Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

As a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme. key words: SIP flooding attack, PFilter, count, filter

[1]  Muhammad Sher,et al.  Detecting flooding attacks against IP Multimedia Subsystem (IMS) networks , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.

[2]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[3]  Wenjuan Li,et al.  EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism , 2014, Comput. Secur..

[4]  Songwu Lu,et al.  How voice call technology poses security threats in 4G LTE networks , 2015, 2015 IEEE Conference on Communications and Network Security (CNS).

[5]  Xinbing Wang,et al.  Insecurity of Voice Solution VoLTE in LTE Mobile Networks , 2015, CCS.

[6]  Byeong-Hee Roh,et al.  Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages , 2009, KSII Trans. Internet Inf. Syst..

[7]  Syed Abdul Sattar,et al.  Leveraging the SIP load balancer to detect and mitigate DDos attacks , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[8]  Soufiene Djahel,et al.  A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP) , 2015, Secur. Commun. Networks.

[9]  Yongdae Kim,et al.  Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations , 2015, CCS.

[10]  Abhishek Kumar,et al.  A Novel Approach for Evaluating and Detecting Low Rate SIP Flooding Attack , 2011 .

[11]  Jun Li,et al.  On the state of IP spoofing defense , 2009, TOIT.

[12]  Ju Wan Kim,et al.  A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks , 2013, Comput. Secur..

[13]  Miroslav Voznák,et al.  Creating Covert Channel Using SIP , 2014, MCSS.

[14]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[15]  Neminath Hubballi,et al.  VoIPFD: Voice over IP flooding detection , 2016, 2016 Twenty Second National Conference on Communication (NCC).

[16]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[17]  Nikos Vrakas,et al.  Performance Evaluation of a Flooding Detection Mechanism for VoIP Networks , 2009, 2009 16th International Conference on Systems, Signals and Image Processing.

[18]  Yu Cheng,et al.  Detection and prevention of SIP flooding attacks in voice over IP networks , 2012, 2012 Proceedings IEEE INFOCOM.

[19]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[20]  Yu Cheng,et al.  Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[21]  Yu Cheng,et al.  SIP Flooding Attack Detection with a Multi-Dimensional Sketch Design , 2014, IEEE Transactions on Dependable and Secure Computing.