| With the improvement of network bandwidth and Internet technology, there has been a rising demand for transmission of multimedia information over the IP network. Due to the advantages of low cost and the good quality and performance of communications, VoIP communications market is expanding rapidly. Because of the network convergence technology development and national preferential policy, VoIP will be popular in China. Because VoIP is open and distributed, VoIP service providers and users may encounter such as SPIT and DoS attacks. Therefore, the demand of the national security sector and carriers for the VoIP protection system is huge.After studying the VoIP protocol and VoIP security threats, the paper designs and implements a VoIP protection system. VoIP protection system consists of normal real-time VoIP traffic statistics, flow of VoIP attack detection and blocking VoIP attacks. Specifically, the paper's main tasks include the followings:1) The paper designs VoIP protection system framework.VoIP protection system includes the NP load balancing module, the preprocessing module, the signaling processing module, the conversation analyzing module, the media stream processing module, the responsing module and the systems for centralized system management module.2) The system uses libpcap to capture the raw packet. Bypassing the TCP/IP protocol stack, the system has completed reassembling ip fragment and reassembling TCP packet out of order.3) After identifying the VoIP signaling protocol, the system uses OSIP to parse SIP message and uses OOH323 to resolve H.323 message. In the resolution process, the system identifies and analyses abnormality signaling message. Through the transaction-based testing, the system determines the existence of DoS attacks.4) VoIP media stream processing includes restoring RTP streams and matching RTP streams on line. The segregation of RTP streams is completed by the HASH structure. Through the timer mechanism based on event triggers, RTP streams are restored and saved. Through the existing database with the characteristics of the RTP stream which has been restored, the system accurately detects the presence of binary matching malicious session.5) The paper proposed hard blocking method based on iptables and soft blocking method based on libnet.Finally, the paper set up an experimental test environment, completed the stress test of the normal VoIP traffic detection and completed functional test of attack VoIP traffic. |
PDF Full Text Request