Specification-based anomaly detection: a new approach for detecting network intrusions
Proceedings of the 9th ACM conference on Computer and communications security
Reachability and Recurrence in Extended Finite State Machines: Modular Vector Addition Systems
CAV '93 Proceedings of the 5th International Conference on Computer Aided Verification
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
STAT -- A State Transition Analysis Tool For Intrusion Detection
STAT -- A State Transition Analysis Tool For Intrusion Detection
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
Confirming Configurations in EFSM Testing
IEEE Transactions on Software Engineering
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Practical VoIP Security
Bro: a system for detecting network intruders in real-time
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Hi-index | 0.00 |
Although sharing the same physical infrastructure with data networks makes convergence attractive, it also makes Voice over Internet Protocol (VoIP) networks and applications inherit all the security weaknesses of IP protocol. In addition, VoIP converged networks come with their own set of security concerns. Voice traffic on converged networks is packet switched and vulnerable to interception with the same techniques used to sniff other traffic on a LAN or WAN. Denial of Service (DoS) attacks are one of the most critical threats to VoIP due to the disruption of service and loss of revenue they cause. VoIP systems are supposed to provide the same level of security provided by traditional PSTN networks, although more functionality and intelligence are distributed to the endpoints, and more protocols are involved to provide better service. All these factors make a new design and techniques in Intrusion Detection highly needed. In this paper we propose a novel host based intrusion detection architecture for converged VoIP applications. Our architecture uses the Communicating Extended Finite State Machines formal model to provide both stateful and cross-protocol detection. In addition, it combines signaturebased and specification-based detection techniques alongside combining protocol syntax and semantics anomaly detection. A variety of attacks are implemented on our test bed, and the intrusion detection prototype shows promising efficiency. The accuracy of the prototype detection is discussed and analyzed.