DocumentCode :
568450
Title :
Analysis of SIP-Based Threats Using a VoIP Honeynet System
Author :
Hoffstadt, Dirk ; Marold, Alexander ; Rathgeb, Erwin P.
Author_Institution :
Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Essen, Germany
fYear :
2012
fDate :
25-27 June 2012
Firstpage :
541
Lastpage :
548
Abstract :
Current security issues like service misuse and fraud are well-known problems of SIP-based networks. To design and evolve effective countermeasures, it is important to know how these attacks are launched in reality. For gathering the required data, a specialized SIP Honeynet System has been implemented and operated since December 2009 which has recorded over 47.5 million SIP messages in total. Over time, based on our Honeypot experiences, we developed essential improvements such as global monitoring of whole subnets, clustering of SIP messages or bidirectional SIP message correlation. In this paper, we first describe these system extensions and demonstrate their benefits. Then we provide an analysis of gathered data which goes beyond pure statistical packet analysis. We identify, analyze and correlate the distinct phases of typical multistage attacks and also provide an example of a full attack sequence resulting in attempts to make Toll Fraud calls via a hijacked SIP account.
Keywords :
Internet telephony; computer crime; computer network security; data analysis; message passing; pattern clustering; signalling protocols; statistical analysis; SIP honeynet system; SIP-based networks; SIP-based threats; VoIP honeynet system; bidirectional SIP message correlation; current security issues; data gathering; full attack sequence; hijacked SIP account; multistage attacks; statistical packet analysis; toll fraud calls; Correlation; IP networks; Monitoring; Registers; Security; Servers; Standards; SIP; VoIP; attacks; field test; fraud; honeynet; misuse; security; toll fraud;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
Type :
conf
DOI :
10.1109/TrustCom.2012.90
Filename :
6296018
Link To Document :
بازگشت