An entropy-based VoIP flooding attacks detection and prevention system

Voice over IP (VOIP) network, also known as Internet telephony, is growing increasingly. With the growth of each technology, the related security issues become of particular importance. Being IP-based and playing a signaling role in VOIP networks, SIP protocol lets the invaders use weaknesses of the protocol to disable VOIP service. One of the most important threats is denial of service attacks, a branch of which in this article we have discussed about is flooding attack. These attacks make server resources wasted and deprive it from delivering service to authorized users. Distributed denial of service attacks and low rate attacks can mislead many attack detection mechanisms. In this paper, we have presented an anomaly based method in order to detect and prevent flooding attacks by using Entropy. In this method we examined the VOIP network traffic with the help of entropy. Entropy makes it possible for us to accurately detect the changes in the network traffic and identify the attacker or attackers with the help of the Compressed summarized table of packet data (Sketch). The proposed method is fully implemented and has been tested using the Spirent server. The results of our implementation show the proposed method was able to detect distributed and low rate flooding attacks accurately, without causing significant delay and overhead on the SIP server.