State Transition Analysis: A Rule-Based Intrusion Detection Approach
IEEE Transactions on Software Engineering
NetSTAT: A Network-Based Intrusion Detection Approach
ACSAC '98 Proceedings of the 14th Annual Computer Security Applications Conference
A Stateful Intrusion Detection System for World-Wide Web Servers
ACSAC '03 Proceedings of the 19th Annual Computer Security Applications Conference
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
Challenges in Securing Voice over IP
IEEE Security and Privacy
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
ICDT '06 Proceedings of the international conference on Digital Telecommunications
An ontology description for SIP security flaws
Computer Communications
Two layer Denial of Service prevention on SIP VoIP infrastructures
Computer Communications
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks
International Journal of Security and Networks
SecSip: a stateful firewall for SIP-based networks
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
On the billing vulnerabilities of SIP-based VoIP systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Survey of security vulnerabilities in session initiation protocol
IEEE Communications Surveys & Tutorials
| Hi-index | 0.24 |
Voice over IP (VoIP) services have become prevalent lately because of their potential advantages such as economic efficiency and useful features. Meanwhile, Session Initiation Protocol (SIP) is being widely used as a session protocol for the VoIP services. Many mobile VoIP applications have recently been launched, and they are becoming attractive targets for attackers to steal private information. In particular, malformed SIP messages and SIP flooding attacks are the most significant attacks as they cause service disruption by targeting call procedures and system resources. Although much research has been conducted in an effort to address the problems, they remain unresolved challenges due to the ease of launching variants of attacks. In this paper, we propose a stateful SIP inspection mechanism, called SIP-VoIP Anomaly Detection (SIPAD), that leverages a SIP-optimized data structure to detect malformed SIP messages and SIP flooding attacks. SIPAD precomputes the SIP-optimized data structure (termed a stateful rule tree) that reorganizes the SIP rule set by hierarchical correlation. Depending on the current state and the message type, SIPAD determines the corresponding branches from the stateful rule tree, and inspects a SIP message's structure by comparing it to the branches. The SIP-optimized rule tree provides higher detection accuracy, wider detection coverage and faster detection than existing approaches. Conventional SIP inspection schemes tend to have high overhead costs due to the complexity of their rule matching schemes. Experimental results of our SIP-optimized approach, by contrast, indicate that it dramatically reduces overhead and can even be deployed in resource-constrained environments such as smartphones.