通信类英文文献与翻译
姓名:刘峻霖班级:通信 143 班学号:2014101108
附录
一、英文原文:
Detecting Anomaly Traf?c using Flow Data in the real
VoIP network
I. INTRODUCTION
Recently, many SIP[3]/RTP[4]-based VoIP applications and services have appeared and their penetration ratio is gradually increasing due to the free or cheap call charge and the easy subscription method. Thus, some of the subscribers to the PSTN service tend to change their home telephone services to VoIP products. For example, companies in Korea such as LG Dacom, Samsung Net- works, and KT have begun to deploy SIP/RTP-based VoIP services. It is reported that more than ?ve million users have subscribed the commercial VoIP services and 50% of all the users are joined in 2009 in Korea [1]. According to IDC, it is expected that the number of VoIP users in US will increase to 27 millions in 2009 [2]. Hence, as the VoIP service becomes popular, it is not surprising that a lot of VoIP anomaly traf?c has been already known [5]. So, Most commercial service such as VoIP services should provide essential security functions regarding privacy, authentication, integrity and non-repudiation for preventing malicious traf?c. Particu - larly, most of current SIP/RTP-based VoIP services supply the minimal security function related with authentication. Though secure transport-layer protocols such as Transport Layer Security (TLS) [6] or Secure RTP (SRTP)
[7]have been standardized, they have not been fully implemented and deployed in current VoIP applications because of the overheads of implementation and performance. Thus, un-encrypted VoIP packets could be easily sniffed and forged, especially in wireless LANs. In spite of authentication,the authentication keys such as MD5 in the SIP header could be maliciously exploited, because SIP is a text-based protocol and unencrypted SIP packets are easily decoded. Therefore, VoIP services are very vulnerable to attacks exploiting SIP and RTP. We aim at proposing a VoIP anomaly traf?c detection method using the ?ow -based traf?c measurement archi-tecture. We consider three representative VoIP anomalies called CANCEL, BYE Denial of Service (DoS) and RTP ?ooding attacks in this paper, because we found that malicious users in wireless LAN could easily perform these attacks in the real VoIP network. For monitoring VoIP packets, we employ the IETF IP Flow Information eXport (IPFIX) [9] standard that is based on NetFlow v9. This traf?c measurement method
provides a ?exible and extensible template structure for various protocols, which is useful
for observing SIP/RTP ?ows [10]. In order to capture and export VoIP packets into
IPFIX ?ows, we de?ne two additional IPFIX templates for SIP and RTP ?ows. Furthermore,
we add four IPFIX ?elds to observe 802.11 packets which are necessary to detect VoIP
source spoo?ng attacks in WLANs.
II.RELATED WORK
[8]proposed a ?ooding detection method by theHellinger Distance (HD) concept. In [8], they
have pre- sented INVITE, SYN and RTP ?ooding detection meth-ods. The HD is the difference value between a training data set and a testing
data set. The training data set
collected traf?c over n sampling period of duration t.The testing data set collected tra next the training data set in the same period. If the HD is close to ‘ 1’ , this tes
regarded as anomaly traf?c. For using this method, they assumed that initial training data set
did not have any anomaly traf?c. Since this method was based on packet counts, it might not
easily extended to detect other anomaly traf?c except ?ooding. On the other hand, [11] has proposed a VoIP anomaly traf?c detection method using Extended Finite State Machine (EFSM). [11] has suggested INVITE ?ooding, BYE DoS anomaly traf?c and media spamming detection methods. However, the state machine required more memory because it had to
maintain each ?ow. [13] has presented NetFlow -based VoIP anomaly detection methods for INVITE, REGIS- TER, RTP ?ooding, and REGISTER/INVITE scan. How -ever, the VoIP DoS attacks considered in this paper were not considered. In [14], an IDS approach to detect SIP anomalies was developed, but only simulation results are presented. For monitoring VoIP
traf?c, SIPFIX [10] has been proposed as an IPFIX extension. The key ideas of the SIPFIX
are application-layer inspection and SDP analysis for carrying media session information. Yet,
this paper presents only the possibility of applying SIPFIX to DoS anomaly traf?c detection
and prevention. We described the preliminary idea of detecting VoIP anomaly traf?c in [15].
This paper elaborates BYE DoS anomaly traf?c and RTP ?ooding anomaly traf?c detec-tion method based on IPFIX. Based on [15], we have considered SIP and RTP anomaly traf?c generated in wireless LAN. In this case, it is possible to generate the similiar anomaly traf?c
with normal VoIP traf?c, because attackers can easily extract normal user information from unencrypted VoIP packets. In this paper, we have extended the idea with additional SIP
detection methods using information of wireless LAN packets. Furthermore, we have shown
the real experiment results at the commercial VoIP network.
III. THE VOIP ANOMALY TRAFFIC DETECTION
METHOD
A. CAN CEL DoS Anomaly Traf?c Detection
As the SIP INVITE message is not usually encrypted, attackers could extract ?elds necessary to reproduce the forged SIP CANCEL message by snif?ng SIP INVITE packets, especially in wireless LANs. Thus, we cannot tell the difference between the normal SIP CANCEL message and the replicated one, because the faked CANCEL packet includes the
normal ?elds inferred from the SIP INVITE message.The attacker will perform the SIP CANCEL DoS attack at the same wireless LAN, because the purpose of the SIP CANCEL
attack is to prevent the normal call estab-lishment when a victim is waiting for calls. Therefore, as soon as the attacker catches a call invitation message for a victim, it will send a SIP CANCEL message, which makes the call establishment failed. We have generated faked SIP CANCEL message using sniffed a SIP INVITE message.Fieldsin SIP header of this CANCEL message is the same as normal SIP CANCEL message, because the attacker can obtain the SIP header ?eld from unencrypted normal SIP message in wireless LAN environment. Therefore it is impossible to detect the CANCEL DoS anomaly traf?c using SIP headers, we use the different values of the wireless LAN frame. That is, the sequence number in the
802.11 frame will tell the difference between a victim host and an attacker. We look into source MAC address and sequence numberin the 802.11 MAC frame including a SIP CANCEL message as shown in Algorithm 1. We compare the source MAC address of SIP CANCEL packets with that of the previously saved SIP INVITE ?ow. If the source MAC address of a SIP CANCEL ?ow is changed, it will be highly probable that the CANCEL
packet is generated by a unknown user. However, the source MAC address could be spoofed. Regarding 802.11 source spoo?ng detection, we employ the method in [12] that uses
sequence numbers of 802.11 frames. We calculate the gap between n-th and (n-1)-th 802.11 frames. As the sequence number ?eld in a 802.11 MAC header uses 12 bits, it varies from 0 to 4095. When we ?nd that the sequence number gap betweena single SIP ?ow is greater than the threshold value of N that will be set from the experiments, we determine that the SIP host address as been spoofed for the anomaly traf?c.
B. BYE DoS Anomaly Traf?c Detection
In commercial VoIP applications, SIP BYE messages use the same authentication ?eld is included in the SIP IN-VITE message for security and accounting purposes. How-ever, attackers can reproduce BYE DoS packets through snif?ng normal SIP INVITE packets in wireless LANs.The faked SIP BYE message is same with the normal SIP BYE. Therefore, it is dif?cult to detect the BYE DoS anomaly traf?c using only SIP header information.After snif?ng SIP INVITE message, the attacker at the same or different subn ets could terminate the normal in- progress call, because it could succeed in generating a BYE message to the SIP proxy server. In the SIP BYE attack, it is dif?cult to distinguish from the normal call termination procedure. That is, we apply the timestamp of RTP traf?c for detecting the SIP BYE attack. Generally, after normal call termination, the bi- directional RTP ?ow is terminated in a bref space of time. However, if the call termination procedure is anomaly, we can observe that a directional RTP media?ow is still ongoing, whereas an attacked directional RTP ?ow is broken. Therefore, in order to detect the SIP BYE attack, we decide that we watch a directional
RTP ?ow for a long time threshold of N sec after SIP BYE message. The threshold of N is also set from the experiments.Algorithm 2 explains the procedure to detect BYE DoS anomal traf?c using captured timestamp of the RTP packet. We maintain SIP session information between clients with INVITE and OK messages including the same Call-ID and 4-tuple
(source/destination IP Address and port number) of the BYE packet. We set a time threshold value by adding Nsec to the timestamp value of the BYE message. The reason why we use the captured timestamp is that a few RTP packets are observed under 0.5 second. If RTP traf?c is observed after the time threshold, this will be considered as a BYE DoS attack, because the VoIP session will be terminated with normal BYE messages. C. RTP Anomaly Traf?c Detection Algorithm 3 describes an RTP ?ooding detection method thatuses
SSRC and sequence numbers of the RTP header. During a single RTP session, typically, the same SSRC value is maintained. If SSRC is changed, it is highly probable that anomaly has occurred. In addition, if there is a big sequence number gap between RTP packets, we determine that anomaly RTP traf?c has happened. As inspecting every sequence number for a
packet is dif?cult, we calculate the sequence number gap using the ?rst, last, maximum and minimum sequence numbers. In the RTP header,the sequence number ?eld uses 16 bits from
0 to 65535. When we observe a wide sequence number gap in our algorithm, we consider it
as an RTP ?ooding attack.
IV. PERFORMANCE EVALUATION
A. Experiment Environment
In order to detect VoIP anomaly traf?c, we established an experimental environment as ?gure 1.In this envi-ronment, we employed two VoIP phones with wireless LANs, one attacker, a wireless access router and an IPFIX ?ow collector. For the realistic performance evaluation, we directly used one of the working VoIP networks deployed in Korea where an 11-digit telephone number (070-XXXX-XXXX) has been assigned to a SIP phone.With wireless SIP phones supporting 802.11, we could make calls to/from the PSTN or cellular phones. In the wireless access router, we used two wireless LAN cards- one is to support the AP service, and the other is to monitor 802.11 packets. Moreover, in order to observe VoIP packets in the wireless access router, we modi?ed nProbe [16], that is an open IPFIX ?ow generator, to create and export IPFIX ?ows related with SIP, RTP, and 802.11 information. As the IPFIX collector, we have modi?ed libip?x so that it could provide the IPFIX ?ow decoding
function for SIP, RTP, and 802.11 templates. We used MySQL for the ?ow DB. B. Experimental Results
In order to evaluate our proposed algorithms, we gen-erated 1,946 VoIP calls with two commercial SIP phones and a VoIP anomaly traf?c generator. Table I shows our experimental results with precision, recall, and F-score that is the harmonic mean of precision and recall. In CANCEL DoS anomaly traf?c detection, our algorithm represented a few false negative cases, which was related with the gap threshold of the sequence number in 802.11 MAC header. The average of the F-score value for detecting the SIP CANCEL anomaly is 97.69%.For BYE anomaly tests, we generated 755 BYE mes-sages including 118 BYE DoS anomalies in the exper-iment. The proposed BYE DoS anomaly traf?c detec-tion algorithm found 112 anomalies with the F-score of 96.13%. If an RTP ?ow is te rminated before the threshold, we regard the anomaly ?ow as a normal one. In this algorithm, we extract RTP session information from INVITE and OK or session description messages using the same Call-ID of BYE message. It is possible not to capture those packet, resulting in a few false-negative cases. The RTP ?ooding anomaly traf?c detection experiment for 810 RTP sessions resulted in the F score of 98%.The reason of false-positive cases was related with the sequence number in RTP header. If the sequence number of anomaly traf?c is overlapped with the range of the normal traf?c, our algorithm will consider it as normal traf?c.
V. CONCLUSIONS
We have proposed a ?ow-based anomaly traf?c detec-tion method against SIP and RTP-based anomaly traf?c in this paper. We presented VoIP anomaly traf?c detection methods with ?ow data on the wireless access router. We used the IETF IPFIX standard to monitor
SIP/RTP ?ows passing through wireless access routers, because its template architecture is easily extensible to several protocols. For this purpose, we de?ned two new IPFIX templates for SIP and RTP traf?c and four new IPFIX ?elds for 802.11 traf?c. Using these IPFIX ?ow templates,we proposed CANCEL/BYE DoS and RTP ?ooding traf?c detection algorithms. From experimental results on the working VoIP network in Korea, we showed that our method is able to detect three representative VoIP attacks on SIP phones. In CANCEL/BYE DoS anomaly traf?c
detection method, we employed threshold values about time and sequence number gap for class?cation of normal and abnormal VoIP packets. This paper has not been mentioned the test result about suitable threshold values. For the future work, we will show the experimental result about evaluation of the threshold values for our detection method.
二、英文翻译:
交通流数据检测异常在真实的世界中使用的VoIP 网络
一 .介绍
最近 ,许多 SIP[3],[4] 基于服务器的VoIP 应用和服务出现了 ,并逐渐增加他们
的穿透比及由于自由和廉价的通话费且极易订阅的方法。因此,一些用户服务倾向于改变他们 PSTN 家里电话服务 VoIP 产品。例如 ,公司在韩国 LG、三星等 Dacom 网 -作品、 KT 已经开始部署 SIP / RTP-based VoIP 服务。据报道 ,超过 5 百
万的用户已订阅《商业 VoIP 服务和 50%的所有的用户都参加了 2009 年在韩国 [1] 。据 IDC,预期该用户的数量将增加在我们的 VoIP 2009 年到 27 百万 [2] 。因此 ,随着VoIP 服务变得很受欢迎 ,这是一点也不意外 ,很多人对 VoIP 异常交通已经知道 [5] 。所以 ,大多数商业服务如 VoIP 服务应该提供必要的安全功能对于隐私、认证、完
整性和不可否认对于防止恶意的交通。Particu - larly, 大多数的电流SIP /
RTP-based VoIP服务提供最小安全功能相关的认证。虽然安全transport-layer 一类协议传输层安全 (TLS)[6] 或安全服务器 (SRTP)[7]已经被修正 ,它们并没有被完全实施和部署在当前的 VoIP 应用的实施 ,因为过顶球和性能。因此 ,un-encrypted
VoIP包可以轻易地嗅和伪造的,特别是在无线局域网。尽管的认证, 认证键 ,如
MD5 在 SIP 头可以狠的剥削 ,因为 SIP 是基于文本的协议和未加密的SIP 包都很容易地被解码。因此 ,VoIP 服务很容易被攻击开发 SIP 和服务器。我们的目标是在
提出一个 VoIP 异常交通检测方法 archi-tecture 使用流转交通测量。我们认为有代表
性的 VoIP 异常称为取消 ,再见拒绝服务 (DoS)和快速的洪水袭击在本文中 ,因
为我们发现恶意的用户在无线局域网可以很容易地履行这些袭击的真正的VoIP 网络。VoIP 包监测 ,利用 IETF 出口 (IPFIX IP 流信息 )[9] 标准的基础上 ,对 NetFlow 9节。这一交通测量方法的研究提供了一个灵活的、可扩展的模板结构为各种各
样的协议 ,有利于对观察 SIP /服务器流 [10] 。摘要为获取和出口 VoIP 包成 IPFIX
流中 ,我们定义两个额外的 IPFIX 模板为 SIP 和快速流动。此外 ,我们加上四个IPFIX 领域观察 802.11 包所必需的欺骗攻击的检测在 WLANs V oIP 来源。
二 .相关工作
[8]提出了一种检测方法 Hellinger 洪水的距离 (简称 HD) 的概念。文献 [8] 中,
他们有售前介绍邀请 ,洪水 :SYN 和快速检测种方法。高清是之间的差异值的训练
数据集和测试的数据集。收集的训练数据集的交通量持续时间Δn采样周期 t。收集的测试数据集的训练数据集下的流量可以在同一时间内。如果高清接近'1',
该测试数据集被视为异常交通。为使用这个方法 ,他们假定初始训练数据集上没有任
何异常交通。因为这种方法是基于分组数 ,它可能不会很容易地扩展来侦测其他异常
交通除了洪水泛滥。另一方面 ,[11]提出了一项 VoIP 异常交通检测方法 , 利用扩展有
限状态机 (EFSM)。 [11] 建议邀请洪水 ,再见 DoS 异常交通和媒体垃圾邮件检测的方法。然而 ,状态机的需要更多的内存空间 ,因为它已经保持每个流程。
[13]已经呈现出NetFlow-based VoIP 异常检测方法,REGIS-TER 邀请,琳琅驱,而注
册 /邀请扫描。 How-ever VoIP DoS 攻击 ,本文认为不被考虑。在[14], 一个入侵检测
系统 (IDS)的方法来检测 ,研制了 SIP 的异常 ,但是只有仿真的结果。 VoIP 交通、
SIPFIX 监测 [10] 作为 IPFIX 提出了延长。 SIPFIX 的主要思路的分析是应用层检验
和 SDP 装载媒体会话的信息。然而 ,本文提出只有中应用的可能性 ,SIPFIX DoS
异常交通检测器和预防。我们描述了初步的构思的交通状况检测VoIP 异常 [15] 。阐述了交通 ,再见 DoS 异常交通 detec-tion 洪水异常快速 IPFIX 方法的基础上。基于[15],我们一直认为 SIP 和服务器异常交通产生在无线局域网。在这种情况下 , 就有可
能产生类似的异常交通与正常 VoIP 交通 ,因为攻击者就很容易从普通用户信息提取
未加密的 VoIP 的数据包。在本文中 ,我们已经将这个想法与额外的 SIP
检测方法的使用信息的无线局域网的数据包。此外,我们已经表现出真正的实验
结果在商业 VoIP 网络。
三 .交通检测器的 VOIP 异常方法
a.取消 DoS 异常交通检测器
为SIP 邀请信息通常是不加密的 ,攻击者可以提取领域繁殖伪造的必要信息通过
嗅闻啜啜取消邀请包 ,特别是在无线局域网。因此 ,我们不能辨别其正常 SIP
取消短信与复制的一个 ,因为管理领域包括正常取消包推断出 SIP 邀请的讯息。攻击
者将会执行的园区取消 DoS 攻击 ,因为相同的无线局域网的目的是为了防止 SIP 取
消攻击时的正常叫 estab-lishment 受害者正等待着电话。因此 ,尽快打电话邀请袭击
者渔获的信息 ,为一个受害者 ,就会发送一个 SIP 取消消息 ,这使得叫建立失败了。我
们产生了伪造的 SIP 取消消息使用嗅一口邀请的讯息。苏州工业园区头球的领域都
是一样的 ,取消信息正常 SIP 取消留言 ,因为攻击者无法获得 SIP 标
题域 SIP 消息未加密的正常从无线局域网的环境。因此无法检测交通使用DoS
异常取消标题 ,我们使用了 SIP 的值不同的无线局域网帧。也就是说 ,序号在画框会在802.11 分辨一个受害者的主人和一个攻击者。我们看着源 MAC 地址和序列号的MAC 框架包括一小口 802.11 取消信息显示在算法 1。我们比较了源 MAC 地址的
SIP 取消包与先前储存的 SIP 邀请流动。如果源 MAC 地址的一小口取消流量发生变
化时,它会有很高的可能取消包所产生的未知的用户。然而,源MAC 地址可以欺骗时。
关于 802.11 源掺假检测 ,利用法在 [12], 使用序列号 802.11 的帧。
我们之间的差距,最后对计算-th(n-1 802.11 的帧。)作为序号在现场的使用12 位802.11 MAC 头球 ,它不同于从 0 到 4095。当我们发现序号在一个单一的 SIP 流量差距大于阈值 ,将定氮的实验结果 ,我们确定 SIP 主机地址被欺骗时为异常交通。
b.再见DoS 异常交通检测器
VoIP 应用在商业 ,SIP 再见消息使用相同的认证领域包括在SIP IN-VITE 的信息 ,为安全、会计的目的。 How-ever,攻击者可以复制再见 DoS 信息包通过嗅正常SIP 邀请包的无线局域网。信息管理 SIP 再见也用正常的 SIP 再见。因此 ,很难侦测再见 DoS 异常交通只利用 SIP 的标题信息。信息后 ,闻了闻 SIP 邀请攻击者在相同或不同的子网 ,可以终止在正常范围之内 ,因为它可以进步电话中获得成功 , 生成了再见消息给 SIP 代理服务器。在 SIP 再见攻击 ,难以区分 ,从普通的电话终止程序。也就是说 ,我们申请时间戳的快速交通侦测 SIP 再见的攻击。一般来说 , 普通电话后 ,由双向快速流终止结束时仍很快就空间的时间。然而 ,如果这个调用
终止程序是异常时,我们能观察到的媒体流方向快速仍在进行,但是攻击流量定向琳琅坏了。因此,为了检测SIP 再见的进攻,我们决定,我们观看了一场方向快速流在很长一段时间后的最低门槛 ,N 秒 SIP 再见消息。入口处的 N 也将从实验。算法的程序来检测 2 解释说再见 DoS anomal 交通用被俘的时间戳的快速包。我们
保持SIP会话之间信息的客户提供包括邀请和好的信息和4-tuple相同的Call-ID( 源/目的IP 地址和端口)再见包。我们约个时间通过增加Nsec 阈值的时间戳的价值信息。再见我们为什么使用捕获的时间戳是那几个服务器包下观察 0.5 秒。如果服务器后交通观测时间阈值 ,这将被视为一种再见 DoS 攻击 ,因为 VoIP 会议将终止与正常再见消息。服务器异常交通检测算法之 3 描述了一种快速检测方法 ,使用SSRC 洪水和顺序编号的服务器的标题。会议期间 ,通常一个单一的服务器 ,同样的SSRC 价值得以维持。如果 SSRC 也发生了变化 ,极有可能就是异常发生时。另外 ,如果有一个很大的序列号差距包 ,我们确定服务器异常交通发生。服务器检查每一个序列号码作为一个包是困难的 ,我们计算序列号的差距 ,最后使用第一 ,最大和最小顺序编号。在服务器页眉、序号在现场使用 16 位从 0 到 65535 之间。当我们看到一个宽的序列号差距在我们的方法 ,我们觉得这是一种快速的洪水袭击。
四 . 绩效评估
a.试验环境
为了检测 VoIP 异常交通 ,我们建立了一个实验环境为图 1。在这个环境 ,我们聘用了两 VoIP 电话与无线局域网 ,一个袭击者 ,无线接入路由器和 IPFIX 流收藏家。对现实的绩效评估 ,我们直接采用 VoIP 网络的工作之一 11-digit 部署在韩国
当在一个电话号码 (070-XXXX-XXXX)已被分配到一个SIP 电话。 SIP 电话支持
802.11 无线,我们可以打电话到/从PSTN 或手机。在无线接入路由器,我们使用了两种无线局域网卡 -一个是为了支持美联社服务 ,另一个是监听 802.11 的数据包。
此外,为了观察VoIP 包的无线接入路由器,我们修改nProbe[16],那是一个开放的IPFIX 流发生器、创造和出口 IPFIX 流动相关的喝了一口 ,琳琅 ,802.11 的信息。随着 IPFIX 收藏家 ,我们更改了 ,它会 libipfix 流动提供了 IPFIX 解码功能为喝了一口 ,琳琅 ,802.11 模板。我们使用 MySQL 的流量分贝。
b.实验结果
为了评估我们提出的演算法 ,我们 gen-erated 1,946 VoIP 电话和两个商业 SIP 电话和 VoIP 异常交通的发电机。实验结果显示我们的桌子上我和精确 ,召回 ,这是F-score 谐波均值的精度和召回率的两倍。在 DoS 异常交通检测器取消 ,我们的算法代表了一些假负面的案例 ,这是关系到阈值的差距序列号在 802.11 MAC 的标
题。 F-score值的平均值为检测97.69%.For SIP 取消异常是产生异常的测试中,我们再见再见再见mes-sages包括 118 靶向 exper-iment DoS 异常之处。提出的交通detec-tion 再见 DoS 异常算法与 F-score 112异常发现的 96.13%。如果一个快速流是前终止阈值 ,我们把异常流量作为一个正常的人。该算法提取信息从服务器会话的邀请和好的或者会议简介讯息使用相同的 Call-ID 再见消息。它是可能的 ,不是来捕捉那些包 ,导致一些最后的病例。洪水异常交通检测器的服务器会话
810 对试验结果的分析导致了服务器的 F 值可达到 98%以上。假阳性病例的原因与服务器的序列号在页眉。如果序列数目的异常交通搭接的正常范围,我们的演算法将考虑交通是正常的交通。
五 .结论
我们提出了一 detec-tion 流转异常交通方法和SIP 和 RTP-based异常交通进
行了论述。我们提出了异常检测方法与 VoIP 交通流数据的无线接入路由器。我们使用了 IETF 标准监控 IPFIX SIP /服务器通过无线接入路由器流动 ,因为模板的建筑是很容易扩展到几个协议。为了这个目的 ,我们定义了两个新的 IPFIX 模板为 SIP 和快速交通和四个新 IPFIX 田野为 802.11 的交通。使用这些 IPFIX 流程
模版 ,我们提出取消 /再见 DoS 及快速交通检测算法的洪水。从实验的结果 VoIP 网络在韩国的工作表明 ,我们的方法 ,我们可以探测到三个代表 VoIP 袭击 SIP 电话。在取消 /再见 DoS 异常交通检测方法 ,本研究使用的阈值关于时间和序列号的差异极大的正常及异常的 ip 数据包。本文还没有提到关于适当的阈值 ,对测试结
果的价值。对将来的工作 ,我们将显示实验结果对评价为我们的检测方法的阈值。
《化学工程与工艺专业英语》课文翻译 完整版
Unit 1 Chemical Industry 化学工业 1.Origins of the Chemical Industry Although the use of chemicals dates back to the ancient civilizations, the evolution of what we know as the modern chemical industry started much more recently. It may be considered to have begun during the Industrial Revolution, about 1800, and developed to provide chemicals roe use by other industries. Examples are alkali for soapmaking, bleaching powder for cotton, and silica and sodium carbonate for glassmaking. It will be noted that these are all inorganic chemicals. The organic chemicals industry started in the 1860s with the exploitation of William Henry Perkin‘s discovery if the first synthetic dyestuff—mauve. At the start of the twentieth century the emphasis on research on the applied aspects of chemistry in Germany had paid off handsomely, and by 1914 had resulted in the German chemical industry having 75% of the world market in chemicals. This was based on the discovery of new dyestuffs plus the development of both the contact process for sulphuric acid and the Haber process for ammonia. The later required a major technological breakthrough that of being able to carry out chemical reactions under conditions of very high pressure for the first time. The experience gained with this was to stand Germany in good stead, particularly with the rapidly increased demand for nitrogen-based compounds (ammonium salts for fertilizers and nitric acid for explosives manufacture) with the outbreak of world warⅠin 1914. This initiated profound changes which continued during the inter-war years (1918-1939). 1.化学工业的起源 尽管化学品的使用可以追溯到古代文明时代,我们所谓的现代化学工业的发展却是非常近代(才开始的)。可以认为它起源于工业革命其间,大约在1800年,并发展成为为其它工业部门提供化学原料的产业。比如制肥皂所用的碱,棉布生产所用的漂白粉,玻璃制造业所用的硅及Na2CO3. 我们会注意到所有这些都是无机物。有机化学工业的开始是在十九世纪六十年代以William Henry Perkin 发现第一种合成染料—苯胺紫并加以开发利用为标志的。20世纪初,德国花费大量资金用于实用化学方面的重点研究,到1914年,德国的化学工业在世界化学产品市场上占有75%的份额。这要归因于新染料的发现以及硫酸的接触法生产和氨的哈伯生产工艺的发展。而后者需要较大的技术突破使得化学反应第一次可以在非常高的压力条件下进行。这方面所取得的成绩对德国很有帮助。特别是由于1914年第一次世界大仗的爆发,对以氮为基础的化合物的需求飞速增长。这种深刻的改变一直持续到战后(1918-1939)。 date bake to/from: 回溯到 dated: 过时的,陈旧的 stand sb. in good stead: 对。。。很有帮助
计算机专业英语名词(缩写及翻译)
AAT(Average access time,平均存取时间) ABS(Auto Balance System,自动平衡系统) AM(Acoustic Management,声音管理) ASC(Advanced Size Check,高级尺寸检查) ASMO(Advanced Storage Magneto-Optical,增强形光学存储器) AST(Average Seek time,平均寻道时间) ATA(Advanced Technology Attachment,高级技术附加装置)ATOMM(Advanced super Thin-layer and high-Output Metal Media,增强形超薄高速金属媒体) BBS(BIOS Boot Specification,基本输入/输出系统启动规范) BPI(Bit Per Inch,位/英寸) bps(bit per second,位/秒) bps(byte per second,字节/秒) CAM(Common Access Model,公共存取模型) CF(CompactFlash Card,紧凑型闪存卡) CHS(Cylinders、Heads、Sectors,柱面、磁头、扇区) CSS(Common Command Set,通用指令集) DBI(dynamic bus inversion,动态总线倒置) DIT(Disk Inspection Test,磁盘检查测试) DMA(Direct Memory Access,直接内存存取) DTR(Disk Transfer Rate,磁盘传输率) EIDE(enhanced Integrated Drive Electronics,增强形电子集成驱动器)eSATA(External Serial ATA,扩展型串行ATA) FDB(fluid-dynamic bearings,动态轴承) FAT(File Allocation T ables,文件分配表) FC(Fibre Channel,光纤通道) FDBM(Fluid dynamic bearing motors,液态轴承马达) FDB(Fluid Dynamic Bearing,非固定动态轴承) FDC(Floppy Disk Controller,软盘驱动器控制装置) FDD(Floppy Disk Driver,软盘驱动器) GMR(giant magnetoresistive,巨型磁阻) HDA(Head Disk Assembly,头盘组件) HiFD(high-capacity floppy disk,高容量软盘) IDE(Integrated Drive Electronics,电子集成驱动器) IPEAK SPT(Intel Performance Evaluation and Analysis Kit - Storage Performance Toolkit,英特尔性能评估和分析套件- 存储性能工具包)JBOD(Just a Bunch Of Disks,磁盘连续捆束阵列) LBA(Logical Block Addressing,逻辑块寻址) MR(Magneto-resistive Heads,磁阻磁头) MBR(Master Boot Record,主引导记录) ms(Millisecond,毫秒) MSR(Magnetically induced Super Resolution,磁感应超分辨率)MTBF(Mean Time Before Failure,平均无故障时间) NQC(Native Queuing Command,内部序列命令)
机械专业外文翻译(中英文翻译)
外文翻译 英文原文 Belt Conveying Systems Development of driving system Among the methods of material conveying employed,belt conveyors play a very important part in the reliable carrying of material over long distances at competitive cost.Conveyor systems have become larger and more complex and drive systems have also been going through a process of evolution and will continue to do so.Nowadays,bigger belts require more power and have brought the need for larger individual drives as well as multiple drives such as 3 drives of 750 kW for one belt(this is the case for the conveyor drives in Chengzhuang Mine).The ability to control drive acceleration torque is critical to belt conveyors’performance.An efficient drive system should be able to provide smooth,soft starts while maintaining belt tensions within the specified safe limits.For load sharing on multiple drives.torque and speed control are also important considerations in the drive system’s design. Due to the advances in conveyor drive control technology,at present many more reliable.Cost-effective and performance-driven conveyor drive systems covering a wide range of power are available for customers’ choices[1]. 1 Analysis on conveyor drive technologies 1.1 Direct drives Full-voltage starters.With a full-voltage starter design,the conveyor head shaft is direct-coupled to the motor through the gear drive.Direct full-voltage starters are adequate for relatively low-power, simple-profile conveyors.With direct fu11-voltage starters.no control is provided for various conveyor loads and.depending on the ratio between fu11-and no-1oad power requirements,empty starting times can be three or four times faster than full load.The maintenance-free starting system is simple,low-cost and very reliable.However, they cannot control starting torque and maximum stall torque;therefore.they are
电气外文文献-翻译
Circuit breaker 断路器 Compressed air circuit breaker is a mechanical switch equipm ent, can be i 空气压缩断路器是一种机械开关设备,能够在n normal and special conditions breaking current (such as sho rt circuit cur 正常和特殊情况下开断电流(比如说短路电流)。 rent). For example, air circuit breaker, oil circuit breaker, interf erence circ 例如空气断路器、油断路器,干扰电路的导体uit conductor for the application of the safety and reliability o f the circuit 干扰电路的导体因该安全可靠的应用于其中, breaker, current in arc from is usually divided into the followin g grades: a 电流断路器按灭弧远离通常被分为如下等级:ir switch circuit breaker, oil circuit breaker, less oil circuit break er, compr 空气开关断路器、油断路器、少油断路器、压缩空essed air circuit breaker, a degaussing of isolating switch, six s ulfur hexaf
污水处理 英文文献3 翻译
丹宁改性絮凝剂处理城市污水 J.Beltrán-heredia,J.ánche z-Martin 埃斯特雷马杜拉大学化学工程系和物理化学系,德埃娃儿,S / N 06071,巴达霍斯,西班牙 摘要 一种新的以丹宁为主要成分的混凝剂和絮凝剂已经过测试用以处理城市污水。TANFLOC 证实了其在浊度的去除上的高效性(接近100%,取决于剂量),并且近50%的BOD5和COD 被去除,表明TANFLOC是合适的凝集剂,效力可与明矾相媲美。混凝絮凝剂过程不依赖于温度,发现最佳搅拌速度和时间为40转/每分钟和30分钟。多酚含量不显著增加,30%的阴离子表面活性剂被去除。沉淀过程似乎是一种絮凝分离,所以污泥体积指数和它随絮凝剂剂量的改变可以确定。证明TANFLOC是相当有效的可用于污水处理的混凝絮凝剂。 关键词: 基于丹宁的絮凝剂城市污水絮凝天然混凝剂 1.简介 人类活动是废物的来源。特别是在城市定居点,来自家庭和工业的废水可能是危险有害的产品[ 1 ],需要适当的处理,以避免对环境[ 2 ]和健康的影响[ 3,4 ]。2006年12月4日联合国大会通过决议宣布2008为国际卫生年。无效的卫生基础设施促使每年220万人死于腹泻,主要在3岁以下儿童,600万人因沙眼失明,两亿人感染血吸虫病,只是为了给出一些数据[ 5 ]。显然,他们中的大多数都是在发展中国家,所以谈及城市污水,必须研究适当的技术来拓宽可能的处理技术种类。 在这个意义上,许多类型的水处理被使用。他们之间的分歧在于经济和技术特点上。了摆脱危险的污染[ 6 ],一些令人关注的论文已经发表的关于城市污水处理的几种天然的替代方法,包括绿色过滤器、化学初步分离、紫外消毒[ 7 ]和多级程序[ 8 ]。 几个以前的文件指出了城市污水管理[9,10]的重要性。这种类型的废物已成为社会研究的目标,因为它涉及到几个方面,都与社会结构和社会组织[11 ]相关。根据这一维度,必须认识到废水管理作为发展中国家的一种社会变化的因素,事关污水处理和生产之间的平衡,是非常重要的,一方面,人类要发展,另一方面,显而易见。 对水处理其它程序的研究一直是这和其他文件的范围。几年来,研究者关注的是发展中国家间的合作,他们正在致力于水处理的替代过程,主要考虑可持续发展,社会承受能力和可行性等理念。在这个意义上,自然混凝絮凝剂这一广为传播,易于操作的资源即使是非专业人员也不难操作。有一些例子,如辣木[ 14 ]和仙人掌榕[ 15 ]。丹宁可能是一个新的混凝剂和絮凝剂。 一些开拓者已经研究了丹宁水处理能力。 ?zacar和sengil [ 16 ]:从瓦罗NIA获得的丹宁,从土耳其的autoctonous树的果壳中获得丹宁,并用于他们的–污水混凝絮凝过程。他们表明,丹宁有很好的效果,结合Al2(SO4)3可进一步提高污泥去除率。 詹和赵[ 17 ]试着用丹宁为主要成分的凝胶作为吸收剂除去水中的铝,丹宁凝胶改进了金属去除过程,一定意义上也可参照Nakano等人的[ 18 ],Kim 和Nakano[ 19 ]。 ?zacar和sengil [ 20 ]加强以前的文章给出了关于三卤甲烷的形成和其他不良化合物特殊的数据,以及处理后的水质安全。他们始终使用丹宁与Al2(SO4)3的组合。 帕尔马等人将丹宁从辐射松的树皮为原位提取,用于重金属去除中聚合固体。树皮本
计算机专业外文文献及翻译
微软Visual Studio 1微软Visual Studio Visual Studio 是微软公司推出的开发环境,Visual Studio可以用来创建Windows平台下的Windows应用程序和网络应用程序,也可以用来创建网络服务、智能设备应用程序和Office 插件。Visual Studio是一个来自微软的集成开发环境IDE,它可以用来开发由微软视窗,视窗手机,Windows CE、.NET框架、.NET精简框架和微软的Silverlight支持的控制台和图形用户界面的应用程序以及Windows窗体应用程序,网站,Web应用程序和网络服务中的本地代码连同托管代码。 Visual Studio包含一个由智能感知和代码重构支持的代码编辑器。集成的调试工作既作为一个源代码级调试器又可以作为一台机器级调试器。其他内置工具包括一个窗体设计的GUI应用程序,网页设计师,类设计师,数据库架构设计师。它有几乎各个层面的插件增强功能,包括增加对支持源代码控制系统(如Subversion和Visual SourceSafe)并添加新的工具集设计和可视化编辑器,如特定于域的语言或用于其他方面的软件开发生命周期的工具(例如Team Foundation Server的客户端:团队资源管理器)。 Visual Studio支持不同的编程语言的服务方式的语言,它允许代码编辑器和调试器(在不同程度上)支持几乎所有的编程语言,提供了一个语言特定服务的存在。内置的语言中包括C/C + +中(通过Visual C++),https://www.wendangku.net/doc/c216542348.html,(通过Visual https://www.wendangku.net/doc/c216542348.html,),C#中(通过Visual C#)和F#(作为Visual Studio 2010),为支持其他语言,如M,Python,和Ruby等,可通过安装单独的语言服务。它也支持的 XML/XSLT,HTML/XHTML ,JavaScript和CSS.为特定用户提供服务的Visual Studio也是存在的:微软Visual Basic,Visual J#、Visual C#和Visual C++。 微软提供了“直通车”的Visual Studio 2010组件的Visual Basic和Visual C#和Visual C + +,和Visual Web Developer版本,不需任何费用。Visual Studio 2010、2008年和2005专业版,以及Visual Studio 2005的特定语言版本(Visual Basic、C++、C#、J#),通过微软的下载DreamSpark计划,对学生免费。 2架构 Visual Studio不支持任何编程语言,解决方案或工具本质。相反,它允许插入各种功能。特定的功能是作为一个VS压缩包的代码。安装时,这个功能可以从服务器得到。IDE提供三项服务:SVsSolution,它提供了能够列举的项目和解决方案; SVsUIShell,它提供了窗口和用户界面功能(包括标签,工具栏和工具窗口)和SVsShell,它处理VS压缩包的注册。此外,IDE还可以负责协调和服务之间实现通信。所有的编辑器,设计器,项目类型和其他工具都是VS压缩包存在。Visual Studio 使用COM访问VSPackage。在Visual Studio SDK中还包括了管理软件包框架(MPF),这是一套管理的允许在写的CLI兼容的语言的任何围绕COM的接口。然而,MPF并不提供所有的Visual Studio COM 功能。
Manufacturing Engineering and Technology(机械类英文文献+翻译)
Manufacturing Engineering and Technology—Machining Serope kalpakjian;Steven R.Schmid 机械工业出版社2004年3月第1版 20.9 MACHINABILITY The machinability of a material usually defined in terms of four factors: 1、Surface finish and integrity of the machined part; 2、Tool life obtained; 3、Force and power requirements; 4、Chip control. Thus, good machinability good surface finish and integrity, long tool life, and low force And power requirements. As for chip control, long and thin (stringy) cured chips, if not broken up, can severely interfere with the cutting operation by becoming entangled in the cutting zone. Because of the complex nature of cutting operations, it is difficult to establish relationships that quantitatively define the machinability of a material. In manufacturing plants, tool life and surface roughness are generally considered to be the most important factors in machinability. Although not used much any more, approximate machinability ratings are available in the example below. 20.9.1 Machinability Of Steels Because steels are among the most important engineering materials (as noted in Chapter 5), their machinability has been studied extensively. The machinability of steels has been mainly improved by adding lead and sulfur to obtain so-called free-machining steels. Resulfurized and Rephosphorized steels. Sulfur in steels forms manganese sulfide inclusions (second-phase particles), which act as stress raisers in the primary shear zone. As a result, the chips produced break up easily and are small; this improves machinability. The size, shape, distribution, and concentration of these inclusions significantly influence machinability. Elements such as tellurium and selenium, which are both chemically similar to sulfur, act as inclusion modifiers in
电气供配电系统大学毕业论文英文文献翻译及原文
毕业设计(论文) 外文文献翻译 文献、资料中文题目:供配电系统 文献、资料英文题目:POWER SUPPLY AND DISTRIBUTION SYSTEM 文献、资料来源: 文献、资料发表(出版)日期: 院(部): 专业: 班级: 姓名: 学号: 指导教师: 翻译日期: 2017.02.14
POWER SUPPLY AND DISTRIBUTION SYSTEM ABSTRACT The basic function of the electric power system is to transport the electric power towards customers. The l0kV electric distribution net is a key point that connects the power supply with the electricity using on the industry, business and daily-life. For the electric power, allcostumers expect to pay the lowest price for the highest reliability, but don't consider that it's self-contradictory in the co-existence of economy and reliable.To improve the reliability of the power supply network, we must increase the investment cost of the network construction But, if the cost that improve the reliability of the network construction, but the investment on this kind of construction would be worthless if the reducing loss is on the power-off is less than the increasing investment on improving the reliability .Thus we find out a balance point to make the most economic,between the investment and the loss by calculating the investment on power net and the loss brought from power-off. KEYWARDS:power supply and distribution,power distribution reliability,reactive compensation,load distribution
各专业的英文翻译剖析
哲学Philosophy 马克思主义哲学Philosophy of Marxism 中国哲学Chinese Philosophy 外国哲学Foreign Philosophies 逻辑学Logic 伦理学Ethics 美学Aesthetics 宗教学Science of Religion 科学技术哲学Philosophy of Science and Technology 经济学Economics 理论经济学Theoretical Economics 政治经济学Political Economy 经济思想史History of Economic Thought 经济史History of Economic 西方经济学Western Economics 世界经济World Economics 人口、资源与环境经济学Population, Resources and Environmental Economics 应用经济学Applied Economics 国民经济学National Economics 区域经济学Regional Economics 财政学(含税收学)Public Finance (including Taxation) 金融学(含保险学)Finance (including Insurance) 产业经济学Industrial Economics 国际贸易学International Trade 劳动经济学Labor Economics 统计学Statistics 数量经济学Quantitative Economics 中文学科、专业名称英文学科、专业名称 国防经济学National Defense Economics 法学Law 法学Science of Law 法学理论Jurisprudence 法律史Legal History 宪法学与行政法学Constitutional Law and Administrative Law 刑法学Criminal Jurisprudence 民商法学(含劳动法学、社会保障法学) Civil Law and Commercial Law (including Science of Labour Law and Science of Social Security Law ) 诉讼法学Science of Procedure Laws
毕业设计_英语专业论文外文翻译
1. Introduction America is one of the countries that speak English. Because of the special North American culture, developing history and the social environment, American English has formed its certain unique forms and the meaning. Then it turned into American English that has the special features of the United States. American English which sometimes also called United English or U.S English is the form of the English language that used widely in the United States .As the rapid development of American economy, and its steady position and strong power in the world, American English has become more and more widely used. As in 2005, more than two-thirds of English native speakers use various forms of American English. The philologists of the United States had divided the English of the United States into four major types: “America n creating”; “Old words given the new meaning”; “Words that eliminated by English”;“The phonetic foreign phrases and the languages that are not from the English immigrates”[1]. Compared to the other languages, American English is much simple on word spelling, usage and grammar, and it is one of the reasons that American English is so popular in the world. The thesis analyzes the differences between American English and British English. With the main part, it deals with the development of American English, its peculiarities compared to that of British English, its causes and tendency. 2. Analyses the Differences As we English learners, when we learning English in our junior or senior school, we already came across some words that have different spellings, different pronunciations or different expressions, which can be represented by following contrasted words: spellings in "color" vs. "colour"; pronunciations in "sec-re-ta-ry" vs. "sec-re-try";
机械专业中英文对照翻译大全.
机械专业英语词汇中英文对照翻译一览表 陶瓷ceramics 合成纤维synthetic fibre 电化学腐蚀electrochemical corrosion 车架automotive chassis 悬架suspension 转向器redirector 变速器speed changer 板料冲压sheet metal parts 孔加工spot facing machining 车间workshop 工程技术人员engineer 气动夹紧pneuma lock 数学模型mathematical model 画法几何descriptive geometry 机械制图Mechanical drawing 投影projection 视图view 剖视图profile chart 标准件standard component 零件图part drawing 装配图assembly drawing
尺寸标注size marking 技术要求technical requirements 刚度rigidity 内力internal force 位移displacement 截面section 疲劳极限fatigue limit 断裂fracture 塑性变形plastic distortion 脆性材料brittleness material 刚度准则rigidity criterion 垫圈washer 垫片spacer 直齿圆柱齿轮straight toothed spur gear 斜齿圆柱齿轮helical-spur gear 直齿锥齿轮straight bevel gear 运动简图kinematic sketch 齿轮齿条pinion and rack 蜗杆蜗轮worm and worm gear 虚约束passive constraint 曲柄crank 摇杆racker
java毕业论文外文文献翻译
Advantages of Managed Code Microsoft intermediate language shares with Java byte code the idea that it is a low-level language witha simple syntax , which can be very quickly translated intonative machine code. Having this well-defined universal syntax for code has significant advantages. Platform independence First, it means that the same file containing byte code instructions can be placed on any platform; atruntime the final stage of compilation can then be easily accomplished so that the code will run on thatparticular platform. In other words, by compiling to IL we obtain platform independence for .NET, inmuch the same way as compiling to Java byte code gives Java platform independence. Performance improvement IL is actually a bit more ambitious than Java bytecode. IL is always Just-In-Time compiled (known as JIT), whereas Java byte code was ofteninterpreted. One of the disadvantages of Java was that, on execution, the process of translating from Javabyte code to native executable resulted in a loss of performance. Instead of compiling the entire application in one go (which could lead to a slow start-up time), the JITcompiler simply compiles each portion of code as it is called (just-in-time). When code has been compiled.once, the resultant native executable is stored until the application exits, so that it does not need to berecompiled the next time that portion of code is run. Microsoft argues that this process is more efficientthan compiling the entire application code at the start, because of the likelihood that large portions of anyapplication code will not actually be executed in any given run. Using the JIT compiler, such code willnever be compiled.
计算机专业英语翻译
国家计算机教育认证 计算机英语 计算机英语词汇对译 蒙阴高新电脑学校 资料整理:孙波 IT CFAC gaoxindiannaoxuexiao
2010年9月1日
?PC personal computer 个人计算机 ?IBM International Business Machine 美国国际商用机器公司的公司简称,是最早推出的个人 计算机品牌。 ?Intel 美国英特尔公司,以生产CPU芯片著称。 ?Pentium Intel公司生产的586 CPU芯片,中文译名为“奔腾”。 ?Address地址 ?Agents代理 ?Analog signals模拟信号 ?Applets程序 ?Asynchronous communications port异步通信端口 ?Attachment附件 ?Access time存取时间 ?access存取 ?accuracy准确性 ?ad network cookies广告网络信息记录软件 ?Add-ons 插件 ?Active-matrix主动矩阵 ?Adapter cards适配卡 ?Advanced application高级应用 ?Analytical graph分析图表 ?Analyze分析 ?Animations动画 ?Application software 应用软件 ?Arithmetic operations算术运算 ?Audio-output device音频输出设备 ?Basic application基础程序 ?Binary coding schemes二进制译码方案 ?Binary system二进制系统 ?Bit比特 ?Browser浏览器 ?Bus line总线 ?Backup tape cartridge units备份磁带盒单元 ?Business-to-consumer企业对消费者 ?Bar code条形码 ?Bar code reader条形码读卡器 ?Bus总线 ?Bandwidth带宽 ?Bluetooth蓝牙 ?Broadband宽带 ?Business-to-business企业对企业电子商务 ?cookies-cutter programs信息记录截取程序 ?cookies信息记录程序