Holistic VoIP intrusion detection and prevention system

Authors:
Mohamed Nassar;Saverio Niccolini;Radu State;Thilo Ewald
Affiliations:
LORIA - INRIA Lorraine, Villers-Lès-Nancy, France;NEC Europe Ltd., Kurfuersten-Anlage, Heidelberg, Germany;LORIA - INRIA Lorraine, Villers-Lès-Nancy, France;NEC Europe Ltd., Kurfuersten-Anlage, Heidelberg, Germany
Venue:
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Year:
2007

Citing 3
Cited 6

Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Refereed Papers: Real-time Log File Analysis Using the Simple Event Correlator (SEC)

LISA '04 Proceedings of the 18th USENIX conference on System administration

A Self-learning System for Detection of Anomalous SIP Messages

Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks

International Journal of Security and Networks
Using game theory to configure P2P SIP

Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
Design and Implementation of SIP-aware Security Management System

Information Security Applications
VoIP malware: attack tool & attack scenarios

ICC'09 Proceedings of the 2009 IEEE international conference on Communications
Analysis of token and ticket based mechanisms for current VoIP security issues and enhancement proposal

CMS'10 Proceedings of the 11th IFIP TC 6/TC 11 international conference on Communications and Multimedia Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

VoIP security is crucial for current and future networks and services. The rapid shift from a closed and confined telephony towards an all IP network supporting end to end VoIP services provides major challenges to the security plane. Faced with multiple attack vectors, new and comprehensive defensive security solutions for VoIP must emerge from the research community. This paper describes a multilayer intrusion detection and prevention system architecture for VoIP infrastructures. The key components of the approach are based on a VoIP-specific honeypot and on an application layer event correlation engine. While each component alone can detect only a subset of VoIP-specific attacks, the two of them together can provide an effective defense for the many class of attacks. We show in this paper, how different and complementary conceptual approaches can jointly provide an in depth defense for VoIP architectures.