Detecting Denial of Service Message Flooding Attacks in SIP based Services

نویسندگان

  • Ahmad Akbari Ahmad Akbari is an associate professor in the computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: [email protected])
  • Hassan Asgharian Corresponding Author, Hassan Asgharian is PhD student in computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: [email protected])
چکیده مقاله:

Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target ‎directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined ‎anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine ‎concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP ‎based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection ‎system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more ‎comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and ‎anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final ‎extracted results to select the working point of our system (set related thresholds). ‎  

برای دانلود باید عضویت طلایی داشته باشید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

detecting denial of service message flooding attacks in sip based services

increasing the popularity of sip based services (voip, iptv, ims infrastructure) lead to concerns about its ‎security. the main signaling protocol of next generation networks and voip systems is session initiation protocol ‎‎(sip). inherent vulnerabilities of sip, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in sip based infra...

متن کامل

Utilizing bloom filters for detecting flooding attacks against SIP based services

Any application or service utilizing the Internet is exposed to both general Internet attacks and other specific ones. Most of the times the latter are exploiting a vulnerability or misconfiguration in the provided service and/or in the utilized protocol itself. Consequently, the employment of critical services, like Voice over IP (VoIP) services, over the Internet is vulnerable to such attacks...

متن کامل

Detecting Denial of Service Attacks in Tor

Tor is currently one of the more popular systems for anonymizing near real-time communications on the Internet. Recently, Borisov et al. proposed a denial of service based attack on Tor (and related systems) that significantly increases the probability of compromising the anonymity provided. In this paper, we propose an algorithm for detecting such attacks and examine the effectiveness of the o...

متن کامل

Denial of Service on SIP VoIP Infrastructures Using DNS Flooding

A simple yet effective Denial of Service (DoS) attack on SIP servers is to flood the server with requests addressed at irresolvable domain names. In this thesis we evaluate different possibilities to mitigate these effects and show that over-provisioning is not sufficient to handle such attacks. As a more effective approach we present a solution called the DNS cache solution based on the usage ...

متن کامل

Detecting Flood-based Denial-of-Service Attacks with SNMP/RMON

We present our work in detecting DoS attacks through the polling of Remote Monitoring (RMON) capable devices. Rather than the introduction of special purpose hardware, our detection capability relies upon RMON capabilities present in existing infrastructure network devices, such as switches and routers. RMON is a special purpose Management Information Base (MIB) designed for the SNMP (Simple Ne...

متن کامل

منابع من

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}


عنوان ژورنال

دوره 44  شماره 1

صفحات  75- 85

تاریخ انتشار 2012-04-01

با دنبال کردن یک ژورنال هنگامی که شماره جدید این ژورنال منتشر می شود به شما از طریق ایمیل اطلاع داده می شود.

میزبانی شده توسط پلتفرم ابری doprax.com

copyright © 2015-2023