附录
一、英文原文:
Detecting Anomaly Traffic using Flow Data in the real VoIP network
I. INTRODUCTION
Recently, many SIP[3]tecture. We consider three representative VoIP anomalies called CANCEL, BYE Denial of Service (DoS) and RTP flooding attacks in this paper, because we found that malicious users in wireless LAN could easily perform these attacks in the real VoIP network. For monitoring VoIP packets, we employ the IETF IP Flow Information eXport (IPFIX) [9] standard that is based on NetFlow v9. This traffic measurement method provides a flexible and extensible template structure for various protocols, which is useful for observing SIP/RTP flows [10]. In order to capture and export VoIP packets into IPFIX flows, we define two additional IPFIX templates for SIP and RTP flows. Furthermore, we add four IPFIX fields to observe packets which are necessary to detect VoIP source spoofing attacks in WLANs.
II. RELATED WORK
[8] proposed a flooding detection method by the Hellinger Distance (HD) concept. In [8], they have pre- sented INVITE, SYN and RTP flooding detection meth-ods. The HD is the difference value between a training data set and a testing data set. The training data set collected traffic over n sampling period of duration Δ testing data set collected traffic next the training data set in the same period. If the HD is close to ‘1’, this testing data set is regarded as anom
通信类英文文献及翻译 来自淘豆网m.daumloan.com转载请标明出处.
