A novel method for detecting attacks towards the SIP protocol

Author

Callegari, Christian ; Garroppo, Rosario G. ; Giordano, Stefano ; Pagano, Michele ; Russo, Franco

Author_Institution

Dept. of Inf. Eng., Univ. of Pisa, Pisa, Italy

Volume

41

fYear

2009

fDate

13-16 July 2009

Firstpage

268

Lastpage

273

Abstract

In the last few years the number and impact of security attacks over the Internet, and in particular against VoIP, have been continuously increasing. To face this issue, the use of intrusion detection systems (IDSs) has emerged as a key element in network and application security. In this paper we address the problem considering a novel statistical technique for detecting attacks towards the SIP protocol. Our approach is based on the use of Markovian models (namely high order Markov chains) for modelling SIP signalling traffic. In particular our work focuses on detection of three kinds of attacks: VoIP fuzzing, flood based denial of service, and signalling manipulation. The performance results shown in the paper, justify the proposed method and highlight the improvements over commonly used statistical techniques.

Keywords

Internet telephony; security of data; signalling protocols; telecommunication security; Internet; Markovian models; SIP protocol; SIP signalling traffic; VoIP; VoIP fuzzing attack; application security; attack detection; flood based denial of service; high order Markov chains; intrusion detection systems; security attacks; signalling manipulation; Computer bugs; Electronic mail; Explosives; Floods; Information security; Internet; Intrusion detection; Protocols; Telecommunication traffic; Traffic control;

fLanguage

English

Publisher

ieee

Conference_Titel

Performance Evaluation of Computer & Telecommunication Systems, 2009. SPECTS 2009. International Symposium on

Conference_Location

Istanbul

Print_ISBN

978-1-4244-4165-5

Electronic_ISBN

978-1-56555-328-6

Type

conf

Filename

5224115