Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic

Security issues like service misuse and fraud are emerging problems of SIP-based networks. To devise effective countermeasures it is important to know how these attacks are launched in reality. Multi-stage attacks to commit Toll Fraud are already known in principle. We have identified different variations in these attack patterns by analyzing over 25 GByte of SIP attack traffic collected in our SIP Honeynet over a period of three years i.e., from December 2009 to November 2012. Based on this analysis, we have developed a Generic Attack Replay tool (GART) which allows replaying samples of the major attack variants in arbitrary network setups. This tool can be used for evaluation of detection and mitigation components where realistic and reproducible attack traffic is needed. The tool described here and the sample database will be made available to interested groups.

[1]  Sven Ehlert,et al.  Denial-of-service detection and mitigation for SIP communication networks , 2009 .

[2]  Radu State,et al.  Holistic VoIP intrusion detection and prevention system , 2007, IPTComm '07.

[3]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[4]  Erwin P. Rathgeb,et al.  SIP Trace Recorder: Monitor and analysis tool for threats in SIP-based networks , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[5]  Craig Valli An Analysis of Malfeasant Activity Directed at a VoIP Honeypot , 2010 .

[6]  Erwin P. Rathgeb,et al.  Analysis of SIP-Based Threats Using a VoIP Honeynet System , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[7]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.