通信类英文文献及翻译

：峻霖班级：通信143班学号：2014101108

附录

一、英文原文：

Detecting Anomaly Traffic using Flow Data in the real

VoIP network

I. INTRODUCTION

Recently, many SIP[3]/RTP[4]-based VoIP applications and services have appeared and their penetration ratio is gradually increasing due to the free or cheap call charge and the easy subscription method. Thus, some of the subscribers to the PSTN service tend to change their home telephone services to VoIP products. For example, companies in Korea such as LG Dacom, Samsung Net- works, and KT have begun to deploy SIP/RTP-based VoIP services. It is reported that more than five million users have subscribed the commercial VoIP services and 50% of all the users are joined in 2009 in Korea [1]. According to IDC, it is expected that the number of VoIP users in US will increase to 27 millions in 2009 [2]. Hence, as the VoIP service becomes popular, it is not surprising that a lot of VoIP anomaly traffic has been already known [5]. So, Most commercial service such as VoIP services should provide essential security functions regarding privacy, authentication, integrity and non-repudiation for preventing malicious traffic. Particu- larly, most of current SIP/RTP-based VoIP services supply the

minimal security function related with authentication. Though secure transport-layer protocols such as Transport Layer Security (TLS) [6] or Secure RTP (SRTP) [7] have been standardized, they have not been fully implemented and deployed in current VoIP applications because of the overheads of implementation and performance. Thus, un-encrypted VoIP packets could be easily sniffed and forged, especially in wireless LANs. In spite of authentication,the authentication keys such as MD5 in the SIP header could be maliciously exploited, because SIP is a text-based protocol and unencrypted SIP packets are easily decoded. Therefore, VoIP services are very vulnerable to attacks exploiting SIP and RTP. We aim at proposing a VoIP anomaly traffic detection method using the flow-based traffic measurement archi-tecture. We consider three representative VoIP anomalies called CANCEL, BYE Denial of Service (DoS) and RTP flooding attacks in this paper, because we found that malicious users in wireless LAN could easily perform these attacks in the real VoIP network. For monitoring VoIP packets, we employ the IETF IP Flow Information eXport (IPFIX) [9] standard that is based on NetFlow v9. This traffic measurement method provides a flexible and extensible template structure for various protocols, which is useful for observing SIP/RTP flows [10]. In order to capture and export VoIP packets into IPFIX flows, we define two additional IPFIX templates for SIP and RTP flows. Furthermore, we add four IPFIX fields to observe 802.11 packets which are necessary to detect VoIP source spoofing attacks in WLANs.

II. RELATED WORK