Sketch-based SIP flooding detection using Hellinger distance

Authors:
Jin Tang;Yu Cheng;Chi Zhou
Affiliations:
Department of Electrical and Computer Engineering, Illinois Institute of Technology, Chicago, IL;Department of Electrical and Computer Engineering, Illinois Institute of Technology, Chicago, IL;Department of Electrical and Computer Engineering, Illinois Institute of Technology, Chicago, IL
Venue:
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
Year:
2009

Citing 8
Cited 2

Sketch-based change detection: methods, evaluation, and applications

Proceedings of the 3rd ACM SIGCOMM conference on Internet measurement
Tabulation based 4-universal hashing with applications to second moment estimation

SODA '04 Proceedings of the fifteenth annual ACM-SIAM symposium on Discrete algorithms
Mining anomalies using traffic feature distributions

Proceedings of the 2005 conference on Applications, technologies, architectures, and protocols for computer communications
VoIP Intrusion Detection Through Interacting Protocol State Machines

DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Computer Networking: A Top-Down Approach (4th Edition)

Computer Networking: A Top-Down Approach (4th Edition)
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
Specification-Based Denial-of-Service Detection for SIP Voice-over-IP Networks

ICIMP '08 Proceedings of the 2008 The Third International Conference on Internet Monitoring and Protection
Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms

IEEE Network: The Magazine of Global Internetworking

A comparison between divergence measures for network anomaly detection

Proceedings of the 7th International Conference on Network and Services Management
Flooding attacks detection in backbone traffic using power divergence

Proceedings of the 7th ACM workshop on Performance monitoring and measurement of heterogeneous wireless and wired networks

Quantified Score

Hi-index	0.00

Visualization

Abstract

The Voice over IP (VoIP) application utilizes the Internet to provide voice service; thus it is susceptible to various security issues common on the IP networks, such as the flooding attack. Moreover, VoIP uses the Session Initiation Protocol (SIP) for session control and management. The transactional nature of SIP makes flooding attack an even severer threat, which can consequentially lead to denial of service (DoS). In this paper, we develop an efficient online SIP flooding detection scheme by integrating the sketch technique with Hellinger distance (HD) based detection. The sketch data structure can summarize the SIP call generating process into a fixed set of data for developing a probability model. The HD technique, combined with on-line traffic estimation, can efficiently identify attacks by monitoring the distance between current traffic distribution and the estimated distribution based on history information. Compared to the original HD detection system, our technique achieves the advantages of higher accuracy, flexibility to deal with multi-attribute attacks and DDoS attacks, and the ability to track the period of attack. Computer simulation results are presented to demonstrate the performance of the proposed technique.