Detecting VoIP-specific Denial-of-Service using change-point method

As Voice over IP (VoIP) technology becomes more widely deployed due to its economical advantage over traditional PSTN service, an increasing number of security issues emerged targeting VoIP-specific vulnerabilities. Being a real-time service, VoIP is more susceptible to Denial-of-Service (DoS) attacks than regular internet service. In this paper we proposed a change-point detection method to prevent Denial-of-Service attacks on VoIP systems based on Session Initiation Protocol (SIP) protocol behavior analysis. We develop efficient adaptive sequential change-point method to detect attacks which lead to changes in network traffic. The change-point detection method employs a statistical analysis of data to detect very subtle traffic changes which from SIP protocol behavior. The method is computationally simple and can be implemented online. Our experimental result shows that the method achieves a very small delay, high rate and low false alarm rate of VoIP-specific DoS detection.

[1]  Saurabh Bagchi,et al.  SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-IP environments , 2004, International Conference on Dependable Systems and Networks, 2004.

[2]  Vasilios A. Siris,et al.  Application of anomaly detection algorithms for detecting SYN flooding attacks , 2004, GLOBECOM.

[3]  Costas Lambrinoudakis,et al.  Survey of security vulnerabilities in session initiation protocol , 2006, IEEE Communications Surveys & Tutorials.

[4]  Rudolf B. Blazek,et al.  Detection of intrusions in information systems by sequential change-point methods , 2005 .

[5]  Dipak Ghosal,et al.  Secure IP Telephony using Multi-layered Protection , 2003, NDSS.

[6]  Radu State,et al.  Intrusion detection mechanisms for VoIP applications , 2006, ArXiv.

[7]  Sushil Jajodia,et al.  Fast Detection of Denial-of-Service Attacks on IP Telephony , 2006, 200614th IEEE International Workshop on Quality of Service.

[8]  Mark Collier,et al.  Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions , 2006 .

[9]  Sushil Jajodia,et al.  VoIP Intrusion Detection Through Interacting Protocol State Machines , 2006, International Conference on Dependable Systems and Networks (DSN'06).

[10]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[11]  Michèle Basseville,et al.  Detection of Abrupt Changes: Theory and Applications. , 1995 .

[12]  Guiping Su,et al.  Intrusion detection system for signal based SIP attacks through timed HCPN , 2007, The Second International Conference on Availability, Reliability and Security (ARES'07).

[13]  Yacine Bouzida,et al.  A Framework for Detecting Anomalies in VoIP Networks , 2008, 2008 Third International Conference on Availability, Reliability and Security.

[14]  Michèle Basseville,et al.  Detection of abrupt changes: theory and application , 1993 .

[15]  Yacine Rebahi,et al.  Change-Point Detection for Voice over IP Denial of Service Attacks , 2011 .

[16]  Sushil Jajodia,et al.  Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.