中文摘要：

提出一种支持检测规则动态更新的畸形会话发起协议（SIP）消息检测模型,采用正向规则和反向规则结合的方式,以有效应对未知类型的畸形攻击.采用Map-Reduce模型实现检测规则,检测过程分为常规检测和特殊检测,常规检测阶段检测消息的基本格式,特殊检测阶段将SIP消息分割后并行检测语法规则.实验结果表明,提出的检测模型能准确高效地检测出SIP消息中的畸形特征.

英文摘要：

This paper proposed a session initiation protocol（ SIP） message inspection model combining the forward and backward rules inspection. With the capability of updating rules dynamically,this model can detect unknown type of malformed attack efficiently. Based on Map-Reduce model,the inspection procedure is divided into two phases： routine inspection and special inspection. In routine inspection,the basic format of SIP message is detected. In special inspection,the consistency with the grammar rules is verified in parallel after the segmentation of the SIP message. Experimental results show that the proposed inspection model can detect malformed features in the SIP message efficiently and accurately.