Detecting Denial of Service Message Flooding Attacks in SIP based Services
Authors
Abstract:
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol (SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final extracted results to select the working point of our system (set related thresholds).
similar resources
detecting denial of service message flooding attacks in sip based services
increasing the popularity of sip based services (voip, iptv, ims infrastructure) lead to concerns about its security. the main signaling protocol of next generation networks and voip systems is session initiation protocol (sip). inherent vulnerabilities of sip, misconfiguration of its related components and also its implementation deficiencies cause some security concerns in sip based infra...
full textUtilizing bloom filters for detecting flooding attacks against SIP based services
Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks...
full textDetecting Denial of Service Attacks in Tor
Tor is currently one of the more popular systems for anonymizing near real-time communications on the Internet. Recently, Borisov et al. proposed a denial of service based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this paper, we propose an algorithm for detecting such attacks and examine the effectiveness of the o...
full textDenial of Service on SIP VoIP Infrastructures Using DNS Flooding
A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this thesis we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS cache solution based on the usage ...
full textDetecting Flood-based Denial-of-Service Attacks with SNMP/RMON
We present our work in detecting DoS attacks through the polling of Remote Monitoring (RMON) capable devices. Rather than the introduction of special purpose hardware, our detection capability relies upon RMON capabilities present in existing infrastructure network devices, such as switches and routers. RMON is a special purpose Management Information Base (MIB) designed for the SNMP (Simple Ne...
full textMy Resources
Journal title
volume 44 issue 1
pages 75- 85
publication date 2012-04-01
By following a journal you will be notified via email when a new issue of this journal is published.
Hosted on Doprax cloud platform doprax.com
copyright © 2015-2023