A Framework for Automated Exploit Prevention from Known Vulnerabilities in Voice over IP Services

Author

Lahmadi, Abdelkader ; Festor, Olivier

Author_Institution

LORIA, Nancy Univ., Vandoeuvre-les-Nancy, France

Volume

9

Issue

2

fYear

2012

fDate

6/1/2012 12:00:00 AM

Firstpage

114

Lastpage

127

Abstract

We propose a prevention system for SIP-based networks which adopts a rule-based approach to build prevention specifications on SIP protocol activities that stop attacks exploiting an existing vulnerability before reaching their targets. Our approach innovates from existing solutions by making use of the contextual information of a vulnerability targeted by an attack to apply the prevention specification. Manually coding these prevention specifications is tedious and error-prone. Our method automatically infers prevention specifications by analyzing captured SIP exploit traffic. The detection engine uses an efficient method based on event graphs to match protocol activities against available prevention specifications. We describe the different components of our approach and show through an extended performance study of the implemented system its applicability to enterprise level VoIP protection.

Keywords

Internet telephony; computer network security; graph theory; knowledge based systems; signalling protocols; SIP protocol activities; SIP-based networks; automated exploit prevention; contextual information; detection engine; enterprise level VoIP protection; event graphs; known vulnerabilities; prevention specifications coding; protocol activities; rule-based approach; voice over IP services; Context; Engines; Pattern matching; Protocols; Routing; Runtime; Security; Exploit prevention systems; security; session initiation protocol; voice over IP; vulnerability management;

fLanguage

English

Journal_Title

Network and Service Management, IEEE Transactions on

Publisher

ieee

ISSN

1932-4537

Type

jour

DOI

10.1109/TNSM.2012.011812.110125

Filename

6138261