Software Testing Techniques
Generating Test Data with Enhanced Context-Free Grammars
IEEE Software
A Formal Approach for Passive Testing of Protocol Data Portions
ICNP '02 Proceedings of the 10th IEEE International Conference on Network Protocols
Parsing expression grammars: a recognition-based syntactic foundation
Proceedings of the 31st ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automated Self-Assembly Programming Paradigm: Initial Investigations
EASE '06 Proceedings of the Third IEEE International Workshop on Engineering of Autonomic & Autonomous Systems
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
SNOOZE: toward a stateful network protocol fuzZEr
ISC'06 Proceedings of the 9th international conference on Information Security
Monitoring SIP Traffic Using Support Vector Machines
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Automatic Adaptation and Analysis of SIP Headers Using Decision Trees
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Security Analysis of an IP Phone: Cisco 7960G
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
SecSip: a stateful firewall for SIP-based networks
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
A SIP security testing framework
CCNC'09 Proceedings of the 6th IEEE Conference on Consumer Communications and Networking Conference
RTP-miner: a real-time security framework for RTP fuzzing attacks
Proceedings of the 20th international workshop on Network and operating systems support for digital audio and video
VoIP malware: attack tool & attack scenarios
ICC'09 Proceedings of the 2009 IEEE international conference on Communications
An autonomic testing framework for IPv6 configuration protocols
AIMS'10 Proceedings of the Mechanisms for autonomous management of networks and services, and 4th international conference on Autonomous infrastructure, management and security
Enforcing security with behavioral fingerprinting
Proceedings of the 7th International Conference on Network and Services Management
Behavioral fuzzing operators for UML sequence diagrams
SAM'12 Proceedings of the 7th international conference on System Analysis and Modeling: theory and practice
| Hi-index | 0.00 |
With the recent evolution in the VoIP market, where more and more devices and services are being pushed on a very promising market, assuring their security becomes crucial. Among the most dangerous threats to VoIP, failures and bugs in the software implementation will still rank high on the list of vulnerabilities. In this paper we address the issue of detecting such vulnerabilities using a stateful fuzzer. We describe an automated attack approach capable to self-improve and to track the state context of a target device. We implemented our approach and were able to discover vulnerabilities in market leading and well known equipments and software.