通信类英文文献及翻译.doc

.
2 / 12
__刘峻霖__通信143班__2014101108
附录
一、英文原文：
Detecting Anomaly Traffic using Flow Data in the real VoIP network
he flow-based traffic measurement archi-tecture. We consider three representative VoIP anomalies called CANCEL, BYE Denial of Service <DoS> and RTP flooding attacks in this paper, because we found that malicious users in wireless LAN could easily perform these attacks in the real VoIP network. For monitoring VoIP packets, we employ the IETF IP Flow Information eXport <IPFIX> [9] standard that is based on NetFlow v9. This traffic measurement method provides a flexible and extensible template structure for various protocols, which is useful for observing SIP/RTP flows [10]. In order to capture and export VoIP packets into IPFIX flows, we define two additional IPFIX templates for SIP and RTP flows. Furthermore, we add four IPFIX fields to observe packets which are necessary to detect VoIP source spoofing attacks in WLANs.
.
3 / 12
II. RELATED WORK
[8] proposed a flooding detection method by the Hellinger Distance <HD> concept. In [8], they have pre- sented INVITE, SYN and RTP flooding detection meth-ods. The HD is the difference value between a training data set and a testing data set. The training data set collected traffic over n sampling period of duration Δ testing data set collected traffic next the training data set in the same period. If the HD is close to ‘1’, this testing data set is regarded as anomaly traffic. For using this method, they assumed that initial training data set did not have any anomaly traffic. Since this method was based on packet counts, it might not easily extended to detect other anomaly traffic except flooding. On the other hand, [11] has proposed a VoIP anomaly traffic detection method using Extended Finite State Machine <EFSM>. [11] has suggested INVITE flooding, BYE DoS anomaly traffic and media spamming detection methods. However, the state machine required more memory because it had to maintain each flow. [13] has pre