Global VoIP security threats - large scale validation based on independent honeynets

Voice over IP (VoIP) gains more and more attractiveness by large companies as well as private users. Therefore, the risk increases that VoIP systems get attacked by hackers. In order to effectively protect VoIP users from misuse, researchers use, e.g., honeynets to capture and analyze VoIP attacks occurring in the Internet. Global VoIP security threats are analyzed by studying several millions of real-world attacks collected in independent VoIP honeynet solutions with different capture mechanisms over a long period of time. Due to the validation of results from several honeynet designs we have achieved a unique, much broader view on large scale attacks. The results show similar attacker behavior, confirm previous assumptions about attacks and present new insights in large scale VoIP attacks, e.g., for toll fraud.

[1]  Honeypots,et al.  Honeypots Definitions and Value of Honeypots , .

[2]  Zhi-Li Zhang,et al.  SIP-based VoIP traffic behavior profiling and its applications , 2007, MineNet '07.

[3]  Thomas Grechenig,et al.  Voice calls for free: How the black market establishes free phone calls — Trapped and uncovered by a VoIP honeynet , 2013, 2013 Eleventh Annual Conference on Privacy, Security and Trust.

[4]  Lance Spitzner,et al.  The Honeynet Project: Trapping the Hackers , 2003, IEEE Secur. Priv..

[5]  Lawrence C. Stewart,et al.  HTTP Authentication: Basic and Digest Access Authentication , 1999 .

[6]  A Dainotti,et al.  Analysis of a “/0” Stealth Scan From a Botnet , 2012, IEEE/ACM Transactions on Networking.

[7]  Erwin P. Rathgeb,et al.  Improved detection and correlation of multi-stage VoIP attack patterns by using a Dynamic Honeynet System , 2013, 2013 IEEE International Conference on Communications (ICC).

[8]  Iyatiti Mokube,et al.  Honeypots: concepts, approaches, and challenges , 2007, ACM-SE 45.

[9]  Erwin P. Rathgeb,et al.  SIP Trace Recorder: Monitor and analysis tool for threats in SIP-based networks , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).

[10]  Olivier Festor,et al.  Artemisa: An open-source honeypot back-end to support security in VoIP domains , 2011, 12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops.

[11]  Thomas Grechenig,et al.  Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach , 2013, NSS.

[12]  Adnan Aziz,et al.  A distributed infrastructure to analyse SIP attacks in the Internet , 2014, 2014 IFIP Networking Conference.

[13]  Radu State,et al.  Holistic VoIP intrusion detection and prevention system , 2007, IPTComm '07.

[14]  Henning Schulzrinne,et al.  RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[15]  Thomas Grechenig,et al.  Trapping and analyzing malicious VoIP traffic using a honeynet approach , 2011, 2011 International Conference for Internet Technology and Secured Transactions.

[16]  Christopher Krügel,et al.  Detecting System Emulators , 2007, ISC.

[17]  Erwin P. Rathgeb,et al.  Analysis of SIP-Based Threats Using a VoIP Honeynet System , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[18]  Thomas Grechenig,et al.  Security Status of VoIP Based on the Observation of Real-World Attacks on a Honeynet , 2011, 2011 IEEE Third Int'l Conference on Privacy, Security, Risk and Trust and 2011 IEEE Third Int'l Conference on Social Computing.

[19]  Pavol Partila,et al.  Automatic analysis of attack data from distributed honeypot network , 2013, Defense, Security, and Sensing.

[20]  Radu State,et al.  VoIP Honeypot Architecture , 2007, 2007 10th IFIP/IEEE International Symposium on Integrated Network Management.

[21]  Craig Valli An Analysis of Malfeasant Activity Directed at a VoIP Honeypot , 2010 .