| IP Multimedia Subsystem (IMS) is a new form of multimedia services that can meet more innovative and more diversified multimedia services which the end customers demand. Currently, IMS is considered to be the core technology of next generation networks, mobile and fixed network convergence solution and an important way that introduce differentiated services such as convergence services of voice, data and vedio.SIP is the main protocol in IMS network and is conducive to the realization of conversation-based multimedia services. The conversation includes a variety of media forms such as voice, video and data. However, The vulnerabilities of SIP become an obstacle to successful deployment and use of the IMS network.Malformed message attack for vulnerability of SIP implementation is easy to launch and has great harm for IMS. Quality of service in IMS requires completing quickly detection of a large number of SIP malformed messages in P-CSCF (Proxy Call Session Control Function) or SBC (Session Border Controller).The article describes the current detection model of SIP malformed message, analyzes the shortcoming of its application to the IMS network and proposes the grammatical detection rule based on ANBF. From the perspective of the attacker, All of SIP malformed message in US national database is considered to a knowledge base for detection. The article figures out the probability that malformed element happened in the headers of SIP message, analyzes the detection cost of headers and set up the detection sequence. The headers which have high probability and low detection cost have high priority to be detected. The knowledge base will be adjusted according to the detection result. On the other hand, SIP malformed message testing platform is used to study the characteristics of effective malformed message, analyzes the effect of malformed element on IMS network. Malformed element which has great effect will be detected at fist.Through the method mentioned before, the fast detection algorithm is proposed. To verify the above theory, the article gives the design and implementation of the system which can complete the fast detection of SIP malformed message and the experiment result using PROTOS SIP and SIPp. Experimental results show that false negative rate of the algorithm is 0% and false positive rate is 0%. Furthermore, the session setup delay in IMS can be within the requirements. Therefore, the SIP malformed detection algorithm is applicable for IMS network to complete detection... |
PDF Full Text Request