Voice over IP (VoIP) has been in a state of rapid development due to its economical advantage over traditional telephone services. Denial of service (DoS) attack has been a major security threat for many computer systems. This work introduces a specification-based intrusion detection system to protect H.323 gatekeepers from both external and internal DoS attacks. Based on the protocol for RAS (Registration, Admission Status) messages, a finite-state machine specification for correct behaviors between a gatekeeper and endpoints is produced. Security requirements against these DoS attacks are established, resulting in a formal protocol specification for secured gatekeepers. Developing the proposal into a practical solution, an intrusion detection module is built and incorporated into the open source software GNU Gatekeeper (also named OpenH323GK). A simple, proof-of-concept prototype has been built; the secured H. 323 gateway is able to fend off DoS attacks launched from GNU OpenPhone clients
[1]
Mark Handley,et al.
SIP: Session Initiation Protocol
,
1999,
RFC.
[2]
Saurabh Bagchi,et al.
SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments
,
2004,
International Conference on Dependable Systems and Networks, 2004.
[3]
Son T. Vuong,et al.
BLAZE: A Mobile Agent Paradigm for VoIP Intrusion Detection Systems
,
2004,
ICETE.
[4]
Melody Moh,et al.
On mobile Internet telephony: mobility support of Signal Initiation Protocol (SIP)
,
2000
.
[5]
Danilo Bruschi,et al.
Voice over IPsec: analysis and solutions
,
2002,
18th Annual Computer Security Applications Conference, 2002. Proceedings..