A framework for SIP intrusion detection and response systems

One of the main goals of moving to Next Generation Networks (NGN) is an integrated access to multimedia services like VoIP, and IPTV. The primary signaling protocol in these multimedia services is Session Initiation Protocol (SIP). This protocol, however, is vulnerable against attacks, which may reduce the Quality of Service (QoS), an important feature in NGN services. One of the most frequent attacks is Denial of Service (DoS), which can easily be generated but its detection is not trivial. In this paper, a framework is proposed to detect Denial of Service attacks and other forms of intrusions, then generate responses accordingly. Our proposed detection engine combines the specification- and anomaly-based intrusion detection techniques. The experimental results demonstrates that the proposed approach can successfully be employed to detect intruders and limit their access. Detection rates and false alarms are reported based on prepared labeled dataset from the actual test-bed.