期刊文献+
任意字段
题名或关键词
题名
关键词
文摘
作者
第一作者
机构
刊名
分类号
参考文献
作者简介
基金资助
栏目信息

基于Fuzz测试的IMS网络SIP漏洞挖掘模型 被引量:1

SIP vulnerability discovery model in IMS based on Fuzz testing
下载PDF
导出
摘要 为有效挖掘3G核心网IP多媒体子系统中SIP流程存在的安全漏洞,提出了一种基于Fuzz测试的SIP漏洞挖掘模型。基于Fuzz漏洞测试方法设计了一种SIP漏洞挖掘模型,设计的初始消息状态转移方法实现了其中的消息注入功能,使漏洞挖掘进入到SIP流程内部,实现了自适应监控功能,针对不同监控内容实施相应的监控方法。仿真结果验证了模型及其功能方法的有效性。 To effectively discover the vulnerability in the communication process of SIP protocol in the IP multimedia subsystem of 3G core network,this paper proposed a vulnerability discovery model.Firstly,this paper designed a SIP protocol vulnerability discovery model based on the Fuzz vulnerability testing.Then it designed states transfer method of initial message to achieve the message injection function of the model.Finally,it realized the seft-adaption monitoring function in the model,which could implement relevant monitor methods according to different monitor objects.Simulation experimental results show the effectiveness of the vulnerability discovery model and its function achievement
作者 刘树新 彭建华 刘彩霞 谢晓龙
机构地区 信息工程大学国家数字交换系统工程技术研究中心
出处 《计算机应用研究》 CSCD 北大核心 2012年第9期3456-3459,共4页 Application Research of Computers
基金 国家"863"计划资助项目(2011AA010604 2008AA011003)
关键词 漏洞挖掘 模糊 会话初始协议 IP多媒体子系统 vulnerability discovery Fuzz SIP IMS
分类号 TP393.08 [自动化与计算机技术—计算机应用技术]
  • 相关文献

参考文献14

  • 1王尚广,孙其博,杨放春.IMS网络中的SIP洪泛攻击检测[J].软件学报,2011,22(4):761-772. 被引量:12
  • 2KUMAR A,TILAGAM S. A novel approach for evaluating and detecting low rate SIP flooding attack [J]. International Journal of Computer Application,2011,26(1) :31-36.
  • 3CHEN E Y, ITOH M. A whitelist approach to protect SIP servers from flooding attacks [ C]//Proc of IEEE Intemationai Workshop Technical Committee on Communications Quality and Reliability. 2010 : 1 - 6.
  • 4SC HANES C,TABER S,POPP K,et al. Security test approach for automated detection of vulnerabilities of SIP-based VoIP so£tphones[ J]. International Journal on Advances in Security,2011,4(1-2) :95-105.
  • 5CHOWOHURY M Z,SY B K,AHMAD R. Application of gassian estimation for devising reliable vulnerability assessment on SIP-based VOIP infrastructure [ C ] //Proc of Intemationai Conference on Security & Management. 2006 : 293-299.
  • 6GORBUNOU S,ROSENBLOOM A. AutoFuzz:automated network protocol fuzzing framework [J]. International Journal of Computer Science and Network Security,2010,10(8) :239-245.
  • 7CAMARILLO G, GARCIA-MARTIN M A. The 3G IP multimedia subsystem (IMS) :merging the internet and the cellular worlds[ M]. 2nd ed. Chichester : John Wiley ,2006 :31-40.
  • 8SHUANG Kai,WANG Si-yuan,ZHANG Bo, et al. IMS security analysis using multi-atttibute model [ J ]. Journal of Networks, 2011,6 (2) :263-271.
  • 9BECKER S, ABDELNUR H, OBES J L, e( al. Improving fuzz testing using game theory [ C ] //Proc of the 4 th Intemationai Conference on Network and System Security,Melbourne,Australia. Washington DC: IEEE Computer Society, 2010 : 263 - 268.
  • 10DAI Hu-ning, MURPHY C, KAISER G E. Configuration fuzzing for software vulnerability detection [ C ] //Proc of International Conference on Availability,Reliability and Security.2010;525-530.

二级参考文献1

共引文献11

同被引文献9

  • 1Mahmood F.SIP security threats and countermeasures[D].Sweden:Halmstad University,2012.
  • 2WANG Yulong,WANG Dong,WANG Lei.A parsing mode based method for malformed SIP messages testing for IMS network[J].Journal of Networks,2013,8(4):812-821.
  • 3Abdelnur H J,State R,Festor O.KiF:A stateful SIP fuzzer[C]//Proceedings of the 1st International Conference on Principles,Systems and Applications of IP Telecommunications.New York:ACM,2007:47-56.
  • 4Ehlert S,Geneiatakis D,Magedanz T.Survey of network security systems to counter SIP-based denial-of-service attacks[J].Computers&Security,2010,29(2):225-243.
  • 5Abrey D D,Ventura N.Vulnerability discovery and analysis within the open source IMS core[C]//The Southern Africa Telecommunication Networks and Applications Conference,2011:4-7.
  • 6Srinivasan H,Sarac K.A SIP security testing framework[C]//The 6th Consumer Communications and Networking Conference.Las Vegas:IEEE,2009:1-5.
  • 7HSU Y,SHU Guoqiang,LEE David.A model-based approach to security flaw detection of network protocol implementations[C]//IEEE International Conference on Network Protocols.Orlando:IEEE,2008:114-123.
  • 8Duchene F,Groz R,Rawat S,et al.XSS vulnerability detection using model inference assisted evolutionary fuzzing[C]//The Third International Workshop on Security Testing.Canada:IEEE,2012:815-817.
  • 9Ali S,Briand L C,Hemmati H,et al.A systematic review of the application and empirical investigation of search-based test case generation[J].IEEE Transactions on Software Engineering,2010,36(6):742-762.

引证文献1

二级引证文献2

计算机应用研究
2012年 第9期

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部