Title :
Detecting DoS attacks on SIP systems
Author_Institution :
NTT Inf. Sharing Platform Lab., NTT Corp., Tokyo, Japan
Abstract :
As VoIP technology becomes more widely deployed due to its economical advantage over traditional PSTN services, VoIP servers and clients will become attractive targets of denial of service (DoS) attacks. This paper proposes a method to detect DoS attacks that involve flooding SIP entities with illegitimate SIP messages. We modify the original finite-state machines for SIP transactions in such a way that transaction anomalies can be detected in a stateful manner. We also propose to use four threshold parameters to confirm an attack.
Keywords :
Internet telephony; client-server systems; protocols; quality of service; telecommunication security; DoS; SIP; VoIP technology; client-server system; denial of service attack; session initiation protocol; transaction anomaly; Bandwidth; Computer crashes; Computer crime; Floods; Laboratories; Microprogramming; Network servers; Reflection; Web and internet services; Web server;
Conference_Titel :
VoIP Management and Security, 2006. 1st IEEE Workshop on
Print_ISBN :
1-4244-0144-5
DOI :
10.1109/VOIPMS.2006.1638123
