Intrusion detection system for signal based SIP attacks through timed HCPN

As session initiation protocol is becoming widely used for the current IP telephony services due to its simplicity and powerful functions, vulnerabilities it exposes make it susceptible to various attacks especially signal based SIP-specific attacks. Based on the security issues of SIP, in this paper, we propose the design of an intrusion detection system combined with misuse and anomaly detection for these threats by a feedback mechanism. A timed HCPN model is utilized and suited to drive and simulate the IDS for SIP with four machines. Also some detection solutions for specific attacks are provided like two recall methods for CANCEL attack and so on

[1]  Alfonso Valdes,et al.  Live Traffic Analysis of TCP/IP Gateways , 1998, NDSS.

[2]  Saurabh Bagchi,et al.  SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[3]  Martin Roesch,et al.  Snort - Lightweight Intrusion Detection for Networks , 1999 .

[4]  Jelena Mirkovic,et al.  Attacking DDoS at the source , 2002, 10th IEEE International Conference on Network Protocols, 2002. Proceedings..

[5]  MengChu Zhou,et al.  Fuzzy intrusion detection based on fuzzy reasoning Petri nets , 2003, SMC'03 Conference Proceedings. 2003 IEEE International Conference on Systems, Man and Cybernetics. Conference Theme - System Security and Assurance (Cat. No.03CH37483).

[6]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[7]  Wang Jian-xin An Anomaly & Signature-based Intrusion Detection System Model , 2004 .

[8]  Hongjoong Kim,et al.  A novel approach to detection of intrusions in computer networks via adaptive sequential and batch-sequential change-point detection methods , 2006, IEEE Transactions on Signal Processing.

[9]  T. Dagiuklas,et al.  SIP Security Mechanisms : A state-ofthe-art review , 2005 .

[10]  Jianying Zhou,et al.  Theoretical basis for intrusion detection , 2005, Proceedings from the Sixth Annual IEEE SMC Information Assurance Workshop.

[11]  Salvatore J. Stolfo,et al.  Using artificial anomalies to detect unknown and known network intrusions , 2001, Proceedings 2001 IEEE International Conference on Data Mining.

[12]  Koral Ilgun,et al.  USTAT: a real-time intrusion detection system for UNIX , 1993, Proceedings 1993 IEEE Computer Society Symposium on Research in Security and Privacy.

[13]  R. Sekar,et al.  Specification-based anomaly detection: a new approach for detecting network intrusions , 2002, CCS '02.

[14]  Richard Sharp,et al.  Abstracting application-level web security , 2002, WWW.

[15]  Luca Veltri,et al.  SIP security issues: the SIP authentication procedure and its processing load , 2002 .

[16]  Eugene H. Spafford,et al.  A PATTERN MATCHING MODEL FOR MISUSE INTRUSION DETECTION , 1994 .

[17]  Kurt Jensen,et al.  Coloured Petri Nets , 1997, Monographs in Theoretical Computer Science An EATCS Series.

[18]  Ian T. Cameron,et al.  Hierarchical CPN model-based diagnosis using HAZOP knowledge , 2003 .

[19]  Mark Handley,et al.  SIP: Session Initiation Protocol , 1999, RFC.

[20]  Vasant Honavar,et al.  Towards the automatic generation of mobile agents for distributed intrusion detection system , 2006, J. Syst. Softw..

[21]  Deborah A. Frincke,et al.  Planning, Petri Nets, and Intrusion Detection , 1998 .

[22]  Valery A. Nepomniaschy,et al.  Verification of distributed systems modelled by high-level Petri nets , 2002, Proceedings. International Conference on Parallel Computing in Electrical Engineering.