Design And Implementation Of Intrution Detection System For Ims Based On Opensbc

IMS has become a fact of NGN standard, as the carrier construction and vigorously promote, IMS technology will get more extensive application, secu-rity problems will be arised.This paper do the research about IMS security,IMS is based on IP, so the introduction of the protective means in traditional IP net-work may be available for IMS network, and SBC is session board controller in the boundary of the IMS core network position, with some functions in pro-tecting IMS。It is obviously that there are many advantages that design the IDS for IMS based on SBC, so in order to improve the ability of protecting IMS core network through the SBC, this paper is devoted to the implemen-tation of intrusion detection system for IMS based on SBC, OpenSBC are an open source implementation of SBC equipment, all the situations using SBC equipment will be replaced by OpenSBC, so from the perspective of develop-ment environment, intrusion detection system for IMS is actually implemented based on the OpenSBC.This paper is devoted to the design and implementation of intrusion de-tection system for IMS network based on OpenSBC, the intrusion detection system aims to filter the traditional attack traffic in IP network and malformed SIP messages in IMS network. Intrusion detection system based for IMS based on OpenSBC is composed of five parts, respectively are data acquisition mod-ule, decoding module, preprocess module, detection engine and SBC commu-nications module. The data acquisition module use API provided by LibPcap library for getting packets for tasks. Decode module parses every field of the acquisition packets,reads and stores the content of some important fields. Pre-processing module is responsible for the restructuring of shard bag or some special processing steps before detection. Detection engine completes the core task of the intrusion detection system, compare the source data through above steps with detection rules, filter the matched packets and forward the detec-tion results with SBC communications module to the SBC, this paper designs the detection engine to reduce the detection delay through the optimization for rule list and match algorithm, solves the scalability problem of system through plugin technology. SBC communication module is responsible for the intru-sion detection system and SBC communications, SBC do the next operation according to detection results. Test results show that intrusion detection system for IMS based on OpenSBC can effectively filter the traditional attack traffic in IP network and malformed SIP messages in IMS network, and will not affect the normal work of the SBC.