Title :
Analysis of SIP-Based Threats Using a VoIP Honeynet System
Author :
Hoffstadt, Dirk ; Marold, Alexander ; Rathgeb, Erwin P.
Author_Institution :
Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Essen, Germany
Abstract :
Current security issues like service misuse and fraud are well-known problems of SIP-based networks. To design and evolve effective countermeasures, it is important to know how these attacks are launched in reality. For gathering the required data, a specialized SIP Honeynet System has been implemented and operated since December 2009 which has recorded over 47.5 million SIP messages in total. Over time, based on our Honeypot experiences, we developed essential improvements such as global monitoring of whole subnets, clustering of SIP messages or bidirectional SIP message correlation. In this paper, we first describe these system extensions and demonstrate their benefits. Then we provide an analysis of gathered data which goes beyond pure statistical packet analysis. We identify, analyze and correlate the distinct phases of typical multistage attacks and also provide an example of a full attack sequence resulting in attempts to make Toll Fraud calls via a hijacked SIP account.
Keywords :
Internet telephony; computer crime; computer network security; data analysis; message passing; pattern clustering; signalling protocols; statistical analysis; SIP honeynet system; SIP-based networks; SIP-based threats; VoIP honeynet system; bidirectional SIP message correlation; current security issues; data gathering; full attack sequence; hijacked SIP account; multistage attacks; statistical packet analysis; toll fraud calls; Correlation; IP networks; Monitoring; Registers; Security; Servers; Standards; SIP; VoIP; attacks; field test; fraud; honeynet; misuse; security; toll fraud;
Conference_Titel :
Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on
Conference_Location :
Liverpool
Print_ISBN :
978-1-4673-2172-3
DOI :
10.1109/TrustCom.2012.90