Title :
Protecting SIP server from CPU-based DoS attacks using history-based IP filtering
Author :
Zhou, Chenfeng Vincent ; Leckie, Christopher ; Ramamohanarao, Kotagiri
Author_Institution :
Dept. of Comput. Sci. & Software Eng., Univ. of Melbourne, Melbourne, VIC, Australia
fDate :
10/1/2009 12:00:00 AM
Abstract :
Voice over IP (VoIP) telephony is vulnerable to a range of attacks, since its operation relies on the underlying IP network. The centralized design of the major VoIP signalling protocols such as the Session Initiation Protocol (SIP) makes the registration server a target for CPU-based denial of service (DoS) attacks. In this paper, we propose a history-based IP filtering layer to defeat these DoS attacks by blocking the SIP packets from previously unseen sources. Our empirical evaluation shows that our approach achieves significant improvement in CPU utilization under DoS attacks.
Keywords :
IP networks; Internet telephony; filtering theory; signalling protocols; telecommunication security; CPU-based DoS attack; IP network; SIP server protection; VoIP signalling protocol; VoIP telephony; denial-of-service attack; history-based IP filtering; session initiation protocol; Authentication; Computer crime; Filtering; IP networks; Internet telephony; Network servers; Protection; Protocols; Signal design; Web server; VoIP, CPU-based DoS attacks.;
Journal_Title :
Communications Letters, IEEE
DOI :
10.1109/LCOMM.2009.090840
