SIP数据采集系统的设计与实现

SIP数据采集系统作为SIP入侵检测系统不可缺少的一部分,对其检测性能和准确率有着重要的影响。由于目前的数据采集工具不能直接用于处理应用层数据,很难满足SIP入侵检测系统的需求。分析了libpcap和pf_ring两种包捕获技术,描述了pf_ring的工作机制,设计了一种基于pf_ring技术的SIP数据采集系统结构。通过优化oSIP协议栈,采用在内核层和用户层结合的方法开发SIP数据过滤插件,实现了一种高效的SIP数据采集系统。通过比较实验证明本文提出的SIP数据采集系统在SIP数据采集方面具有一定的优越性,保证SIP入侵检测系统采集数据的高稳定性,为SIP入侵检测系统提供稳定可靠的数据来源。

Design and implementation of SIP-based data collection system

As an important part of an SIP intrusion detection system,SIP-based data collection system has significant impact on its detection performance and accuracy rate on this intrusion detection system.As current data collection tools do not directly deal with data in application layer,it is difficult to meet the requirement of the SIP intrusion detection system.This paper analyzes two kinds of packet capturing technology i.e.libpcap and pf_ring,describes pf_ring working mechanism,and proposes a SIP data collection system structure.Through optimizing the SIP protocol stack and developing the SIP data filtering plugins in the kernel layer and user layer,an efficient SIP-based data collection system is achieved.Experiments show that this SIP data collection system has some advantages in the SIP data collection,which ensures high reliability of data collected for the SIP intrusion detection system and provides a stable and reliable data source.