信息网络安全 ›› 2020, Vol. 20 ›› Issue (4): 81-86.doi: 10.3969/j.issn.1671-1122.2020.04.010

• 技术研究 • 上一篇    下一篇

基于关联融合的VoLTE流量分析研究

刘敏, 陈曙晖()   

  1. 国防科技大学计算机学院,长沙 410073
  • 收稿日期:2019-12-16 出版日期:2020-04-10 发布日期:2020-05-11
  • 通讯作者: 陈曙晖 E-mail:shchen@nudt.edu.cn
  • 作者简介:

    作者简介:刘敏(1990—),男,湖南,硕士研究生,主要研究方向为计算机网络、移动网络安全;陈曙晖(1974—),男,湖南,教授,博士,主要研究方向为网络空间安全、网络体系结构和高速互联网监测技术。

    移动互联网中用户身份标识包括电话号码(MSISDN)、国际移动电话用户识别码(IMSI)和终端设备识别码(IMEI)。终端设备在IMS网络注册成功后,CSCF将用户对应的用户身份标识通过注册响应信息(200 OK)返回至用户。解析该注册响应信息可以直接获取IMSI、MSISDN和IMEI之间的映射关系,如图9所示。

  • 基金资助:
    国家重点研发计划[2017YFB0802300]

Research on VoLTE Traffic Based on Association Fusion

LIU Min, CHEN Shuhui()   

  1. College of Computer, National University of Defense Technology, Changsha 410073, China
  • Received:2019-12-16 Online:2020-04-10 Published:2020-05-11
  • Contact: Shuhui CHEN E-mail:shchen@nudt.edu.cn

摘要:

随着VoLTE的不断普及,VoLTE用户以及移动网络中VoLTE流量持续增加。在4G、5G网络不断普及的背景下,开展VoLTE流量的分析研究工作具有十分重要的意义。文章介绍了VoLTE基本网络架构及其语音编码原理;在VoLTE信令数据与语音数据相关性分析的基础上,结合VoLTE会话中信令完整性的不足,提出了基于信令引导以及无信令引导下的VoLTE语音分析处理方法;通过对比VoLTE所采用的AMR语音的传输格式和播放格式,阐述了格式转换与AMR语音还原处理方法。文章通过关联融合技术获取了用户VoLTE通话相关的通联信息,为合法网络取证工作提供了重要信息保障。

关键词: VoLTE, AMR编码, 语音还原, 网络取证

Abstract:

With the increasing popularity of VoLTE, VoLTE users and VoLTE traffic in mobile networks continue to increase. In the context of the continuous popularization of 4G and 5G networks, it is of great significance to carry out research on VoLTE traffic. This paper introduces VoLTE network architecture and the principle of speech coding. Based on the analysis of the correlation between VoLTE signaling data and voice data, combined with the fact that the integrity of VoLTE session message is insufficient, this paper proposes a method of VoLTE speech analysis and processing based on signaling guidance and without signaling guidance. By comparing AMR voice transmission format and audio format, this paper proposes the method of format conversion and AMR voice recovery. Through association fusion, the connection information related to VoLTE calls are obtained, which provides important information guarantee for lawful network forensics.

Key words: VoLTE, AMR coding, voice recovery, network forensics

中图分类号: