Fast Detection of Denial-of-Service Attacks on IP Telephony

Sengar, Hemant; Wang, H.; Wijesekera, Duminda; Jajodia, Sushil

doi:10.1109/iwqos.2006.250469

Cited by 50 publications

(29 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The results can 6 Multi-source flooding attack detection rate and false detection rate be found in Table 1. In the experiment, we choose k p = 3 and m p = 500 to achieve a good balance of detection rate, filter rate and memory consumption.…”

Section: The Length Of Pfiltermentioning

confidence: 99%

“…Stealthy flooding attack is a kind of attack that is difficult to distinguish because the attacker patiently increases the flooding rate in slow pace. Sengar et al [6], [7] also propose the statistical detection mechanism called vFDS based on sudden surge caused by incomplete the handshaking processes in SIP. In their scheme, training phase is also needed to provide a baseline.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Ruan

Wang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme.

show abstract

Section: The Length Of Pfiltermentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Ruan

Wang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…Sengar et al [98], [99] describe vFDS, an anomaly detection system that seeks to identify flooding denial of service attacks in VoIP. The approach taken is to measure abnormal variations in the relationships between related packet streams using the Hellinger distance, a measure of the deviation between two probability measures.…”

Section: D) Captchas and Puzzles (4 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

Abstract-We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products.We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

show abstract

“…Reynolds and Ghosal [15] proposed a multi-protocol scheme to defend against flooding attacks on VoIP networks. Wu et al [25] and Sengar et al [18] presented using state information and cross-protocol correlation to detect denial-of-service attacks on VoIP. Sengar et al [19] detailed a VoIP intrusion detection based interactive protocol state machine.…”

Section: Related Workmentioning

confidence: 99%

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

Farley

Wang

2013

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract. As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats. We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone. To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.

show abstract

Fast Detection of Denial-of-Service Attacks on IP Telephony

Cited by 50 publications

References 9 publications

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

A Comprehensive Survey of Voice over IP Security Research

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

Contact Info

Product

Resources

About