A SIP delayed based mechanism for detecting VOIP flooding attacks

SIP is amongst the most popular Voice over IP signaling protocols. Its deployment in live scenarios showed its vulnerability to flooding attacks. In this paper, we present a SIP flooding attack detection mechanism that dynamically detects SIP flooding attacks and correlates in real time the temporal characteristics of SIP reliable mechanism and the number of received INVITE requests. Experimental results show that the proposed mechanism is able to detect SIP flooding rapidly and does not suffer from false alarms. When compared to other similar approaches in literature, the proposed approach outperformed the other approaches in terms of detections speed and accuracy.

[1]  E.Y. Chen,et al.  Detecting DoS attacks on SIP systems , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[2]  J. Rosenberg,et al.  Session Initiation Protocol , 2002 .

[3]  Kôki Abe,et al.  A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation , 2008, IEICE Trans. Commun..

[4]  Yu Cheng,et al.  Intrusion Detection for IP-Based Multimedia Communications over Wireless Networks , 2013, SpringerBriefs in Computer Science.

[5]  Angelos D. Keromytis,et al.  A Survey of Voice over IP Security Research , 2009, ICISS.

[6]  Heejo Lee,et al.  Detecting More SIP Attacks on VoIP Services by Combining Rule Matching and State Transition Models , 2008, SEC.

[7]  Esraa Alomari,et al.  Botnet-based Distributed Denial of Service (DDoS) Attacks on Web Servers: Classification and Art , 2012, ArXiv.

[8]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[9]  Eric Y. Chen,et al.  A whitelist approach to protect SIP servers from flooding attacks , 2010, 2010 IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR 2010).

[10]  S. Ehlert,et al.  Specification-Based Denial-of-Service Detection for SIP Voice-over-IP Networks , 2008, 2008 The Third International Conference on Internet Monitoring and Protection.

[11]  Sherali Zeadally,et al.  Using Cloud Computing to Implement a Security Overlay Network , 2013, IEEE Security & Privacy.

[12]  Giovanni Vigna,et al.  NetSTAT: a network-based intrusion detection approach , 1998, Proceedings 14th Annual Computer Security Applications Conference (Cat. No.98EX217).

[13]  Nikos Vrakas,et al.  Utilizing bloom filters for detecting flooding attacks against SIP based services , 2009, Comput. Secur..

[14]  Haïdar Safa,et al.  End to End Mechanism to Protect Sip from Signaling Attacks , 2014, 2014 6th International Conference on New Technologies, Mobility and Security (NTMS).

[15]  Heejo Lee,et al.  SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree , 2013, Comput. Commun..

[16]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[17]  Da Yu,et al.  Detecting SIP flooding attacks on IP Multimedia Subsystem (IMS) , 2012, 2012 International Conference on Computing, Networking and Communications (ICNC).

[18]  Yu Cheng,et al.  SIP Flooding Attack Detection , 2013 .

[19]  Abbas Hijazi,et al.  A TCP delay-based mechanism for detecting congestion in the Internet , 2013, 2013 Third International Conference on Communications and Information Technology (ICCIT).

[20]  Ju Wan Kim,et al.  A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks , 2013, Comput. Secur..

[21]  Yu Cheng,et al.  Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks , 2011, 2011 IEEE International Conference on Communications (ICC).

[22]  Youssef Iraqi,et al.  Mitigation of DHCP starvation attack , 2012, Computers & electrical engineering.

[23]  Muhammad Sher,et al.  Detecting flooding attacks against IP Multimedia Subsystem (IMS) networks , 2008, 2008 IEEE/ACS International Conference on Computer Systems and Applications.