A restrictive model (RM) for detection and prevention of INVITE flooding attack

Author

Raza, Muhammad Ahmad ; Khan, Ajmal ; Raza, M.

fYear

2013

fDate

25-26 Sept. 2013

Firstpage

1

Lastpage

6

Abstract

The denial of service (DOS) attack is a known problem in computer networks. This paper reviews DOS attack at the Application layer using session initiation protocol (SIP). Most of the existing solutions are based on adaptive threshold, cumulative sum, and Hellinger distance (HD). The HD uses number of INVITE messages for prediction of the possible flooding attack. A limitation of these approaches is that they all need training phase before actually being tested in the real situation. The proposed method proposes a completely different solution where transport layer protocol based on UDP is used to block the stream of undesired packets. This approach is novel and found to be working in various situations. The algorithm is rigorously tested using the network simulator NS2.

Keywords

computer network security; signalling protocols; transport protocols; DOS attack; HD; Hellinger distance; INVITE flooding attack; NS2 network simulator; RM; SIP; UDP protocol; adaptive threshold; application layer; cumulative sum; denial of service attack; restrictive model; session initiation protocol; transport layer protocol; Availability; Buffer storage; Computer crime; Floods; IP networks; Protocols; Servers; IP multimedia subsystem (IMS); Key Words: Session initiation protocol (SIP); denial of service (DOS) attack;

fLanguage

English

Publisher

ieee

Conference_Titel

Computer,Control & Communication (IC4), 2013 3rd International Conference on

Conference_Location

Karachi

Print_ISBN

978-1-4673-6011-1

Type

conf

DOI

10.1109/IC4.2013.6653766

Filename

6653766