CERIAS Tech Report 2006-17 SPACEDIVE: A DISTRIBUTED INTRUSION DETECTION SYSTEM FOR VOICE-OVER-IP ENVIRONMENTS
نویسندگان
چکیده
Voice over IP (VoIP) systems are gaining in popularity as the technology for transmitting voice traffic over IP networks. As the popularity of VoIP systems increases, they are being subjected to different kinds of intrusions some of which are specific to such systems and some which follow a general pattern of IP attacks. VoIP systems pose several new challenges to Intrusion Detection System (IDS) designers. First, these systems employ multiple protocols for call management (e.g., SIP) and data delivery (e.g., RTP). Second, the systems are distributed in nature and employ distributed clients, servers and proxies. Third, the attacks to such systems span a large class, from denial of service to billing fraud attacks. Finally, the systems are heterogeneous, have soft real time requirements, and are typically under several different administrative domains. In this paper, we propose the design of an intrusion detection system targeted to VoIP systems, called SPACEDIVE. SPACEDIVE is structured to detect different classes of intrusions, including, masquerading, denial of service, and media stream-based attacks. It can be installed at multiple points – clients, servers, or proxies, and can operate with both classes of protocols that compose VoIP systems – call management protocols, e.g., the Session Initiation Protocol (SIP), and media delivery protocols, e.g., the Real Time Transport Protocol (RTP). SPACEDIVE proposes the abstraction of correlation based IDS and provides a rule language to express correlated rules. The correlation may be of information gathered from peer entities or entities at different levels. SPACEDIVE is demonstrated on a sample VoIP system that comprises SIP clients and SIP servers spread over two domains. Several attack scenarios are created and the accuracy and the efficiency of the system evaluated with rules meant to catch these attacks. 1 Introduction Voice over IP (VoIP) systems are gaining in popularity as the technology for transmitting voice traffic over IP networks. Along with the anticipated widespread adoption of VoIP systems comes the possibility of security attacks targeted against such systems. VoIP systems use a multitude of protocols, primarily control protocols for signaling, establishing calls, negotiating call parameters, and monitoring health of the ongoing call and data protocols for carrying the voice data over the IP network. The attacks can be thought of as a combination of traditional kinds of security attacks against IP networks and novel attacks enabled by the architecture of VoIP systems. Let us first identify the key features of VoIP systems and …
منابع مشابه
A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments
متن کامل
Evaluation of an Intrusion Detection System for Routing Attacks in Wireless Self-organised Networks
Wireless Sensor Networks (WSNs) arebecoming increasingly popular, and very useful in militaryapplications and environmental monitoring. However,security is a major challenge for WSNs because they areusually setup in unprotected environments. Our goal in thisstudy is to simulate an Intrusion Detection System (IDS)that monitors the WSN and report intrusions accurately andeffectively. We have thus...
متن کاملCERIAS Tech Report 2013-6 Secure Configuration of Intrusion Detection Sensors for Dynamic Enterprise-Class Distributed Systems by Gaspar Modelo-Howard Center for Education and Research Information Assurance and Security
Modelo-Howard, Gaspar Ph.D., Purdue University, May 2013. Secure Configuration of Intrusion Detection Sensors for Dynamic Enterprise-Class Distributed Systems. Major Professor: Saurabh Bagchi. To secure todays computer systems, it is critical to have different intrusion de tection sensors embedded in them. The complexity of distributed computer systems makes it difficult to determine the appro...
متن کاملCERIAS Tech Report 2003-32 ADEPTS: ADAPTIVE INTRUSION CONTAINMENT AND RESPONSE USING ATTACK GRAPHS IN AN E-COMMERCE ENVIRONMENT
Distributed e-commerce systems are suitable targets for malicious attacks because of the potential financial impact. Intrusion detection in such systems has been an active area of research. Once an intrusion is detected, it is important to contain the effect of the intrusion to some parts of the system while allowing the other parts to continue to provide service. It is also important to take p...
متن کاملIntrusion detection using autonomous agents
AAFID is a distributed intrusion detection architecture and system, developed in CERIAS at Purdue University. AAFID was the ®rst architecture that proposed the use of autonomous agents for doing intrusion detection. With its prototype implementation, it constitutes a useful framework for the research and testing of intrusion detection algorithms and mechanisms. We describe the AAFID architectur...
متن کامل