SIP-based VoIP traffic behavior profiling and its applications
Proceedings of the 3rd annual ACM workshop on Mining network data
Billing attacks on SIP-based VoIP systems
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
Holistic VoIP intrusion detection and prevention system
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Two layer Denial of Service prevention on SIP VoIP infrastructures
Computer Communications
A Collaborative Forensics Framework for VoIP Services in Multi-network Environments
PAISI, PACCF and SOCO '08 Proceedings of the IEEE ISI 2008 PAISI, PACCF, and SOCO international workshops on Intelligence and Security Informatics
On the performance of a hybrid intrusion detection architecture for voice over IP systems
Proceedings of the 4th international conference on Security and privacy in communication netowrks
Voice pharming attack and the trust of VoIP
Proceedings of the 4th international conference on Security and privacy in communication netowrks
A Self-learning System for Detection of Anomalous SIP Messages
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
Secure SIP: A Scalable Prevention Mechanism for DoS Attacks on SIP Based VoIP Systems
Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks
SIP intrusion detection and response architecture for protecting SIP-based services
ACS'08 Proceedings of the 8th conference on Applied computer scince
On the feasibility of launching the man-in-the-middle attacks on VoIP from remote attackers
Proceedings of the 4th International Symposium on Information, Computer, and Communications Security
An Empirical Investigation into the Security of Phone Features in SIP-Based VoIP Systems
ISPEC '09 Proceedings of the 5th International Conference on Information Security Practice and Experience
Intrusion detection with OMNeT++
Proceedings of the 2nd International Conference on Simulation Tools and Techniques
Design and implementation of SIP-aware DDoS attack detection system
Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
SecSip: a stateful firewall for SIP-based networks
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
SIPFIX: a scheme for distributed SIP monitoring
IM'09 Proceedings of the 11th IFIP/IEEE international conference on Symposium on Integrated Network Management
From Intrusion Detection to Intrusion Detection and Diagnosis: An Ontology-Based Approach
SEUS '09 Proceedings of the 7th IFIP WG 10.2 International Workshop on Software Technologies for Embedded and Ubiquitous Systems
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
Detecting VoIP-specific denial-of-service using change-point method
ICACT'09 Proceedings of the 11th international conference on Advanced Communication Technology - Volume 2
A hybrid, stateful and cross-protocol intrusion detection system for converged applications
OTM'07 Proceedings of the 2007 OTM confederated international conference on On the move to meaningful internet systems: CoopIS, DOA, ODBASE, GADA, and IS - Volume Part II
RTP-miner: a real-time security framework for RTP fuzzing attacks
Proceedings of the 20th international workshop on Network and operating systems support for digital audio and video
Protecting SIP against very large flooding DoS attacks
GLOBECOM'09 Proceedings of the 28th IEEE conference on Global telecommunications
On the billing vulnerabilities of SIP-based VoIP systems
Computer Networks: The International Journal of Computer and Telecommunications Networking
Labeled VoIP data-set for intrusion detection evaluation
EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
Availability analysis of an IMS-based VoIP network system
ICCSA'10 Proceedings of the 2010 international conference on Computational Science and Its Applications - Volume Part IV
Collaborative scheme for VoIP traceback
Digital Investigation: The International Journal of Digital Forensics & Incident Response
SIPAD: SIP-VoIP Anomaly Detection using a Stateful Rule Tree
Computer Communications
| Hi-index | 0.00 |
Voice over IP (VoIP) systems are gaining inpopularity as the technology for transmitting voice trafficover IP networks. As the popularity of VoIP systemsincreases, they are being subjected to different kinds ofintrusions some of which are specific to such systems andsome of which follow a general pattern. VoIP systemspose several new challenges to Intrusion DetectionSystem (IDS) designers. First, these systems employmultiple protocols for call management (e.g., SIP) anddata delivery (e.g., RTP). Second, the systems aredistributed in nature and employ distributed clients,servers and proxies. Third, the attacks to such systemsspan a large class, from denial of service to billing fraudattacks. Finally, the systems are heterogeneous andtypically under several different administrative domains.In this paper, we propose the design of an intrusiondetection system targeted to VoIP systems, called SCIDIVE(pronounced "Skydive"). SCIDIVE is structured to detectdifferent classes of intrusions, including, masquerading,denial of service, and media stream-based attacks. It canoperate with both classes of protocols that compose VoIPsystems - call management protocols (CMP), e.g., SIP,and media delivery protocols (MDP), e.g., RTP. SCIDIVEproposes two abstractions for VoIP IDS .Statefuldetection and Cross-protocol detection. Stateful detectiondenotes assembling state from multiple packets and usingthe aggregated state in the rule matching engine. Crossprotocol detection denotes matching rules that spanmultiple protocols. SCIDIVE is demonstrated on a sampleVoIP system that comprises SIP clients and SIP proxyservers with RTP as the data delivery protocol. Fourattack scenarios are created and the accuracy and theefficiency of the system evaluated with rules meant tocatch these attacks.