Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks

Authors:
Sven Ehlert;Yacine Rebahi;Thomas Magedanz
Affiliations:
Fraunhofer FOKUS, Kaiserin-Augusta-Allee 31, 10589 Berlin, Germany.;Fraunhofer FOKUS, Kaiserin-Augusta-Allee 31, 10589 Berlin, Germany.;Fraunhofer FOKUS, Kaiserin-Augusta-Allee 31, 10589 Berlin, Germany
Venue:
International Journal of Security and Networks
Year:
2009

Citing 13
Cited 6

Specification-based anomaly detection: a new approach for detecting network intrusions

Proceedings of the 9th ACM conference on Computer and communications security
Caching on the World Wide Web

IEEE Transactions on Knowledge and Data Engineering
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
Snort - Lightweight Intrusion Detection for Networks

LISA '99 Proceedings of the 13th USENIX conference on System administration
VoIP Intrusion Detection Through Interacting Protocol State Machines

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Survey of network-based defense mechanisms countering the DoS and DDoS problems

ACM Computing Surveys (CSUR)
Holistic VoIP intrusion detection and prevention system

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
VoIP defender: highly scalable SIP-based security architecture

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
A Framework for Detecting Anomalies in VoIP Networks

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
Survey of security vulnerabilities in session initiation protocol

IEEE Communications Surveys & Tutorials
Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms

IEEE Network: The Magazine of Global Internetworking

Wireless telemedicine and m-health: technologies, applications and research issues

International Journal of Sensor Networks
A survey of security visualization for computer network logs

Security and Communication Networks
A survey of cyber crimes

Security and Communication Networks
Error analysis of range-based localisation algorithms in wireless sensor networks

International Journal of Sensor Networks
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree

Computer Communications
Accountability and Q-Accountable Logging in Wireless Networks

Wireless Personal Communications: An International Journal

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security threats to Voice-over IP (VoIP) or IP Multimedia Subsystem (IMS) networks are becoming a major concern as their popularity increases. New attacks are being developed that directly target the underlying SIP protocol. To detect such kinds of attacks we are presenting a specification-based Intrusion Detection System (IDS) to recognise deviation from its expected protocol behaviour. We will present an implementation and show with measurements that this method is capable of attack detection and mitigation for different kinds of attacks directed towards a SIP infrastructure, with a focus on Denial-of-Service (DoS) message flooding.