Two layer Denial of Service prevention on SIP VoIP infrastructures

0140-3664/$ see front matter 2008 Elsevier B.V. A doi:10.1016/j.comcom.2008.03.016 * Corresponding author. Tel.: +49 30 3463 7378; fa E-mail addresses: [email protected] fraunhofer.de (G. Zhang), [email protected] (D. Gen (G. Kambourakis), [email protected] (T. Dagiuklas), jiri. [email protected] (D. Sisalem). The emergence of Voice over IP (VoIP) has offered numerous advantages for end users and providers alike, but simultaneously has introduced security threats, vulnerabilities and attacks not previously encountered in networks with a closed architecture like the Public Switch Telephone Network (PSTN). In this paper we propose a two layer architecture to prevent Denial of Service attacks on VoIP systems based on the Session Initiation Protocol (SIP). The architecture is designed to handle different types of attacks, including request flooding, malformed message sending, and attacks on the underlying DNS system. The effectiveness of the prevention mechanisms have been tested both in the laboratory and on a real live VoIP provider network. 2008 Elsevier B.V. All rights reserved.