基于OpenSBC的IMS网络入侵检测系统的设计与实现

发布时间：2018-03-18 11:07

本文选题：IMS安全　切入点：SBC　出处：《北京邮电大学》2014年硕士论文　论文类型：学位论文

【摘要】：IMS已经成为NGN的事实标准,随着运营商的大力建设和推广,IMS技术将得到更广泛的应用,安全隐患问题也将随之出现。本论文对IMS的安全问题进行了调研和探索,其以IP网作为承载的特点,适合引入传统IP网的防护手段对IMS网络的安全进行防护,而边缘会话控制器SBC处于IMS核心网的边界位置,并且已经具备一些安全防护功能,具备成为IMS网络入侵检测系统的有利条件,所以为了提高SBC对IMS核心网的防护作用,本论文致力于实现基于SBC的IMS入侵检测系统,OpenSBC是SBC设备的一个开源实现,在本论文的开发和测试过程中所有用到SBC的场景都使用OpenSBC来模拟,所以从实际开发环境来看,本论文实现的是基于OpenSBC的IMS网络入侵检测系统。本论文致力基于OpenSBC设计和实现IMS网络入侵检测系统,入侵检测系统旨在通过模式匹配过滤IMS网络中的传统IP网络攻击报文以及畸形SIP消息攻击报文。基于OpenSBC的IMS网络的入侵检测系统一共由5个部分组成,分别是数据采集模块、解码模块、预处理模块、检测引擎和与SBC通信模块。数据采集模块利用LibPcap库提供的API完成获取数据包的任务。解码器对采集的数据包的各个字段进行解析,读取并存储下重要的字段内容。预处理模块负责分片包的重组等需要在检测之前进行特别处理的工作。检测引擎完成入侵检测系统的核心工作,把经过上面步骤得到的数据包和规则库进行比对,过滤掉相匹配的数据包,并将检测的结果通过与SBC通信模块传递给SBC,本文设计的检测引擎通过规则库链表和匹配算法的优化来降低检测时延,通过插件技术来解决系统的可扩展性问题。与SBC通信模块负责入侵检测系统和SBC的通信,SBC根据检测结果进行下一步操作。测试结果验证了本文所实现的基于OpenSBC的IMS网络入侵检测系统能够有效地过滤传统IP网络攻击报文以及畸形SIP消息攻击报文,并且不会影响SBC的正常工作。
[Abstract]:IMS has become the de facto standard of NGN. With the vigorous construction and promotion of NGN technology by operators, the security hidden problems will also appear. This paper investigates and explores the security problems of IMS. It is suitable for the traditional IP network to protect the security of IMS network, while the edge session controller SBC is located at the boundary of the IMS core network and has some security protection functions. In order to improve the protection of SBC to the core network of IMS, this paper is devoted to the realization of IMS intrusion detection system based on SBC, which is an open source implementation of SBC devices. In the development and testing of this paper, all the scenarios in which SBC is used are simulated by OpenSBC. Therefore, from the point of view of the actual development environment, the IMS network intrusion detection system based on OpenSBC is implemented in this paper. This thesis is devoted to the design and implementation of IMS network intrusion detection system based on OpenSBC. Intrusion detection system (IDS) is designed to filter traditional IP network attack packets and malformed SIP message attack packets in IMS network by pattern matching. The intrusion detection system of IMS network based on OpenSBC consists of five parts: data acquisition module. The decoding module, the preprocessing module, the detection engine and the communication module with SBC. The data acquisition module uses the API provided by the LibPcap library to complete the task of obtaining the data packet. Read and store the important field contents. The preprocessing module is responsible for the recombination of sliced packets and other tasks that need special processing before detection. The detection engine completes the core work of the intrusion detection system. Compare the data packets and rule bases obtained through the above steps, filter out the matching data packets, The detection engine designed in this paper can reduce the detection delay by optimizing the rule base list and matching algorithm. The extensibility of the system is solved by plug-in technology. The communication with SBC module is in charge of the intrusion detection system and the communication between SBC and the system. The test results verify the implementation of this paper based on OpenSBC. IMS network intrusion detection system can effectively filter traditional IP network attack packets and malformed SIP message attack packets. And will not affect the normal operation of SBC.
【学位授予单位】：北京邮电大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TP393.08

【参考文献】