SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers

Author

Stanek, Jan ; Kencl, L.

Author_Institution

R&D Center for Mobile Applic. (RDC), Czech Tech. Univ. in Prague, Prague, Czech Republic

fYear

2012

fDate

10-15 June 2012

Firstpage

6733

Lastpage

6738

Abstract

As Voice-over-IP becomes a commonly used technology, the need to keep it secure and reliable has grown. Session Initiation Protocol (SIP) is most often used to deploy VoIP and therefore SIP servers, the base components of SIP, are the most obvious targets of potential attacks. It has been demonstrated, that SIP servers are highly prone to DDoS flood attacks, yet no generally accepted defense solution mitigating these attacks is available. We propose a novel defense architecture against SIP DDoS floods, based upon a redirection mechanism and a combination of source and destination traffic filtering, exploiting the combined advantage of all the three techniques. We show that the proposed solution effectively mitigates various types of SIP DDoS flood attacks, discuss its strengths and weaknesses and propose its potential usability for other protocols. We also provide results of performance evaluation of the defense solution deployed in a SIP testbed.

Keywords

Internet telephony; computer network security; network servers; signalling protocols; SIP DDoS flood attack mitigation; SIP protector; SIP servers; SIP testbed; VoIP; defense architecture; redirection mechanism; session initiation protocol; source-destination traffic filtering; voice-over-IP; Computer architecture; Computer crime; Generators; IP networks; Protocols; Registers; Servers;

fLanguage

English

Publisher

ieee

Conference_Titel

Communications (ICC), 2012 IEEE International Conference on

Conference_Location

Ottawa, ON

ISSN

1550-3607

Print_ISBN

978-1-4577-2052-9

Electronic_ISBN

1550-3607

Type

conf

DOI

10.1109/ICC.2012.6364674

Filename

6364674