Autonomous defense against Flooding-based Denial of Service of a SIP system

Session Initiation Protocol (SIP) is a signaling protocol for Internet conferencing, telephony, presence, events notification, and instant messaging. SIP is an application-layer protocol and operates on the TCP/IP stack, which means that it inherits all associated IP vulnerabilities. It has, therefore, possibility that SIP systems can be damaged by Flooding-based Denial of Service (DoS). Previous mechanisms for detecting a denial of service attack generally check the number of incoming packets and notify a system administrator that the system is under attack if too many messages are incoming. Although being relatively accurate and low-cost, they cannot help relying on decision of security experts, which is labor-intensive and human-mediated. Our research is to develop a defense mechanism which analyzes a flooding attack and takes countermeasures automatically, without being human-involved. It can minimize the amount of damage by reducing the time of analysis and countermeasure by automation.