An Approach to Resisting Malformed and Flooding Attacks on SIP Servers

As a result of its low costs and high degree of integration with other services, Voice over Internet Protocol (VoIP) has become very widely used, while Session Initiation Protocol (SIP) is one of the most important protocols for providing the VoIP service. Since SIP is an open source code with a simple structure and high expansibility, SIP servers are more vulnerable to attack by SIP messages malformed in order to stunt the server, or by a flood of SIP messages causing server congestion or shutdown. The system proposed in this paper therefore has two functions; one is to filter malformed messages that conflict with the SIP protocol, and the other is to determine whether an SIP server is under flooding attack. This study used the Chisquare test, usually applied in statistics, to identify flooding attacks. The proposed system can automatically modify an SIP server’s blacklist to deter an attacker’s subsequent