Detecting VoIP-specific Denial-of-Service using change-point method

As voice over IP (VoIP) technology becomes more widely deployed due to its economical advantage over traditional PSTN service, an increasing number of security issues emerged targeting VoIP-specific vulnerabilities. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet service. In this paper we proposed a change-point detection method to prevent denial-of-service attacks on VoIP systems based on session initiation protocol (SIP) protocol behavior analysis. We develop efficient adaptive sequential change-point method to detect attacks which lead to changes in network traffic. The change-point detection method employs a statistical analysis of data to detect very subtle traffic changes which from SIP protocol behavior. The method is computationally simple and can be implemented online. Our experimental result shows that the method achieves a very small delay, high rate and low false alarm rate of VoIP-specific DoS detection.