攻击情况下的IMS系统建模与仿真
|
摘要
本论文首先对网络可生存性的定义、研究方法和研究现状进行了介绍。网络可生存性是指系统在遭受到攻击,失误或者意外事件时,能够在规定时间内完成关键性任务,并在事后能够恢复所有服务的能力。可生存性研究是目前国际上提出的Internet安全方面的重大课题之一。
论文然后主要针对下一代网络中控制层IMS进行可生存性研究,重点在于基于SIP协议的信令过程:注册流程和会话流程。IMS(IP Multimedia Subsystem)是3G系统中核心网(CN)的一部分,它是一个独立于接入技术的基于IP的标准体系,可以实现与现有的语音和数据网络的互通,各种类型的终端都可以通过IMS建立对等通信,并获得所需的服务质量。IMS通过SIP协议提供的会话发起能力建立端到端的会话。文章提出了将IMS系统分为三个相对独立的模型:外部环境、系统状态和系统服务模型,分别对他们进行建模分析。外部环境模型包括攻击行为和系统配置两部分;系统状态通过转移概率矩阵来描述;系统服务模型选择利用随机Petri网来构建。随机Petri网在传统上是作为系统性能评估的一个数学描述工具,与马尔可夫链相比,它具有简单、直观、易懂与易用的优点,并且从随机Petri网模型中我们可以获得整个系统的许多性能参数。论文对随机Petri网模型进行了仿真,并利用建立的系统生存性量化评估公式对系统进行生存性分析。
论文的最后对现在可用的一些生存性技术进行了介绍,并重点介绍了冗余备份技术在系统可生存性中的运用。
First, this paper introduces the definition of network survivability, research methods and research on the status quo. Survivability refers to the network system which is subjected to attack, errors or accidents, ensures key tasks to be completed within the stipulated time, and afterwards restores all services. International study on the viability of the Internet is a major issue one of security.
Then, the main theses against the next generation IMS network layer for survival study focus on the SIP signaling process: registration process and conversation flow. IMS (IP Multimedia Subsystem) is the core of 3G Network (CN), and it is an independent technology in the IP-based access control system that can be achieved with existing voice and data network links. The terminal can be established through various types of IMS communications, and the necessary quality of service. IMS conversation initiated by the SIP agreement provides the ability to build end-to-end conversation. IMS system is divided into three relatively independent models in this paper: external environment, system state model and system service model, which is available to analysis. The external environment includes attacks model and system configuration; the state system is described through the transition probability matrix; stochastic Petri nets is used to model the system service model. Stochastic Petri traditionally is described as a mathematical tool for the assessment of system performance. Compared with the Markov chain, it is more simple, direct, understandable and user-friendly. The paper made a survival analysis of the system using the quantitative assessment formula established before after a simulation for the model.
At last, the paper made a brief introduction to the survival techniques available nowadays, especially the backup redundancy technique focus on the viability of the use of the system.
论文然后主要针对下一代网络中控制层IMS进行可生存性研究,重点在于基于SIP协议的信令过程:注册流程和会话流程。IMS(IP Multimedia Subsystem)是3G系统中核心网(CN)的一部分,它是一个独立于接入技术的基于IP的标准体系,可以实现与现有的语音和数据网络的互通,各种类型的终端都可以通过IMS建立对等通信,并获得所需的服务质量。IMS通过SIP协议提供的会话发起能力建立端到端的会话。文章提出了将IMS系统分为三个相对独立的模型:外部环境、系统状态和系统服务模型,分别对他们进行建模分析。外部环境模型包括攻击行为和系统配置两部分;系统状态通过转移概率矩阵来描述;系统服务模型选择利用随机Petri网来构建。随机Petri网在传统上是作为系统性能评估的一个数学描述工具,与马尔可夫链相比,它具有简单、直观、易懂与易用的优点,并且从随机Petri网模型中我们可以获得整个系统的许多性能参数。论文对随机Petri网模型进行了仿真,并利用建立的系统生存性量化评估公式对系统进行生存性分析。
论文的最后对现在可用的一些生存性技术进行了介绍,并重点介绍了冗余备份技术在系统可生存性中的运用。
First, this paper introduces the definition of network survivability, research methods and research on the status quo. Survivability refers to the network system which is subjected to attack, errors or accidents, ensures key tasks to be completed within the stipulated time, and afterwards restores all services. International study on the viability of the Internet is a major issue one of security.
Then, the main theses against the next generation IMS network layer for survival study focus on the SIP signaling process: registration process and conversation flow. IMS (IP Multimedia Subsystem) is the core of 3G Network (CN), and it is an independent technology in the IP-based access control system that can be achieved with existing voice and data network links. The terminal can be established through various types of IMS communications, and the necessary quality of service. IMS conversation initiated by the SIP agreement provides the ability to build end-to-end conversation. IMS system is divided into three relatively independent models in this paper: external environment, system state model and system service model, which is available to analysis. The external environment includes attacks model and system configuration; the state system is described through the transition probability matrix; stochastic Petri nets is used to model the system service model. Stochastic Petri traditionally is described as a mathematical tool for the assessment of system performance. Compared with the Markov chain, it is more simple, direct, understandable and user-friendly. The paper made a survival analysis of the system using the quantitative assessment formula established before after a simulation for the model.
At last, the paper made a brief introduction to the survival techniques available nowadays, especially the backup redundancy technique focus on the viability of the use of the system.
引文
[1]. MOITRA S D, KONDA S L. A Simulation Model for Managing Survivability of Networked Information Systems[R]. Technical Report CMU/SEI-2000-TR-020, 2000.
[2]. KRINGS A W, AZADMANESH M H. A Graph Based Model for Survivability Analysis[R]. Technical Report UI-CS-TR-02-024, Computer Science Department, University of Idaho, 2002.
[3]. ZOLFAGHARIO A, KAUDELI F J. Framework for network survivability performance[J]. IEEE Journal on Selected Areas in Communications, 1994,12(1): 46-51.
[4]. JHA S K, WING J M, LINGER R C, et al. Survivability analysis of network specifications[A]. Proceedings of Workshop on Dependability Despite Malicious Faults, 2000 International Conference on Dependable Systems and Networks (DSN 2000)[C]. New York, USA: IEEE Computer Society, 2000. 613-622.
[5]. LOUCA S, PITSILLIDES A, SAMARAS G. On network survivability algorithms based on trellis graph transformations[A]. Proceedings of the Fourth IEEE Symposium on Computers and Communications[C].Red Sea, Egypt, 1999. 235-243.
[6]. Ellison R J, Linger R C, Longstaff T. A Case Study in Survivable Network System Analysis[R]. Technical Report, CMU/SEI-98-TR-014 ESC-TR-98-014,1998-09
[7]. Mead N R, Ellison R J, Linger R C. Survivable Network Analysis Method[R]. Technical Report, CMU/SEI-2000-TR-013, 2000-09
[8]. S.D.Moitra,E.Oki,N.Yamanaka.Some new survivability measures for network analysis and design.IEICE Transactions on Communications. 1997.
[9]. S.D.Moitra,S.L.Konda.A simulation model for managing survivability of networked information systems.Technical Report.CMU/SEI-2000-TR-020.Carnegie Mellon University.SoftwareEngineer inglnstitute.
[10]. Westmark V R. A Definition for Information System Survivability. In: Proceedings of the 37 Hawaii Internal Conference on System Sciences(HICSS'04), Track 9, 2004
[11]. Linger E C, Lipson H E Requirements Definition for Survivable Network Systems. In: International Conference on Requirements Engineering(ICRE'98), 1998
[12]. K Sullivan, J Knight, X Du, S Geist. Information Survivability Control Systems[C]. Proceedings: 21st International Conference on Software Engineering, IEEE Computer Society Press, Los alamitos, CA, 1999140271.
[13]. Rosenberg J, Schulzrinne H, Camanilo G. SIP: Session initiation protocol. Internet RFC 3261, 2002.
[14]. 3GPP TS 23.228. V6.11.0 IP Multimedia Subsystem (IMS).2005-09
[15]. Malhotra M, Trivedi K S. Dependability Modeling Using Petri-Nets [J].IEEE Transactions on Reliability, 1995, 44(3): 428-439
[16]. Sahner R, Trivedi K S, Puliafito A. Performance and Reliability Analysis of Computer Systems [M]. Kluwer Academic Publishers, 1998.
[17].郭渊博,马建峰 分布式系统中服务可生存性的定量分析[J] 同济大学学报,2002,30(10):1190-1193
[18].林雪纲,熊华,许榕生 网络信息系统生存性分析及实现 计算机工程,2005.12
[19].林闯 随机Petri网和系统性能评价 清华大学出版社,2000.
[20].袁崇义 Petri网原理 电子工业出版社,1998.
[21].夏春和,王继伟,赵勇,吴震 可生存性分析方法研究 计算机应用研究,2002
[22].翟俊生 IMS框架体系及协议分析 电信工程技术与标准化,2006.2
[23].陶志强,李宝文 IMS-NGN研究进展及组网方案 网络规划与建设,2006
[24].司短锋,韩心慧,龙勤,潘爱民SIP标准中的核心技术与研究进展 软件学报,2005
[25].徐晓宇,张惠民SIP会话协议在第三代移动网络中关键问题研究 数据通信,2004年第2期
[26].陈朝鹏 SIP协议在IMS系统中的应用 中国科技信息,2006年第2期
[27].吴乃星,廖建新,徐鹏,朱晓民 基于软交换的集群媒体服务器的性能评价Petri网模型 通信学报,2005
[28].杜皎,冯登国,李国辉 可生存系统的两类研究方法 计算机工程,2006年第一期
[29].张永,方滨兴,包秀国 网络可生存性研究概述 计算机工程与应用,2005.7
[30].张鸿志,张玉清,李学干 网络可生存性研究进展 计算机工程,2005.10
[31].王洪艳,刘向东 网络系统生存性分析研究 科技导报,2005.4
[32].林雪纲,许榕生 信息系统生存性分析模型研究 通信学报,2006.2
[33].Miikka PoikselK,Georg Mayer,Hisham Khartabil,Aki Niemi编著 赵鹏 周胜 望玉梅译 IMS:移动领域的IP多媒体概念和服务 机械工业出版社
[34]. http://www.yesky.com/SoftChannel/72356695560421376/20030810/1720442_1.shtml
[35]. http://www.cec-ceda.org.cn/information/book/info_7.htm
[36]. http://www.media.edu.cn/wang_luo_an_quan_5177/20061108/t20061108_204135.shtml
[2]. KRINGS A W, AZADMANESH M H. A Graph Based Model for Survivability Analysis[R]. Technical Report UI-CS-TR-02-024, Computer Science Department, University of Idaho, 2002.
[3]. ZOLFAGHARIO A, KAUDELI F J. Framework for network survivability performance[J]. IEEE Journal on Selected Areas in Communications, 1994,12(1): 46-51.
[4]. JHA S K, WING J M, LINGER R C, et al. Survivability analysis of network specifications[A]. Proceedings of Workshop on Dependability Despite Malicious Faults, 2000 International Conference on Dependable Systems and Networks (DSN 2000)[C]. New York, USA: IEEE Computer Society, 2000. 613-622.
[5]. LOUCA S, PITSILLIDES A, SAMARAS G. On network survivability algorithms based on trellis graph transformations[A]. Proceedings of the Fourth IEEE Symposium on Computers and Communications[C].Red Sea, Egypt, 1999. 235-243.
[6]. Ellison R J, Linger R C, Longstaff T. A Case Study in Survivable Network System Analysis[R]. Technical Report, CMU/SEI-98-TR-014 ESC-TR-98-014,1998-09
[7]. Mead N R, Ellison R J, Linger R C. Survivable Network Analysis Method[R]. Technical Report, CMU/SEI-2000-TR-013, 2000-09
[8]. S.D.Moitra,E.Oki,N.Yamanaka.Some new survivability measures for network analysis and design.IEICE Transactions on Communications. 1997.
[9]. S.D.Moitra,S.L.Konda.A simulation model for managing survivability of networked information systems.Technical Report.CMU/SEI-2000-TR-020.Carnegie Mellon University.SoftwareEngineer inglnstitute.
[10]. Westmark V R. A Definition for Information System Survivability. In: Proceedings of the 37 Hawaii Internal Conference on System Sciences(HICSS'04), Track 9, 2004
[11]. Linger E C, Lipson H E Requirements Definition for Survivable Network Systems. In: International Conference on Requirements Engineering(ICRE'98), 1998
[12]. K Sullivan, J Knight, X Du, S Geist. Information Survivability Control Systems[C]. Proceedings: 21st International Conference on Software Engineering, IEEE Computer Society Press, Los alamitos, CA, 1999140271.
[13]. Rosenberg J, Schulzrinne H, Camanilo G. SIP: Session initiation protocol. Internet RFC 3261, 2002.
[14]. 3GPP TS 23.228. V6.11.0 IP Multimedia Subsystem (IMS).2005-09
[15]. Malhotra M, Trivedi K S. Dependability Modeling Using Petri-Nets [J].IEEE Transactions on Reliability, 1995, 44(3): 428-439
[16]. Sahner R, Trivedi K S, Puliafito A. Performance and Reliability Analysis of Computer Systems [M]. Kluwer Academic Publishers, 1998.
[17].郭渊博,马建峰 分布式系统中服务可生存性的定量分析[J] 同济大学学报,2002,30(10):1190-1193
[18].林雪纲,熊华,许榕生 网络信息系统生存性分析及实现 计算机工程,2005.12
[19].林闯 随机Petri网和系统性能评价 清华大学出版社,2000.
[20].袁崇义 Petri网原理 电子工业出版社,1998.
[21].夏春和,王继伟,赵勇,吴震 可生存性分析方法研究 计算机应用研究,2002
[22].翟俊生 IMS框架体系及协议分析 电信工程技术与标准化,2006.2
[23].陶志强,李宝文 IMS-NGN研究进展及组网方案 网络规划与建设,2006
[24].司短锋,韩心慧,龙勤,潘爱民SIP标准中的核心技术与研究进展 软件学报,2005
[25].徐晓宇,张惠民SIP会话协议在第三代移动网络中关键问题研究 数据通信,2004年第2期
[26].陈朝鹏 SIP协议在IMS系统中的应用 中国科技信息,2006年第2期
[27].吴乃星,廖建新,徐鹏,朱晓民 基于软交换的集群媒体服务器的性能评价Petri网模型 通信学报,2005
[28].杜皎,冯登国,李国辉 可生存系统的两类研究方法 计算机工程,2006年第一期
[29].张永,方滨兴,包秀国 网络可生存性研究概述 计算机工程与应用,2005.7
[30].张鸿志,张玉清,李学干 网络可生存性研究进展 计算机工程,2005.10
[31].王洪艳,刘向东 网络系统生存性分析研究 科技导报,2005.4
[32].林雪纲,许榕生 信息系统生存性分析模型研究 通信学报,2006.2
[33].Miikka PoikselK,Georg Mayer,Hisham Khartabil,Aki Niemi编著 赵鹏 周胜 望玉梅译 IMS:移动领域的IP多媒体概念和服务 机械工业出版社
[34]. http://www.yesky.com/SoftChannel/72356695560421376/20030810/1720442_1.shtml
[35]. http://www.cec-ceda.org.cn/information/book/info_7.htm
[36]. http://www.media.edu.cn/wang_luo_an_quan_5177/20061108/t20061108_204135.shtml