SIP (Session Initiation Protocol) is a signaling protocol to provide IP-based VoIP (Voice over IP) service. However, many security vulnerabilities exist as the SIP protocol utilizes the existing IP based network. The SIP Malformed message attacks may cause malfunction on VoIP services by changing the transmitted SIP header information. Additionally, there are several threats such that an attacker can extract personal information on SIP client system by inserting malicious code into SIP header. Therefore, the alternative measures should be required. In this study, we analyzed the existing research on the SIP anomaly message detection mechanism against SIP attack. And then, we proposed a Co-occurrence based SIP packet analysis mechanism, which has been used on language processing techniques. We proposed a association rule generation and an attack detection technique by using the actual SIP session state. Experimental results showed that the average detection rate was 87% on SIP attacks in case of using the proposed technique.
[1]
황희융,et al.
SIP 프록시 서버의 부하 최소화를 위한 분산 처리
,
2008
.
[2]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[3]
Tae-Wook Kim,et al.
A Study on the E-Document Encrypted using the Effective key Management Method
,
2009
.
[4]
Seung-Soo Shin,et al.
Remote System User Authentication Scheme using Smartcards
,
2009
.
[5]
김태섭,et al.
홈네트워크 환경을 위한 동적 패스워드 기반 사용자 인증 프로토콜
,
2010
.
[6]
Costas Lambrinoudakis,et al.
A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment
,
2007,
Telecommun. Syst..
[7]
Shih-Kun Huang,et al.
Web application security assessment by fault injection and behavior monitoring
,
2003,
WWW '03.