Detecting Denial of Service Message Flooding Attacks in SIP based Services

Authors

  • Ahmad Akbari Ahmad Akbari is an associate professor in the computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: [email protected])
  • Hassan Asgharian Corresponding Author, Hassan Asgharian is PhD student in computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: [email protected])
Abstract:

Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target ‎directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined ‎anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine ‎concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP ‎based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection ‎system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more ‎comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and ‎anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final ‎extracted results to select the working point of our system (set related thresholds). ‎  

Upgrade to premium to download articles

Sign up to access the full text

Already have an account?login

similar resources

detecting denial of service message flooding attacks in sip based services

increasing the popularity of sip based services (voip, iptv, ims infrastructure) lead to concerns about its ‎security. the main signaling protocol of next generation networks and voip systems is session initiation protocol ‎‎(sip). inherent vulnerabilities of sip, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in sip based infra...

full text

Utilizing bloom filters for detecting flooding attacks against SIP based services

Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks...

full text

Detecting Denial of Service Attacks in Tor

Tor is currently one of the more popular systems for anonymizing near real-time communications on the Internet. Recently, Borisov et al. proposed a denial of service based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this paper, we propose an algorithm for detecting such attacks and examine the effectiveness of the o...

full text

Denial of Service on SIP VoIP Infrastructures Using DNS Flooding

A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this thesis we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS cache solution based on the usage ...

full text

Detecting Flood-based Denial-of-Service Attacks with SNMP/RMON

We present our work in detecting DoS attacks through the polling of Remote Monitoring (RMON) capable devices. Rather than the introduction of special purpose hardware, our detection capability relies upon RMON capabilities present in existing infrastructure network devices, such as switches and routers. RMON is a special purpose Management Information Base (MIB) designed for the SNMP (Simple Ne...

full text

My Resources

Save resource for easier access later

Save to my library Already added to my library

{@ msg_add @}


Journal title

volume 44  issue 1

pages  75- 85

publication date 2012-04-01

By following a journal you will be notified via email when a new issue of this journal is published.

Hosted on Doprax cloud platform doprax.com

copyright © 2015-2023