Title : 
Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic
         
        
            Author : 
Aziz, Ahmedullah ; Hoffstadt, Dirk ; Ganz, Sebastian ; Rathgeb, Erwin
         
        
            Author_Institution : 
Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Essen, Germany
         
        
        
        
        
        
            Abstract : 
Security issues like service misuse and fraud are emerging problems of SIP-based networks. To devise effective countermeasures it is important to know how these attacks are launched in reality. Multi-stage attacks to commit Toll Fraud are already known in principle. We have identified different variations in these attack patterns by analyzing over 25 GByte of SIP attack traffic collected in our SIP Honeynet over a period of three years i.e., from December 2009 to November 2012. Based on this analysis, we have developed a Generic Attack Replay tool (GART) which allows replaying samples of the major attack variants in arbitrary network setups. This tool can be used for evaluation of detection and mitigation components where realistic and reproducible attack traffic is needed. The tool described here and the sample database will be made available to interested groups.
         
        
            Keywords : 
Internet telephony; computer network security; signalling protocols; telecommunication traffic; GART; SIP Honeynet; SIP attack traffic; SIP-based networks; arbitrary network setups; fraud; generic VoIP attack sequences; generic attack replay tool; multistage attacks; real attack traffic analysis; reproducible attack traffic; security issues; service misuse; toll fraud; voice-over-IP communication; Databases; IP networks; Monitoring; Registers; Security; Servers; Standards; Honeynet; SIP; STR; VoIP; analyze; attack patterns; evaluation; fraud; misuse; security;
         
        
        
        
            Conference_Titel : 
Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
         
        
            Conference_Location : 
Melbourne, VIC
         
        
        
            DOI : 
10.1109/TrustCom.2013.82