Detecting VoIP-specific denial-of-service using change-point method

Authors:
Hongli Zhang;Zhimin Gu;Caixia Liu;Tang Jie
Affiliations:
School of Computer Science and Technology, Beijing Institute of Technology, Beijing and Media College, Inner Mongolia Normal University, Hohhot, China;School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China;School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China;School of Computer Science and Technology, Beijing Institute of Technology, Beijing, China
Venue:
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
Year:
2009

Citing 9
Cited 2

Detection of abrupt changes: theory and application

Detection of abrupt changes: theory and application
Guest Editor's Introduction: Service for Telecom Version 2

IEEE Internet Computing
SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments

DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
Intrusion detection system for signal based SIP attacks through timed HCPN

ARES '07 Proceedings of the The Second International Conference on Availability, Reliability and Security
A Framework for Detecting Anomalies in VoIP Networks

ARES '08 Proceedings of the 2008 Third International Conference on Availability, Reliability and Security
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
Survey of security vulnerabilities in session initiation protocol

IEEE Communications Surveys & Tutorials

DDoS flooding attack detection scheme based on F-divergence

Computer Communications
Distributed denial-of-service attack detection scheme-based joint-entropy

Security and Communication Networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

As Voice over IP (VoIP) technology becomes more widely deployed due to its economical advantage over traditional PSTN service, an increasing number of security issues emerged targeting VoIP-specific vulnerabilities. Being a real-time service, VoIP is more susceptible to Denial-of-Service (DoS) attacks than regular internet service. In this paper we proposed a change-point detection method to prevent Denial-of-Service attacks on VoIP systems based on Session Initiation Protocol (SIP) protocol behavior analysis. We develop efficient adaptive sequential change-point method to detect attacks which lead to changes in network traffic. The change-point detection method employs a statistical analysis of data to detect very subtle traffic changes which from SIP protocol behavior. The method is computationally simple and can be implemented online. Our experimental result shows that the method achieves a very small delay, high rate and low false alarm rate of VoIP-specific DoS detection.