计算机工程与应用 ›› 2011, Vol. 47 ›› Issue (8): 62-65.

• 网络、通信、安全 • 上一篇    下一篇

定制加权公平队列调度下的SIP DoS攻击防御机制

樊自甫,杨俊蓉,万晓榆   

  1. 重庆邮电大学 电子商务与现代物流重点实验室,重庆400065
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2011-03-11 发布日期:2011-03-11

SIP DoS attack defense mechanism based on custom weighted fair queue scheming

FAN Zifu,YANG Junrong,WAN Xiaoyu   

  1. Key Lab of Electronic Commerce and Modern Logistics,Chongqing University of Posts and Telecommunications,Chongqing 400065,China
  • Received:1900-01-01 Revised:1900-01-01 Online:2011-03-11 Published:2011-03-11

摘要: SIP由于协议的开放性而容易受到DoS洪泛攻击,队列调度方案可以大大减轻洪泛攻击对SIP服务器的影响。通过对SIP消息特征和现有队列调度方案的分析,提出了一种基于定制加权公平队列调度的SIP DoS洪泛攻击防御机制,并对该机制进行了性能仿真。仿真结果显示该方案在防御INVITE洪泛攻击方面比单队列和优先级队列更为有效。

关键词: 会话初始协议(SIP), 拒绝服务(DoS), 洪泛, 定制加权公平队列, 防御机制

Abstract: SIP is attacked by DoS flooding easily because of it’s open.The queue scheduling scheme can alleviate the SIP server’s influence caused by flooding attack.By the analysis of SIP message character and existing queue scheduling scheme,this paper brings forward a SIP DoS flooding attack defense mechanism based on custom weighted fair queue scheming and simulates it’s performance.The result of simulation proves the scheme is more effective than single queue and priority queue in defense of INVITE flooding attack.

Key words: Session Initiation Protocol(SIP), Denial of Service(DoS), flooding, custom weighted fair queuing, defense mechanism