Detecting SIP flooding attacks on IP Multimedia Subsystem (IMS)

Author

Chen, Zhiqiang ; Wen, Wushao ; Yu, Da

Author_Institution

Sch. of Software, Sun Yat-Sen Univ., Guangzhou, China

fYear

2012

fDate

Jan. 30 2012-Feb. 2 2012

Firstpage

154

Lastpage

158

Abstract

Multimedia Subsystem (IMS) is an IP-based network architecture. IMS uses IETF-defined protocols, such as SIP, TCP, and UDP etc. to realize next generation mobile service. These protocols have been facing many different kinds of security threats, which make IMS vulnerable. However, the security mechanism defined in IMS only includes limited features such as authentication and encryption. Since methods of attacks to IMS are various, these features are not sufficient. The Session Initiation Protocol (SIP) is used in IMS to establish and manage sessions. It is easy for a hacker to attack IMS with flooding SIP messages. However, IMS does not provide any functions to prevent such kind of attacks. In this paper, we focus on the Denial of Service (DoS) flooding attack using SIP messages in IMS, and provide a detecting approach using the non-parametric cumulative sum (CUSUM) algorithm that can effectively detect such kind of DoS attacks.

Keywords

IP networks; cryptography; multimedia systems; signalling protocols; transport protocols; IETF-defined protocols; IP multimedia subsystem; IP-based network architecture; SIP flooding attack detection; SIP protocols; TCP protocols; UDP protocols; authentication; denial of service flooding attack; encryption; next generation mobile service; nonparametric cumulative sum algorithm; session initiation protocol; Conferences; DoS attack; IMS; SIP; attack detection;

fLanguage

English

Publisher

ieee

Conference_Titel

Computing, Networking and Communications (ICNC), 2012 International Conference on

Conference_Location

Maui, HI

Print_ISBN

978-1-4673-0008-7

Electronic_ISBN

978-1-4673-0723-9

Type

conf

DOI

10.1109/ICCNC.2012.6167401

Filename

6167401