SIP Intrusion Detection and Response Architecture for Protecting SIP-based Services
نویسندگان
چکیده
After 3GPP had selected SIP as the signaling protocol for IMS, it is expected that SIP plays an important role in IP multimedia services. But, since SIP-based services are offered over the internet, there are security threats inherited from the internet environment. There are also new security threats because new techniques have been introduced to deliver multimedia traffic over the internet. In this paper, we propose the SIP intrusion detection and response architecture for protecting SIP-based services. The proposed architecture consists of detection of SIP-based attacks, detection of SIP traffic anomaly, and management of SIP-aware security devices. This is helpful to counter newly introduced SIP-based attacks without degradation of multimedia quality. Key-Words: SIP, VoIP, Internet telephony, IMS, Intrusion detection and response, Traffic anomaly detection, Security event correlation
منابع مشابه
Detecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملAn ontology description for SIP security flaws
Voice over IP (VoIP) services based on the Session Initiation Protocol (SIP) gain ground as compared to other protocols like MGCP or H.323. However, the open SIP architecture constitutes the provided services vulnerable to various attacks, similar to those currently existing in Internet. The lack of a formal way to describe VoIP vulnerabilities hinders the development of tools that could be uti...
متن کاملDetecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based inf...
متن کاملA Method for Disguising Malformed SIP Messages to Evade SIP IDS
Malformed SIP attacks are threatening the security of VoIP system, such as IP Multimedia Subsystem, which uses SIP (Session Initiation Protocol) as its core protocol. Though IDSs (Intrusion Detection System) supporting malformed SIP detection had been produced, it was not clear to what extent they can detect disguised malformed SIP messages. This paper analyzes the condition of SIP IDS evasion ...
متن کاملA lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment
The advent of Voice over IP (VoIP) has offered numerous advantages but, at the same time, it has introduced security threats not previously encountered in networks with a closed architecture like the Public Switch Telephone Networks (PSTN). One of these threats is that of signaling attacks. This paper examines the signaling attacks in VoIP environments based on the Session Initiation Protocol (...
متن کامل