Research On LDoS Attack In Soft-switch Network

Along with the increasing of telecommunication network business types and userdata service, traditional circuit-switched network has been unable to meet the needs ofusers, thus the development of telecommunication network to next generation networkbecome inevitable. It transforms to the soft-switch network which is based on IP packettransmission. The shortcoming that IP bearer lacks of QoS warranty is inherited tosoft-switch network. The attackers can make use of the security mechanism defects tolaunching the telephone network service attacks. Attackers can use the securityvulnerabilities of soft-switch protocol to attack service in telecommunication network.Research shows that, the DoS attack has become one of the most serious threats to thetelephone network, which can be easily realized, hided, and can make obvious results.LDoS attack is the evolution of DoS attack; the attacker does not send high speedcontinuous attack flow along the time axis. Attackers analysis the characteristics of thetarget system in advance and then periodically transmit attack pulses with high strengthto encroach on server resources. It leads to system has been in a low state, so as toachieve the purpose of denial of service. Compared with the traditional DoS attack, theaverage rate low attack is very low; attack traffic can be hidden in the normal flow.That’s why this attack mode is more difficult to be detected. Research of LDoS attack ismainly based on Internet environment, and we are short of the research on thesoft-switch network.This thesis analyzes the security situation of soft-switch network and LDoS attacksin it. We proposed one attack detection method based on the self-similar characteristicof network, the main work is as follows:1. We overviewed the soft-switch network security situation, analyzed the principleof LDoS attacks in soft-switch network and summarized the existing LDoS attack typesin the soft-switch network. Especially, we studied the application-layer LDoS attack ofsoft-switch network in detail.2. We proposed a time domain detection mechanism which was based on NetworkTraffic Self-Similarity. We used this mechanism which was called RVTP algorithm to calculate the network self-similar characteristic parameters. The network trafficcharacteristic parameters is the number of packets in the given time interval which isused to calculate network self-similar characteristic parameters (Hurst). Through theanalysis of network self-similarity parameter we can judge the existence of LDoSattack on soft-switch platform.3. Established the network environment which can detects the LDoS attack insoft-switch network. We used software SIPp and Asterisk to simulate the normal, attacktraffic and SIP server. The RVTP detection algorithm based on information entropy hadbeen programed.4. We studied the shortcomings of RVTP algorithm then we proposed an LDoSattack detection method which calculates the(Holde)r based on binary discrete waveletanalysis method. The detection accuracy was studied, and we verified this detectingmethod.