Detect SIP Flooding Attacks in VoLTE by Utilizing and Compressing Counting Bloom Filter

As a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which is quite open to the public. Though designed rigorously, similar to VoIP service, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. In this paper, two schemes inspired by Counting Bloom Filter (CBF) are proposed to thwart these attacks. In scheme I, we leverage CBF to accomplish flooding attack detection. In scheme II, we design a versatile CBF-like structure, PFilter, to achieve the same goal. Compared with previous relevant works, our detection schemes gain advantages in many aspects including low-rate flooding attack and stealthy flooding attack. Moreover, not only can our schemes detect the attacks with high accuracy, but also find out the attacker to ensure normal operation of VoLTE. Extensive experiments are performed to well evaluate the performance of the proposed two schemes.

[1]  Nikos Vrakas,et al.  Performance Evaluation of a Flooding Detection Mechanism for VoIP Networks , 2009, 2009 16th International Conference on Systems, Signals and Image Processing.

[2]  Yu Cheng,et al.  Detection and prevention of SIP flooding attacks in voice over IP networks , 2012, 2012 Proceedings IEEE INFOCOM.

[3]  Byeong-Hee Roh,et al.  Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages , 2009, KSII Trans. Internet Inf. Syst..

[4]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[5]  Syed Abdul Sattar,et al.  Leveraging the SIP load balancer to detect and mitigate DDos attacks , 2015, 2015 International Conference on Green Computing and Internet of Things (ICGCIoT).

[6]  Andrzej Czyzewski,et al.  Multimedia Communications, Services and Security , 2014, Communications in Computer and Information Science.

[7]  Li Fan,et al.  Summary cache: a scalable wide-area web cache sharing protocol , 2000, TNET.

[8]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[9]  Wenjuan Li,et al.  EFM: Enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism , 2014, Comput. Secur..

[10]  Yu Cheng,et al.  Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[11]  Yu Cheng,et al.  SIP Flooding Attack Detection with a Multi-Dimensional Sketch Design , 2014, IEEE Transactions on Dependable and Secure Computing.

[12]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[13]  Miroslav Voznák,et al.  Creating Covert Channel Using SIP , 2014, MCSS.

[14]  Neminath Hubballi,et al.  VoIPFD: Voice over IP flooding detection , 2016, 2016 Twenty Second National Conference on Communication (NCC).

[15]  Xinbing Wang,et al.  Insecurity of Voice Solution VoLTE in LTE Mobile Networks , 2015, CCS.

[16]  Ju Wan Kim,et al.  A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks , 2013, Comput. Secur..

[17]  Yongdae Kim,et al.  Breaking and Fixing VoLTE: Exploiting Hidden Data Channels and Mis-implementations , 2015, CCS.