A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP)

Hussain, Intesab; Djahel, Soufiene; Jiang, Xiangqian; Naït‐Abdesselam, Farid

doi:10.1002/sec.1328

Cited by 21 publications

(9 citation statements)

References 39 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The attacker could be a legitimate user if such attacker has an account in the SIP server, or even an intruder who has violated the authentication requirements. Furthermore, this attack can be launched using a single source (i.e., DoS attack) or multiple sources (i.e., DDoS attack) to send INVITE messages to the end-user or the server [ 38 ].…”

Section: Datasetmentioning

confidence: 99%

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

Many companies have transformed their telephone systems into Voice over IP (VoIP) systems. Although implementation is simple, VoIP is vulnerable to different types of attacks. The Session Initiation Protocol (SIP) is a widely used protocol for handling VoIP signaling functions. SIP is unprotected against attacks because it is a text-based protocol and lacks defense against the growing security threats. The Distributed Denial of Service (DDoS) attack is a harmful attack, because it drains resources, and prevents legitimate users from using the available services. In this paper, we formulate detection of DDoS attacks as a classification problem and propose an approach using token embedding to enhance extracted features from SIP messages. We discuss a deep learning model based on Recurrent Neural Networks (RNNs) developed to detect DDoS attacks with low and high-rate intensity. For validation, a balanced real traffic dataset was built containing three attack scenarios with different attack durations and intensities. Experiments show that the system has a high detection accuracy and low detection time. The detection accuracy was higher for low-rate attacks than that of traditional machine learning.

show abstract

Section: Datasetmentioning

confidence: 99%

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Moreover, they analyzed four articles and evaluated them according to their advantages and limitations. Hussain et al [14] introduced a comprehensive study of SIP flooding DoS attacks. They classified the research work reviewed (consisting of 26 publications) according to attack behavior, attack type (internal or external), and attack target (proxy server or end-user).…”

Section: Related Workmentioning

confidence: 99%

“…From the previous discussion, it can be noted that published surveys are either limited in their scope to a specific type of DoS attacks [13,14] or examined them with limited aspects of comparison [15] or did not provide a review of the recently published articles [16]. Hence there is a need for a recent and in-depth survey.…”

Section: Related Workmentioning

confidence: 99%

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

et al. 2020

View full text Add to dashboard Cite

Voice over IP (VoIP) services hold promise because of their offered features and low cost. Most VoIP networks depend on the Session Initiation Protocol (SIP) to handle signaling functions. The SIP is a text-based protocol that is vulnerable to many attacks. Denial of Service (DoS) and distributed denial of service (DDoS) attacks are the most harmful types of attacks, because they drain VoIP resources and render SIP service unavailable to legitimate users. In this paper, we present recently introduced approaches to detect DoS and DDoS attacks, and classify them based on various factors. We then analyze these approaches according to various characteristics; furthermore, we investigate the main strengths and weaknesses of these approaches. Finally, we provide some remarks for enhancing the surveyed approaches and highlight directions for future research to build effective detection solutions.

show abstract

“…A comprehensive survey paper on VoIP security research indicates that half of DoS-related vulnerabilities are on the endpoints [10]. Hussain et al (2015) in their comprehensive study of flooding attack wrote that SIP INVITE message is considered as one of the major root causes [7], and applicationlevel DDoS flooding attacks like SIP remain to be an open problems [12]. Some of the related works that use destinationbased as well as source-based approach are as follows: Ormazabal et al (2008) [5] introduced carrier class, CAMaccelerated solution for SIP DoS defense called "Secure SIP."…”

Section: A Related Workmentioning

confidence: 99%

Distributed SIP DDoS Defense with P4

Febro

Xiao

Spring

2019

2019 IEEE Wireless Communications and Networking Conference (WCNC)

View full text Add to dashboard Cite

SIP DDoS attack is growing and has a real threat to crippling public communication infrastructure. The standard approach to building the defense is at or near the attack destination (i.e. victim's location). This approach is struggling to keep up with the growing volume and attack sophistication. To be better prepared for future attacks, the workload needs to be distributed, and the attack needs to be mitigated as close to the attack source as possible. This paper experiments with data plane programming (P4) and control plane programming of Ethernet switches to provide first-hop detection and mitigation capability for SIP INVITE DDoS attack at every switchport. This approach creates a distributed or source-based defense component which could be added to the existing destination-based components to create a more comprehensive overall solution that is extensible, economical, and scalable against SIP DDoS attack of the future.

show abstract

A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP)

Cited by 21 publications

References 39 publications

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Distributed SIP DDoS Defense with P4

Contact Info

Product

Resources

About