research-article

Design and implementation of SIP-aware DDoS attack detection system

Authors:

Hyun-Cheol JeongAuthors Info & Claims

ICIS '09: Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human

Pages 1167 - 1171

https://doi.org/10.1145/1655925.1656137

Published: 24 November 2009 Publication History

Get Access

Abstract

SIP is a signaling protocol used for establishing, modifying, terminating sessions in multimedia services such as VoIP, instant messaging, and video conferencing. Existing IP network security solutions can not detect new SIP specified network threats because they can not reflect characteristics of SIP. In this paper, we propose SIP-aware DDoS Attack Detection System that can monitor SIP signaling flow and detect SIP-aware DDoS attack. The proposed system collects attributes of SIP traffic, and executes anlaysing and detecting based on statistic and behavior.

References

[1]

J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Sparks, M. Handley and E. Schooler, "SIP: Session Initiation Protocol", RFC 3261, June 2002.

Google Scholar

[2]

H. Schulzrinne, S. Casner, R. Frederick and V. Jacobsonm, "RTP: A Transport Protocol for Real-Time Applications", RFC 1889, January, 1996

Digital Library

Google Scholar

[3]

D. Geneiatakis, G. Kambourakis, T. Dagiuklas, C. Lambrinoudakis and S. Gritzalis, "A Framework for Detecting Malformed Messages in SIP Networks", the 14th IEEE Workshop on Local and Metropolitan Area Networks LANMAN), Greece, September 2005

Google Scholar

[4]

Y. Wu, S. Bagchi, S. Garg, N. Singh and T. Tsai, SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments", 2004 International Conference on Dependable Systems and Networks (DSN'04), Florence, Italy, 2004

Digital Library

Google Scholar

[5]

H. Kang, Z. Zhang, S. Ranjan and A. Nucci, "SIP-based VoIP Traffic Behavior Profiling and its Application", MineNet'07, San Diego, USA, June 2007.

Digital Library

Google Scholar

Cited By

View all

Stanek JKencl L(2012)SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers2012 IEEE International Conference on Communications (ICC)10.1109/ICC.2012.6364674(6733-6738)Online publication date: Jun-2012
https://doi.org/10.1109/ICC.2012.6364674
Stanek JKencl L(2011)SIPp-DD: SIP DDoS Flood-Attack Simulation Tool2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN.2011.6005946(1-7)Online publication date: Jul-2011
https://doi.org/10.1109/ICCCN.2011.6005946

Index Terms

Design and implementation of SIP-aware DDoS attack detection system
1. Hardware
  1. Communication hardware, interfaces and storage
2. Networks

Recommendations

An Analysis of Security Implications in Session Initiation Protocol (SIP)
AMS '13: Proceedings of the 2013 7th Asia Modelling Symposium

Voice over IP (VoIP) has become an indispensible part of our life as individuals, organizations, and corporate move from traditional Plain Old Telephony Systems (POTS) to VoIP based systems. This allows the cost to make or receive calls come down ...
Battling Against DDoS in SIP
ICETE 2015: Proceedings of the 12th International Joint Conference on e-Business and Telecommunications - Volume 4

This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML)

techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several

works in the literature have been ...
Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks

Security threats to Voice-over IP (VoIP) or IP Multimedia Subsystem (IMS) networks are becoming a major concern as their popularity increases. New attacks are being developed that directly target the underlying SIP protocol. To detect such kinds of ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

ICIS '09: Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human

November 2009

1479 pages

ISBN:9781605587103

DOI:10.1145/1655925

Conference Chairs:
Sungwon Sohn
ETRI, Korea
,
Kyhyun Um
Dongguk University, Korea
,
Franz I. S. Ko
Dongguk University, Korea/IBC, UK
,
Kae Dal Kwack
Hanyang University, Korea
,
Jong Hyung Lee
Gumi Electronics & Information Technology Research Institute, Korea
,
Gang Kou
University of Electronic Science and Technology of China, China
,
Kiyoshi Nakamura
Waseda University, Japan
,
ACM Fong
Nanyang Technological University, Singapore
,
Patrick Ma
The Hong Kong Polytechnic University, Hongkong
,
Ling Chen
Zhejiang University, China
,
Soonwook Hwang
KISTI, Korea
,
Kyungeun Cho
Dongguk University, Korea
,
Shigeo Kawata
Utsunomiya University, Japan

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 November 2009

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ICIS '09

Sponsor:

ICIS '09: The 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human

November 24 - 26, 2009

Seoul, Korea

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

2
Total Citations
View Citations
45
Total Downloads

Downloads (Last 12 months)7
Downloads (Last 6 weeks)1

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Stanek JKencl L(2012)SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers2012 IEEE International Conference on Communications (ICC)10.1109/ICC.2012.6364674(6733-6738)Online publication date: Jun-2012
https://doi.org/10.1109/ICC.2012.6364674
Stanek JKencl L(2011)SIPp-DD: SIP DDoS Flood-Attack Simulation Tool2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN)10.1109/ICCCN.2011.6005946(1-7)Online publication date: Jul-2011
https://doi.org/10.1109/ICCCN.2011.6005946

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

An Analysis of Security Implications in Session Initiation Protocol (SIP)

Battling Against DDoS in SIP

Intrusion Detection System for Denial-of-Service flooding attacks in SIP communication networks