JP6158750B2 - Communications system - Google Patents
Communications system Download PDFInfo
- Publication number
- JP6158750B2 JP6158750B2 JP2014102223A JP2014102223A JP6158750B2 JP 6158750 B2 JP6158750 B2 JP 6158750B2 JP 2014102223 A JP2014102223 A JP 2014102223A JP 2014102223 A JP2014102223 A JP 2014102223A JP 6158750 B2 JP6158750 B2 JP 6158750B2
- Authority
- JP
- Japan
- Prior art keywords
- subscriber
- call connection
- information
- attacker
- subscriber information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Landscapes
- Computer And Data Communications (AREA)
- Telephonic Communication Services (AREA)
Description
本発明は、通信システムに対する攻撃に対処する技術に関する。 The present invention relates to a technique for dealing with an attack on a communication system.
従来、SIPを利用した通信では、SIPサーバと加入者は1対1対応であり、SIPサーバそれぞれに収容する加入者の情報が格納されていた。 Conventionally, in communication using SIP, a SIP server and a subscriber have a one-to-one correspondence, and information on subscribers accommodated in each SIP server is stored.
また、加入者(悪意攻撃者)がSIPサーバに対してDoS攻撃を仕掛けた場合、SIPサーバが個々に攻撃の判定/攻撃のブロック/加入者のロックアウトを行うことで攻撃に対処していた。 In addition, when a subscriber (malicious attacker) launches a DoS attack against a SIP server, the SIP server individually copes with the attack by determining the attack / blocking the attack / locking out the subscriber. .
一方、User Profile Server Function(UPSF)を導入して加入者情報を一括して管理し、SIPサーバがUPSFに加入者情報を逐次問い合わせる形態では、SIPサーバと加入者はN対1対応となり、加入者はどのSIPサーバにも収容可能となる。 On the other hand, in a form in which User Profile Server Function (UPSF) is introduced and subscriber information is collectively managed, and the SIP server sequentially inquires the subscriber information from the UPSF, the SIP server and the subscriber are N-to-1 correspondence. A person can be accommodated in any SIP server.
そのため、DoS攻撃を行う攻撃者は収容されるSIPサーバを次々と変えて連続してSIPサーバを攻撃することも可能となる。この場合でも、各SIPサーバが個々に攻撃の判定/攻撃のブロック/加入者のロックアウトを行うことで攻撃に対処が可能である。 Therefore, an attacker who performs a DoS attack can continuously attack the SIP servers by changing the accommodated SIP servers one after another. Even in this case, it is possible for each SIP server to cope with the attack by individually performing an attack determination / blocking attack / subscriber lockout.
しかしながら、攻撃者がSIPサーバを連続して攻撃する場合、各SIPサーバは攻撃の判定/攻撃のブロック/加入者のロックアウトの一連の攻撃対策を独立して実施しており非効率であった。 However, when an attacker attacks a SIP server continuously, each SIP server independently performs a series of attack countermeasures such as attack determination / attack block / subscriber lockout, which is inefficient. .
本発明は、上記に鑑みてなされたものであり、加入者情報を一括して管理する通信システムにおいて、より効率的に攻撃に対処することを目的とする。 The present invention has been made in view of the above, and an object of the present invention is to more efficiently deal with attacks in a communication system that collectively manages subscriber information.
本発明に係る通信システムは、複数の呼接続装置と加入者情報管理装置とを備え、前記呼接続装置は前記加入者情報管理装置から加入者の情報を取得して加入者を収容する通信システムであって、前記呼接続装置は、加入者端末から登録要求を受信したときに前記加入者情報管理装置へ加入者の情報を問い合わせて前記加入者端末を収容する登録手段と、当該呼接続装置自身に対する攻撃を判定する判定手段と、前記判定手段が攻撃されていると判定したときに、攻撃者の情報を含む通知を前記加入者情報管理装置へ送信する通知手段と、を有し、前記加入者情報管理装置は、前記呼接続装置から攻撃者の情報を含む通知を受信して攻撃者の情報を管理する攻撃者情報管理手段と、前記呼接続装置から加入者の情報の問い合わせがあったときに、当該加入者が前記攻撃者情報管理手段において攻撃者として管理されていない場合は当該加入者の情報を前記呼接続装置へ返信し、当該加入者が攻撃者として管理されている場合は当該加入者の情報を返信しない加入者情報返信手段と、を有することを特徴とする。 A communication system according to the present invention includes a plurality of call connection devices and a subscriber information management device, and the call connection device acquires subscriber information from the subscriber information management device and accommodates subscribers. The call connection device comprises: a registration means for inquiring subscriber information from the subscriber information management device when the registration request is received from the subscriber terminal and accommodating the subscriber terminal; and the call connection device. Determination means for determining an attack against itself, and notification means for transmitting a notification including information on an attacker to the subscriber information management device when it is determined that the determination means is attacked, and The subscriber information management device receives an inquiry including information on the attacker from the call connection device and manages the attacker information, and receives an inquiry about the subscriber information from the call connection device. When If the subscriber is not managed as an attacker in the attacker information management means, the subscriber information is returned to the call connection device, and if the subscriber is managed as an attacker, the subscriber Subscriber information return means that does not return the information of the subscriber.
本発明によれば、加入者情報を一括して管理する通信システムにおいて、より効率的に攻撃に対処することができる。 ADVANTAGE OF THE INVENTION According to this invention, it can respond to an attack more efficiently in the communication system which manages subscriber information collectively.
以下、本発明の実施の形態について図面を用いて説明する。 Hereinafter, embodiments of the present invention will be described with reference to the drawings.
図1は、本実施の形態における通信システムの構成とDoS攻撃対策の処理の流れを示す図である。同図に示す通信システムは、加入者情報管理装置1と複数の呼接続装置2A〜2Cを備える。呼接続装置2A〜2Cは加入者情報を加入者情報管理装置1に問い合わせて取得する。各呼接続装置2A〜2Cには加入者端末が接続される。呼接続装置2A〜2Cと加入者端末はN対1対応であり、加入者端末はいずれの呼接続装置2A〜2Cにも収容可能である。図1では、加入者A,B,Cを示し、加入者Cが悪意攻撃者で、複数の電話番号を契約しているものとする。以下、各装置について説明する。 FIG. 1 is a diagram showing a configuration of a communication system and a flow of DoS attack countermeasure processing in the present embodiment. The communication system shown in the figure includes a subscriber information management device 1 and a plurality of call connection devices 2A to 2C. The call connection devices 2A to 2C inquire and acquire the subscriber information from the subscriber information management device 1. A subscriber terminal is connected to each of the call connection devices 2A to 2C. The call connection devices 2A to 2C and the subscriber terminals have an N-to-1 correspondence, and the subscriber terminals can be accommodated in any of the call connection devices 2A to 2C. In FIG. 1, subscribers A, B, and C are shown, and it is assumed that subscriber C is a malicious attacker and subscribes to a plurality of telephone numbers. Hereinafter, each device will be described.
加入者情報管理装置1はIP網内に設置され、加入者情報蓄積部13を備えて加入者情報を格納し、加入者情報返信部11は呼接続装置2A〜2Cからの問い合わせに応じて、加入者情報を呼接続装置2A〜2Cに提供する。加入者情報蓄積部13は、加入者を一意に特定する情報にその他の情報(例えば契約電話番号等)を紐付けて格納する。 The subscriber information management device 1 is installed in the IP network and includes a subscriber information storage unit 13 to store subscriber information. The subscriber information reply unit 11 responds to inquiries from the call connection devices 2A to 2C. Subscriber information is provided to the call connection devices 2A to 2C. The subscriber information storage unit 13 stores other information (for example, a contract telephone number) in association with information that uniquely identifies the subscriber.
また、加入者情報管理装置1は攻撃者情報管理部12を備えて、呼接続装置2A〜2Cのいずれかから攻撃者の情報を含む攻撃発生の通知を受信すると、攻撃者情報管理部12は攻撃者の情報を管理しておく。加入者情報返信部11は、呼接続装置2A〜2Cから加入者情報の問い合わせがあったときに、問い合わせ対象の加入者が攻撃者情報管理部12で攻撃者として管理されている場合、呼接続装置2A〜2Cに加入者情報を回答しない。 In addition, the subscriber information management device 1 includes an attacker information management unit 12, and upon receiving an attack occurrence notification including information on the attacker from any of the call connection devices 2A to 2C, the attacker information management unit 12 Manage attacker information. The subscriber information return unit 11 calls the call connection when the inquiry target subscriber is managed as an attacker by the attacker information management unit 12 when the subscriber information is inquired from the call connection devices 2A to 2C. The subscriber information is not returned to the devices 2A to 2C.
呼接続装置2A〜2CはIP網内に設置され、登録部23は加入者端末から位置情報登録要求(Register)を受信すると、位置情報登録要求に含まれる加入者の加入者情報を加入者情報管理装置1に問い合わせて加入者端末を収容する。加入者情報管理装置1から問い合わせに対する回答が得られない場合は加入者端末を収容しない。また、呼接続装置2A〜2Cは、収容した加入者端末から呼接続要求信号を受信すると、呼接続要求信号内に含まれる着信番号に対応するアドレス情報へ呼接続要求信号を送信し、通信を確立する。 The call connection devices 2A to 2C are installed in the IP network, and when the registration unit 23 receives the location information registration request (Register) from the subscriber terminal, the subscriber information of the subscriber included in the location information registration request is added to the subscriber information. The management device 1 is inquired to accommodate the subscriber terminal. When the answer to the inquiry cannot be obtained from the subscriber information management device 1, the subscriber terminal is not accommodated. In addition, when the call connection devices 2A to 2C receive the call connection request signal from the accommodated subscriber terminal, the call connection devices 2A to 2C transmit the call connection request signal to the address information corresponding to the incoming number included in the call connection request signal, and perform communication. Establish.
呼接続装置2A〜2Cは判定部21と通知部22を備えて、攻撃を受けた場合は攻撃に対処するとともに、加入者情報管理装置1に攻撃を受けた旨を通知する。 The call connection devices 2A to 2C include a determination unit 21 and a notification unit 22. When an attack is received, the call connection devices 2A to 2C deal with the attack and notify the subscriber information management device 1 that the attack has been received.
判定部21は、攻撃を受けているか否か判定する。例えば、短時間に大量の信号を送信する加入者端末の加入者を攻撃者として判定する。従来の呼接続装置が個々に行っている判定方法と同様でよい。攻撃を受けた場合は、攻撃に対するブロックや攻撃者のロックアウトを実行する。ブロックは、毎秒あたりの同一信号許容数が閾値を超えた場合にそれ以上の信号は処理せずに破棄する処理である。ロックアウトは、一定の期間、攻撃者である加入者からの信号を一切受け付けない処理である。なお、ロックアウト解除契機は、従来の呼接続装置と同様でよい。 The determination unit 21 determines whether or not an attack has been received. For example, a subscriber of a subscriber terminal that transmits a large amount of signals in a short time is determined as an attacker. The determination method may be the same as that performed by a conventional call connection device. When attacked, block against attacks and lock out attackers. The block is a process of discarding further signals without processing when the allowable number of the same signal per second exceeds a threshold value. Lockout is a process that does not accept any signal from a subscriber who is an attacker for a certain period of time. The lockout release trigger may be the same as that of a conventional call connection device.
通知部22は、判定部21が攻撃を受けていると判定したときに、攻撃者の情報を含む攻撃発生の通知を加入者情報管理装置1へ送信し、攻撃者の情報を通信システム全体で共有する。 When the determination unit 21 determines that the attack is under attack, the notification unit 22 transmits an attack occurrence notification including the attacker information to the subscriber information management apparatus 1, and transmits the attacker information throughout the communication system. Share.
次に、本実施の形態における通信システムの動作について説明する。 Next, the operation of the communication system in the present embodiment will be described.
悪意攻撃者である加入者Cが呼接続装置2Aに対してDoS攻撃を行うと(ステップS11)、判定部21は加入者Cから攻撃を受けていると判定し(ステップS12)、通知部22は加入者Cによる攻撃発生の通知を加入者情報管理装置1へ送信する(ステップS13)。 When the subscriber C, who is a malicious attacker, performs a DoS attack on the call connection device 2A (step S11), the determination unit 21 determines that the subscriber C is under attack (step S12), and the notification unit 22 Transmits a notification of the occurrence of an attack by the subscriber C to the subscriber information management apparatus 1 (step S13).
加入者情報管理装置1は呼接続装置2Aから加入者Cによる攻撃発生の通知を受信すると、攻撃者情報管理部12は加入者Cを攻撃者として管理する(ステップS14)。 When the subscriber information management device 1 receives a notification of the occurrence of an attack by the subscriber C from the call connection device 2A, the attacker information management unit 12 manages the subscriber C as an attacker (step S14).
加入者Cは呼接続装置2Aへの攻撃後に呼接続装置2Bへ移動して呼接続装置2Bに位置情報登録要求を送信して位置情報の登録を試みる(ステップS15,S16)。 After attacking the call connection device 2A, the subscriber C moves to the call connection device 2B, transmits a location information registration request to the call connection device 2B, and tries to register the location information (steps S15 and S16).
呼接続装置2Bの登録部23は、加入者Cの加入者端末からの位置情報登録要求に応じて加入者Cの加入者情報を加入者情報管理装置1に問い合せる(ステップS17)。 The registration unit 23 of the call connection device 2B inquires the subscriber information management device 1 about the subscriber information of the subscriber C in response to the location information registration request from the subscriber terminal of the subscriber C (step S17).
加入者情報返信部11は、呼接続装置2Bから加入者Cの加入者情報の問い合わせを受けるが、加入者Cは攻撃者として管理されているので回答しない(ステップS18)。 The subscriber information reply unit 11 receives an inquiry about the subscriber information of the subscriber C from the call connection device 2B, but does not reply because the subscriber C is managed as an attacker (step S18).
呼接続装置2Bの登録部23は、加入者情報管理装置1から加入者Cの加入者情報が得られないので加入者Cの加入者端末を収容しない(ステップS19)。加入者Cの加入者端末は呼接続装置2Bに収容されないので呼接続装置2Bへの攻撃が実行できない。 The registration unit 23 of the call connection device 2B does not accommodate the subscriber terminal of the subscriber C because the subscriber information of the subscriber C cannot be obtained from the subscriber information management device 1 (step S19). Since the subscriber terminal of the subscriber C is not accommodated in the call connection device 2B, an attack on the call connection device 2B cannot be executed.
加入者Cはさらに別の呼接続装置2Cへ移動して呼接続装置2Cに位置情報登録要求を送信して位置情報の登録を試みるが(ステップS20,S21)、加入者情報管理装置1が加入者Cの加入者情報を回答しないので加入者Cの加入者端末は呼接続装置2Cに収容されず(ステップS22〜S24)、呼接続装置2Cへの攻撃を実行できない。 The subscriber C further moves to another call connection device 2C and transmits a location information registration request to the call connection device 2C to attempt registration of the location information (steps S20 and S21), but the subscriber information management device 1 joins. Since the subscriber information of the subscriber C is not answered, the subscriber terminal of the subscriber C is not accommodated in the call connection device 2C (steps S22 to S24), and an attack on the call connection device 2C cannot be executed.
以上説明したように、本実施の形態によれば、呼接続装置2A〜2Cは攻撃を受けると攻撃者の情報を含む攻撃発生の通知を加入者情報管理装置1へ送信し、加入者情報管理装置1の攻撃者情報管理部12は攻撃発生の通知を受けると攻撃した加入者を攻撃者として管理し、加入者情報返信部11が呼接続装置2A〜2Cから加入者情報の問い合わせを受けると、問い合わせ対象の加入者が攻撃者の場合は加入者情報を回答しないことにより、呼接続装置2A〜2Cのいずれかを攻撃した加入者は攻撃者として通信システム全体で情報が共有され、攻撃者の加入者端末は呼接続装置2A〜2Cに収容されないので、攻撃者は連続して呼接続装置2A〜2Cを攻撃することができず、より効率のよい対処が可能となる。 As described above, according to the present embodiment, when the call connection devices 2A to 2C are attacked, the call connection devices 2A to 2C transmit an attack occurrence notification including information on the attacker to the subscriber information management device 1 to manage the subscriber information. When the attacker information management unit 12 of the device 1 receives the notification of the occurrence of the attack, it manages the attacked subscriber as an attacker, and when the subscriber information reply unit 11 receives an inquiry of subscriber information from the call connection devices 2A to 2C. If the inquired subscriber is an attacker, the subscriber information is not answered, so that the subscriber who attacked one of the call connection devices 2A to 2C is shared by the entire communication system as an attacker. Since the subscriber terminals are not accommodated in the call connection devices 2A to 2C, the attacker cannot continuously attack the call connection devices 2A to 2C, and more efficient countermeasures are possible.
1…加入者情報管理装置
11…加入者情報返信部
12…攻撃者情報管理部
13…加入者情報蓄積部
2A〜2C…呼接続装置
21…判定部
22…通知部
23…登録部
DESCRIPTION OF SYMBOLS 1 ... Subscriber information management apparatus 11 ... Subscriber information reply part 12 ... Attacker information management part 13 ... Subscriber information storage part 2A-2C ... Call connection apparatus 21 ... Determination part 22 ... Notification part 23 ... Registration part
Claims (1)
前記呼接続装置は、
加入者端末から登録要求を受信したときに前記加入者情報管理装置へ加入者の情報を問い合わせて前記加入者端末を収容する登録手段と、
当該呼接続装置自身に対する攻撃を判定する判定手段と、
前記判定手段が攻撃されていると判定したときに、攻撃者の情報を含む通知を前記加入者情報管理装置へ送信する通知手段と、を有し、
前記加入者情報管理装置は、
前記呼接続装置から攻撃者の情報を含む通知を受信して攻撃者の情報を管理する攻撃者情報管理手段と、
前記呼接続装置から加入者の情報の問い合わせがあったときに、当該加入者が前記攻撃者情報管理手段において攻撃者として管理されていない場合は当該加入者の情報を前記呼接続装置へ返信し、当該加入者が攻撃者として管理されている場合は当該加入者の情報を返信しない加入者情報返信手段と、を有すること
を特徴とする通信システム。 A plurality of call connection devices and a subscriber information management device, wherein the call connection device is a communication system that acquires subscriber information from the subscriber information management device and accommodates subscribers;
The call connection device includes:
Registration means for receiving information about a subscriber from the subscriber information management device when receiving a registration request from a subscriber terminal and accommodating the subscriber terminal;
Determining means for determining an attack on the call connection device itself;
A notification means for transmitting a notification including information on an attacker to the subscriber information management device when it is determined that the determination means is being attacked,
The subscriber information management device includes:
Attacker information management means for receiving information including attacker information from the call connection device and managing attacker information;
When there is an inquiry about subscriber information from the call connection device, if the subscriber is not managed as an attacker in the attacker information management means, the subscriber information is returned to the call connection device. And a subscriber information return means which does not return the subscriber information when the subscriber is managed as an attacker.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2014102223A JP6158750B2 (en) | 2014-05-16 | 2014-05-16 | Communications system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| JP2014102223A JP6158750B2 (en) | 2014-05-16 | 2014-05-16 | Communications system |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| JP2015219685A JP2015219685A (en) | 2015-12-07 |
| JP6158750B2 true JP6158750B2 (en) | 2017-07-05 |
Family
ID=54779007
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| JP2014102223A Expired - Fee Related JP6158750B2 (en) | 2014-05-16 | 2014-05-16 | Communications system |
Country Status (1)
| Country | Link |
|---|---|
| JP (1) | JP6158750B2 (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP6915457B2 (en) * | 2017-08-28 | 2021-08-04 | 富士通株式会社 | Cyber attack information processing program, cyber attack information processing method and information processing equipment |
Family Cites Families (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP3716253B2 (en) * | 2002-12-27 | 2005-11-16 | 日本電気株式会社 | Communication restriction system, exchange node and communication restriction method |
| JP2006235876A (en) * | 2005-02-23 | 2006-09-07 | Nippon Telegr & Teleph Corp <Ntt> | DoS attack countermeasure system and DoS attack countermeasure method |
| US9419955B2 (en) * | 2006-03-28 | 2016-08-16 | Inventergy Inc. | System and method for carrying trusted network provided access network information in session initiation protocol |
| CN102171991B (en) * | 2008-10-06 | 2015-05-20 | 日本电气株式会社 | Protects the Internet Protocol Multimedia Subsystem from unsolicited communications |
| JP5802178B2 (en) * | 2012-08-31 | 2015-10-28 | 日本電信電話株式会社 | Telephone system, telephone terminal, subscriber server and call connection server |
-
2014
- 2014-05-16 JP JP2014102223A patent/JP6158750B2/en not_active Expired - Fee Related
Also Published As
| Publication number | Publication date |
|---|---|
| JP2015219685A (en) | 2015-12-07 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11700268B2 (en) | Systems and methods for providing shifting network security via multi-access edge computing | |
| CN101834875B (en) | Method, device and system for defending DDoS (Distributed Denial of Service) attacks | |
| CN108605264B (en) | Method and apparatus for network management | |
| WO2008001247A2 (en) | A sip redirect server for managing a denial of service attack | |
| US10931598B2 (en) | Method and SIP registrar server for managing transmission resources in a SIP-based communication system | |
| US8555394B2 (en) | Network security server suitable for unified communications network | |
| US20180241772A1 (en) | Auto configuration server and method | |
| CN100420197C (en) | A Method for Realizing Attack Defense of Network Equipment | |
| JP2016158157A (en) | Call controller, call control method, and call control system | |
| Wang et al. | Spoofing against spoofing: Toward caller id verification in heterogeneous telecommunication systems | |
| US9942766B1 (en) | Caller validation for end service providers | |
| CN113132308B (en) | A kind of network security protection method and protection equipment | |
| JP6158750B2 (en) | Communications system | |
| US10498700B2 (en) | Transmitting network traffic in accordance with network traffic rules | |
| JP2008538470A (en) | How to counter the transmission of unsolicited voice information | |
| CN107332810A (en) | Attack defense method and device, system | |
| EP3595262B1 (en) | Management of subscriber identity in service provision | |
| JP7360061B2 (en) | Call processing device, call processing method, call processing system, and call processing program | |
| CN110830419B (en) | Access control method and device for internet protocol camera | |
| JP2015219684A (en) | Communications system | |
| KR20150122558A (en) | Device for blocking illegal internet international originating call and method for blocking illegal internet international originating call | |
| KR101454443B1 (en) | method and device for controlling flooding attack in session initiation protocol | |
| CN111552215A (en) | Internet of things equipment safety protection method and system | |
| US12041081B2 (en) | Method and system for discovering, reporting, and preventing duplicate address detection attacks | |
| Jansky et al. | Hunting sip authentication attacks efficiently |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| A621 | Written request for application examination |
Free format text: JAPANESE INTERMEDIATE CODE: A621 Effective date: 20160715 |
|
| A977 | Report on retrieval |
Free format text: JAPANESE INTERMEDIATE CODE: A971007 Effective date: 20170524 |
|
| TRDD | Decision of grant or rejection written | ||
| A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20170606 |
|
| A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20170608 |
|
| R150 | Certificate of patent or registration of utility model |
Ref document number: 6158750 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
| LAPS | Cancellation because of no payment of annual fees |