A lightweight countermeasure to cope with flooding attacks against session initiation protocol

Hussain, Intesab; Djahel, Soufiene; Geneiatakis, Dimitris; Naït‐Abdesselam, Farid

doi:10.1109/wmnc.2013.6549057

Cited by 5 publications

(6 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In Hussain, a lightweight scheme has been proposed to counter both the single source and multi‐source flooding attacks. The user computes a specified threshold at the time of registration process and monitors the number of calls to a particular callee.…”

Section: Related Workmentioning

confidence: 99%

A scalable detection and prevention scheme for voice over internet protocol (VoIP) signaling attacks using handler with Bloom filter

Vennila¹,

Manikandan²

2017

Int J Network Mgmt

View full text Add to dashboard Cite

Summary In this paper, a two‐tier model has been developed that includes a Handler and a Bloom filter (HBF). In the first‐tier, the handler detects both the flooding and fake signaling attacks. The Bloom filter, in the second‐tier, prevents both the attacks before reaching the victim. In the existing systems, the packet level features are used which do not perform well for detection and prevention of both the attacks. In this work, flow level features are applied in both tiers. The proposed model is implemented on the innocent Session Initiation Protocol (SIP) server in the VoIP network. The two‐tier model ensures the reliability and trustworthiness between the service provider and the customer. Besides, it also provides billing information along with the exact call duration to a customer who makes a call. The experimental results show that the HBF results in a reduced detection time of 9 seconds with the reduced false positive (FP) of less than 1% and the false negative (FN) of 0.002% and also preserves the voice call quality during media conversation.

show abstract

Section: Related Workmentioning

confidence: 99%

A scalable detection and prevention scheme for voice over internet protocol (VoIP) signaling attacks using handler with Bloom filter

Vennila¹,

Manikandan²

2017

Int J Network Mgmt

View full text Add to dashboard Cite

show abstract

“…In Figure , we plot the response time to the different rates of INVITE requests sent by an attacker. In our previous work , different flooding rates were applied to INVITE and REGISTER methods. We have measured the response time to illustrate the delay induced by the increasing memory consumption of SIP devices during the attack.…”

Section: The Consequences Of Flooding Attacksmentioning

confidence: 99%

“…Hussain et al , introduce a lightweight scheme to counter single source flooding and DDoS attacks targeting SIP servers. The user‐specified threshold, provided at the time of registration process, handles the number of calls to a particular SIP callee.…”

Section: Taxonomy Of the Existing Solutionsmentioning

confidence: 99%

A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP)

Hussain

Djahel

Jiang

et al. 2015

Security Comm Networks

View full text Add to dashboard Cite

Session Initiation Protocol (SIP) is widely used as a signaling protocol to support voice and video communication in addition to other multimedia applications. However, it is vulnerable to several types of attacks because of its open nature and lack of a clear defense line against the increasing spectrum of security threats. Among these threats, flooding attack, known by its destructive impact, targets both of SIP User Agent Server (UAS) and User Agent Client (UAC), leading to a denial of service in Voice over IP applications. In particular, INVITE message is considered as one of the major root causes of flooding attacks in SIP. This is due to the fact that an attacker may send numerous INVITE requests without waiting for responses from the UAS or the proxy in order to exhaust their respective resources. Most of the devised solutions to cope with the flooding attack are either difficult to deploy in practice or require significant changes in the SIP servers implementation. Apart from these challenges, flooding attacks are much more diverse in nature, which makes the task of defeating them a real challenge. In this survey, we present a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences. We also classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets. Moreover, we conduct a thorough investigation of the main strengths and weaknesses of these solutions and deeply analyze the underlying assumptions of each of them for better understanding of their limitations. Finally, we provide some recommendations for enhancing the effectiveness of the surveyed solutions and address some open challenges. Copyright © 2015 John Wiley & Sons, Ltd.

show abstract

“…• SIP flooding: SIP is vulnerable to a wide range of flooding attacks due to its open nature and the lack of robust security mechanisms (Hussain et al, 2013;Tang et al, 2012). On the application-layer, signalling floods are the most prominent.…”

Section: Sip-based Attacksmentioning

confidence: 99%

Application-layer denial of service attacks: taxonomy and survey

Μαντάς

Stakhanova

Gonzalez

et al. 2015

IJICS

View full text Add to dashboard Cite

A lightweight countermeasure to cope with flooding attacks against session initiation protocol

Cited by 5 publications

References 13 publications

A scalable detection and prevention scheme for voice over internet protocol (VoIP) signaling attacks using handler with Bloom filter

A scalable detection and prevention scheme for voice over internet protocol (VoIP) signaling attacks using handler with Bloom filter

A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP)

Application-layer denial of service attacks: taxonomy and survey

Contact Info

Product

Resources

About