A framework for protecting a SIP-based infrastructure against malformed message attacks
نویسندگان
چکیده
This paper presents a framework that can be utilized for the protection of session initiation protocol (SIP)-based infrastructures from malformed message attacks. Its main characteristic is that it is lightweight and that it can be easily adapted to heterogeneous SIP implementations. The paper analyzes several real-life attacks on VoIP services and proposes a novel detection and protection mechanism that is validated through an experimental test-bed under different test scenarios. Furthermore, it is demonstrated that the employment of such a mechanism for the detection of malformed messages imposes negligible overheads in terms of the overall SIP system performance. 2006 Elsevier B.V. All rights reserved.
منابع مشابه
Detecting Denial of Service Message Flooding Attacks in SIP based Services
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infra...
متن کاملTampering THE SQL code INJECTION attack
− As Internet Telephony and Voice over IP (VoIP) are considered advanced Internet applications/services, they are vulnerable to attacks existing in Internet applications/services. For instance HTTP digest authentication attacks, malformed messages, message tampering with malicious code, SQL injection and more, can be launched against any Internet application/service. In this paper, we describe,...
متن کاملDetecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models
The Session Initiation Protocol (SIP) has been used widely for Voice over IP (VoIP) service because of its potential advantages, economical efficiency and call setup simplicity. However, SIP-based VoIP service basically has two main security issues, malformed SIP message attack and SIP flooding attack. In this paper, we propose a novel mechanism for SIP-based VoIP system utilizing rule matching...
متن کاملREGULAR PAPERS An Approach to Resisting Malformed and Flooding Attacks on SIP Servers Ming-Yang Su and Chen-Han Tsai A Design Algorithm for QoS Network with Flow Delay Control Kairat Jaroenrat Pairwise Co-betweenness for Several Types of Network
As a result of its low costs and high degree of integration with other services, Voice over Internet Protocol (VoIP) has become very widely used, while Session Initiation Protocol (SIP) is one of the most important protocols for providing the VoIP service. Since SIP is an open source code with a simple structure and high expansibility, SIP servers are more vulnerable to attack by SIP messages m...
متن کاملA Method for Disguising Malformed SIP Messages to Evade SIP IDS
Malformed SIP attacks are threatening the security of VoIP system, such as IP Multimedia Subsystem, which uses SIP (Session Initiation Protocol) as its core protocol. Though IDSs (Intrusion Detection System) supporting malformed SIP detection had been produced, it was not clear to what extent they can detect disguised malformed SIP messages. This paper analyzes the condition of SIP IDS evasion ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- Computer Networks
دوره 51 شماره
صفحات -
تاریخ انتشار 2007