Holistic VoIP intrusion detection and prevention system

Nassar, Mohamed; Niccolini, Saverio; State, Radu; Ewald, Thilo

doi:10.1145/1326304.1326306

Cited by 48 publications

(23 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The authors [13], [14] present a signature-based solution to protect SIP network elements from message payload tampering attacks. They suggest the employment of signature patterns (based on the SIP grammar) to distinguish well-formed messages from malformed ones, similar to computer virus signature descriptions.…”

Section: B Single-layer Security Defensementioning

confidence: 99%

“…The authors [19] present a combination of the work of [12], [13] and [17]. They use a layered approach with two layers.…”

Section: Multilayer Security Defensementioning

confidence: 99%

“…They use a layered approach with two layers. The first countermeasure layer consists of a message checker as proposed by [12], [13]. The second layer consists of a cross-protocol state machine specification as proposed by [20].…”

Section: Multilayer Security Defensementioning

confidence: 99%

See 2 more Smart Citations

Multilayer Secured SIP Based VoIP Architecture

Basem¹,

Ghalwash²,

Sadek³

2015

IJCTE

View full text Add to dashboard Cite

Abstract-VoIP faces many emerging attacks and threats. securing SIP based VoIP is a major challenging task, hence confidentiality, integrity, availability, as well as authenticity must be provided. Focusing on three main critical attacks targeting SIP based VoIP infrastructure, which are Denial of service (DoS), man-in-the middle attack, and Authenticity based attacks. In this paper the main contribution is providing a secure efficient multilayer security architecture based on open source applications (snort, snortsam and iptables, as well as OPENVPN Tunnel), The architecture provides a secure reliable VoIP services for the enterprise network, that have been deployed based on asterisk PBX. The proposed security architecture aims to prevent the mentioned critical attacks, to provide CIAA security services, by proposing an adaptive rule based queuing polices. QoS is a major challenge, the paper also provides an enhancement for the proposed architecture to minimize the delay for more efficient secure communication, as well as preventing zero day attacks by exploiting method and updating Snort DB with attack signatures. QoS factors have been measured using OPNET simulators. The proposed architecture gives promising results when it comes to attacks prevention with 0.01% better performance results compared to previous work.

show abstract

Section: B Single-layer Security Defensementioning

confidence: 99%

“…The authors [19] present a combination of the work of [12], [13] and [17]. They use a layered approach with two layers.…”

Section: Multilayer Security Defensementioning

confidence: 99%

See 1 more Smart Citation

Multilayer Secured SIP Based VoIP Architecture

Basem¹,

Ghalwash²,

Sadek³

2015

IJCTE

View full text Add to dashboard Cite

show abstract

“…The resulting SIP honeypot effort is largely exploratory, with performance and effectiveness evaluations left for future work. In follow-on work, Nassar et al [241] describe an intrusion detection and prevention architecture for VoIP that integrates SIP honeypots and an application-layer event correlation engine.…”

Section: ) Authentication Protocols (15 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

Abstract-We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products.We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

show abstract

“…Another prevention technique called "consent-based" performs preliminary notification before the establishment of a first call to fetch the agreement of the receiver, thus solving the "introduction problem" explained in [18]. Finally, marking mechanisms can be used, based on several call criteria, to evaluate the probability that this one may be SPIT [20], [21]. Most of the above protection principles apply equally to the closed model described in next chapter.…”

Section: Open-interconnection Modelmentioning

confidence: 99%

Analysis of Token and Ticket Based Mechanisms for Current VoIP Security Issues and Enhancement Proposal

Battistello

Delétré

2010

Communications and Multimedia Security

View full text Add to dashboard Cite

Abstract. These last few years, the security of VoIP architectures has become a sensitive issue with many vulnerability announcements. This article first aims to distinguish the threats and the applicable protection mechanisms depending on the underlying VoIP architecture. We then investigate the properties of a specific class of existing call establishment mechanisms based on tokens or tickets. In the last section, an enhancement to these mechanisms is proposed which lifts some of the previously seen limitations, especially the DoS risks, the token storage constraint or the transport impact of large tickets.

show abstract

Holistic VoIP intrusion detection and prevention system

Cited by 48 publications

References 7 publications

Multilayer Secured SIP Based VoIP Architecture

Multilayer Secured SIP Based VoIP Architecture

A Comprehensive Survey of Voice over IP Security Research

Analysis of Token and Ticket Based Mechanisms for Current VoIP Security Issues and Enhancement Proposal

Contact Info

Product

Resources

About