论文信息 - Intrusion detection in voice over IP environments

Intrusion detection in voice over IP environments

In this article, we present the design of an intrusion detection system for voice over IP (VoIP) networks. The first part of our work consists of a simple single- component intrusion detection system called Scidive. In the second part, we extend the design of Scidive and build a distributed and correlation-based intrusion detection system called SpaceDive. We create several attack scenarios and evaluate the accuracy and efficiency of the system in the face of these attacks. To the best of our knowledge, this is the first comprehensive look at the problem of intrusion detection in VoIP systems. It includes treatment of the challenges faced due to the distributed nature of the system, the nature of the VoIP traffic, and the specific kinds of attacks at such systems.

[1] Henning Schulzrinne,et al. RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[2] Christian Huitema,et al. Megaco Protocol Version 1.0 , 2000, RFC.

[3] Flemming Andreasen,et al. Media Gateway Control Protocol (MGCP) Version 1.0 , 2003, RFC.

[4] Mark Handley,et al. SIP: Session Initiation Protocol , 1999, RFC.

[5] Jörg Ott,et al. ITU-T Standardization Activities for Interactive Multimedia Communications on Packet-Based Networks: H.323 and Related Recommendations , 1999, Comput. Networks.

[6] Giovanni Vigna,et al. A stateful intrusion detection system for World-Wide Web servers , 2003, 19th Annual Computer Security Applications Conference, 2003. Proceedings..

[7] Mats Näslund,et al. The Secure Real-time Transport Protocol (SRTP) , 2004, RFC.

[8] Christian Huitema,et al. Media Gateway Control Protocol (MGCP) Version 1.0 , 1999, RFC.