DocumentCode :
3516022
Title :
Overloading vulnerability of VoIP networks
Author :
Sengar, Hemant
Author_Institution :
Technol. Dev. Dept., NuVox Commun., Greenville, SC, USA
fYear :
2009
fDate :
June 29 2009-July 2 2009
Firstpage :
419
Lastpage :
428
Abstract :
Internet is vulnerable to overloading caused by flash crowds and distributed denial-of-service (DDoS) attacks. Recently voice over IP (VoIP), an Internet-based service is experiencing a phenomenal growth. As its deployment spreads, VoIP systems are likely to become attack targets, of which flooding lists high, perhaps due to its simplicity and the abundance of tool support. The DDoS attacks and flash crowds degrade the performance of call processing server to the point where it becomes sluggish and even unresponsive. The network administrator´s dilemma is that how to give a differential treatment to malicious and legitimate call requests that differ in intent, but not in content. In this paper, we show that DDoS attacks and flash crowds, while similar in the message structure and the number of INVITEs they generate, exhibit different traffic patterns and hence making them distinguishable. We also introduce a new entropy-based approach to detect those DDoS attacks that masquerade as flash crowds. Our approach is based on an observation that the creation of malicious sessions has certain effects on entropy of the call durations; hence, a change in the entropy provides an important clue for mimicry attack detection. As an overloading preventive measure, we exploit the SIP protocol´s inbuilt reliability mechanism and exponential backoff timer values to regulate and distinguish legitimates call requests from the spoofed ones.
Keywords :
Internet telephony; authorisation; computer network reliability; entropy; telecommunication traffic; DDoS attack; Internet; VoIP network vulnerability; call processing server; distributed denial-of-service; entropy-based approach; flash crowd; mimicry attack detection; traffic pattern; voice over IP; Computer crime; Entropy; Floods; Internet telephony; Network servers; Personal communication networks; Surges; Terrorism; Web and internet services; Web server;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Dependable Systems & Networks, 2009. DSN '09. IEEE/IFIP International Conference on
Conference_Location :
Lisbon
Print_ISBN :
978-1-4244-4422-9
Electronic_ISBN :
978-1-4244-4421-2
Type :
conf
DOI :
10.1109/DSN.2009.5270310
Filename :
5270310
Link To Document :
بازگشت