Компютърни системи за откриване и защита от нежелани прониквания при IP комуникации

Abstract

There are two types of systems for intrusion detection IDS (Intrusion Detection Systems) - based on signature-based and anomaly in the system. Signature-based IDS identify malicious activity by inspecting individual packets and comparing it with reference samples of known signatures. Based on the identified fault attacks, by analyzing the total network traffic flows, and performing the comparison with pre-defined models of traffic characteristics (e.g., if the activity is within the normal or abnormal parameters). Both systems have strengths and weaknesses, but both are effective when properly applied.
VoIP communications using a combination of protocols for retransmission of communication messages, and they in their hand can use dynamically allocated ports. Also can be used different routes and this leads to different challenges sashestvuvashtite IDS systems. Although they are able to detect some of the related VoIP attacks with existing techniques, they still can not detect attacks such as kidnapping calls and sessions, manipulating the flow of conversation or manipulation of the media. For example, Snort IDS uses signature-based techniques to detect malicious activity associated with SIP signaling, the rules include detection of attacks such as SIP signaling bombarded with messages, port scans, backfilling with SYN requests and more.