Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. (1391). Detecting Denial of Service Message Flooding Attacks in SIP based Services. نشریه مهندسی عمران امیرکبیر, 44(1), 75-85. doi: 10.22060/eej.2012.44
Zoha Asgharian; Hassan Asgharian; Ahmad Akbari; Bijan Raahemi. "Detecting Denial of Service Message Flooding Attacks in SIP based Services". نشریه مهندسی عمران امیرکبیر, 44, 1, 1391, 75-85. doi: 10.22060/eej.2012.44
Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. (1391). 'Detecting Denial of Service Message Flooding Attacks in SIP based Services', نشریه مهندسی عمران امیرکبیر, 44(1), pp. 75-85. doi: 10.22060/eej.2012.44
Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. Detecting Denial of Service Message Flooding Attacks in SIP based Services. نشریه مهندسی عمران امیرکبیر, 1391; 44(1): 75-85. doi: 10.22060/eej.2012.44

Detecting Denial of Service Message Flooding Attacks in SIP based Services

AUT Journal of Electrical Engineering
مقاله 7، دوره 44، شماره 1، 2012، صفحه 75-85    اصل مقاله (719.13 K)
نوع مقاله: Research Article
شناسه دیجیتال (DOI): 10.22060/eej.2012.44
نویسندگان
Zoha Asgharian1؛ Hassan Asgharian* 2؛ Ahmad Akbari3؛ Bijan Raahemi4
1Zoha Asgharian graduated from computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: z_asgharian@comp.iust.ac.ir)
2Corresponding Author, Hassan Asgharian is PhD student in computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: asgharian@iust.ac.ir)
3Ahmad Akbari is an associate professor in the computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: Akbari@iust.ac.ir)
4Bijan Raahemi is with University of Ottawa, Canada (email: raahemi@iust.ac.ir)
چکیده
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target ‎directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined ‎anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine ‎concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP ‎based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection ‎system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more ‎comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and ‎anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final ‎extracted results to select the working point of our system (set related thresholds). ‎
 
کلیدواژه‌ها
Denial of Service؛ Session Initiation Protocol؛ Flooding Attacks؛ State Machine؛ Intrusion Detection System
مراجع
آمار
تعداد مشاهده مقاله: 5,127
تعداد دریافت فایل اصل مقاله: 2,948
پیوندهای مفید
آمار
تعداد نشریات9
تعداد شماره‌ها455
تعداد مقالات5,771
تعداد مشاهده مقاله8,374,551
تعداد دریافت فایل اصل مقاله6,932,648