Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers

Authors:
Dae Hyun Yum;Sun Young Kim;Hokun Moon;Mi-Yeon Kim;Jae-Hoon Roh;Pil Joong Lee
Affiliations:
Information Security Lab, POSTECH, Republic of Korea;Information Security Lab, POSTECH, Republic of Korea;Central R&D Lab, KT, Republic of Korea;Central R&D Lab, KT, Republic of Korea;Central R&D Lab, KT, Republic of Korea;Information Security Lab, POSTECH, Republic of Korea
Venue:
Information Security Applications
Year:
2009

Citing 19
Cited 0

Detection of abrupt changes: theory and application

Detection of abrupt changes: theory and application
A taxonomy of DDoS attack and DDoS defense mechanisms

ACM SIGCOMM Computer Communication Review
VoIP Security: Not an Afterthought

Queue - VoIP
Denial-of-Service Attack-Detection Techniques

IEEE Internet Computing
SIP: Basics and Beyond

Queue - SIP
Resisting SYN flood DoS attacks with a SYN cache

BSDC'02 Proceedings of the BSD Conference 2002 on BSD Conference
Botz-4-sale: surviving organized DDoS attacks that mimic flash crowds

NSDI'05 Proceedings of the 2nd conference on Symposium on Networked Systems Design & Implementation - Volume 2
Inferring internet denial-of-service activity

SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Security Analysis of Voice-over-IP Protocols

CSF '07 Proceedings of the 20th IEEE Computer Security Foundations Symposium
Detecting VoIP based DoS attacks at the public safety answering point

Proceedings of the 2008 ACM symposium on Information, computer and communications security
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
Assessing the risk of intercepting VoIP calls

Computer Networks: The International Journal of Computer and Telecommunications Networking
Scalable Detection of SIP Fuzzing Attacks

SECURWARE '08 Proceedings of the 2008 Second International Conference on Emerging Security Information, Systems and Technologies
Session Initiation Protocol (SIP): Controlling Convergent Networks

Session Initiation Protocol (SIP): Controlling Convergent Networks
Protecting SIP Proxy Servers from Ringing-Based Denial-of-Service Attacks

ISM '08 Proceedings of the 2008 Tenth IEEE International Symposium on Multimedia
An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems

ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Application of anomaly detection algorithms for detecting SYN flooding attacks

Computer Communications
Intrusion detection with CUSUM for TCP-Based DDoS

EUC'05 Proceedings of the 2005 international conference on Embedded and Ubiquitous Computing
Survey of security vulnerabilities in session initiation protocol

IEEE Communications Surveys & Tutorials

Quantified Score

Hi-index	0.00

Visualization

Abstract

NGN (Next Generation Network) is often called all-IP network as the general idea behind NGN is that one network transports all information and services. When NGN is deployed in a large scale, VoIP will eventually replace PSTN, the traditional model of voice telephony. While VoIP promises both low cost and a variety of advanced services, it may entail security vulnerabilities. Unlike PSTN, intelligence is placed at the edge and the security measures are not incorporated into the network. VoIP-specific attacks have already been introduced, of which the ringing-based DoS attack belongs. In this paper, we propose a detection system of the ringing-based DoS attacks. We model the normal traffic of legitimate users with the gamma distribution and then quantify the discrepancy between the normal traffic and the attack traffic with Pearson's chi-square statistic. Simulation results show that the proposed detection system can reliably detect the ringing-based DoS attacks.