Title :
A framework for SIP intrusion detection and response systems
Author :
Asgharian, Zoha ; Asgharian, Hassan ; Akbari, Ahmad ; Raahemi, Bijan
Author_Institution :
Comput. Eng. Dept., Iran Univ. of Sci. & Technol., Tehran, Iran
Abstract :
One of the main goals of moving to Next Generation Networks (NGN) is an integrated access to multimedia services like VoIP, and IPTV. The primary signaling protocol in these multimedia services is Session Initiation Protocol (SIP). This protocol, however, is vulnerable against attacks, which may reduce the Quality of Service (QoS), an important feature in NGN services. One of the most frequent attacks is Denial of Service (DoS), which can easily be generated but its detection is not trivial. In this paper, a framework is proposed to detect Denial of Service attacks and other forms of intrusions, then generate responses accordingly. Our proposed detection engine combines the specification- and anomaly-based intrusion detection techniques. The experimental results demonstrates that the proposed approach can successfully be employed to detect intruders and limit their access. Detection rates and false alarms are reported based on prepared labeled dataset from the actual test-bed.
Keywords :
IPTV; Internet telephony; multimedia communication; next generation networks; quality of service; security of data; signalling protocols; IPTV; QoS; SIP intrusion detection; VoIP; denial of service attacks; multimedia services; next generation networks; quality of service; response systems; session initiation protocol; signaling protocol; Engines; Floods; Intrusion detection; Protocols; Registers; Servers; Denial of Service; Flooding Attacks; Intrusion detection system; Session Initiation Protocol; State Machine;
Conference_Titel :
Computer Networks and Distributed Systems (CNDS), 2011 International Symposium on
Conference_Location :
Tehran
Print_ISBN :
978-1-4244-9153-7
DOI :
10.1109/CNDS.2011.5764552
