Title:
VoIP用の分散型状態表示侵入検知
Document Type and Number:
Japanese Patent JP5311630
Kind Code:
B2
Abstract:
An apparatus and method are disclosed for detecting intrusions in Voice over Internet Protocol systems without an attack signature database. The illustrative embodiment is based on two observations: (1) various VoIP-related protocols are simple enough to be represented by a finite-state machine (FSM) of compact size, thereby avoiding the disadvantages inherent in signature-based intrusion-detection systems.; and (2) there exist intrusions that might not be detectable locally by the individual finite-state machines (FSMs) but that can be detected with a global (or distributed) view of all the FSMs. The illustrative embodiment maintains a FSM for each session/node/protocol combination representing the allowed (or "legal") states and state transitions for the protocol at that node in that session, as well as a "global" FSM for the entire session that enforces constraints on the individual FSMs and is capable of detecting intrusions that elude the individual FSMs.
More Like This:
Inventors:
Sashin garg
Nabjet sign
Akshay Adhikari
Yu Sung Woo
Nabjet sign
Akshay Adhikari
Yu Sung Woo
Application Number:
JP2008230505A
Publication Date:
October 09, 2013
Filing Date:
September 09, 2008
Export Citation:
Assignee:
Avaya Inc.
International Classes:
H04L12/70
Domestic Patent References:
| JP2006120138A |
Other References:
Gunjan KHANNA et al.,Self Checking Network Protocols: A Monitor Based Approach,Proceedings of the 23rd IEEE International Symposium on Reliable Distributed Systems, SRDS 2004,IEEE Computer Society,2004年10月,pp.18-30,URL,http://ieeexplore.ieee.org/xpl/articleDetails.jsp?tp=&arnumber=1353000
Attorney, Agent or Firm:
Hirofumi Mimata