the SBC.