آمار

تعداد نشریات7
تعداد شماره‌ها399
تعداد مقالات5,389
تعداد مشاهده مقاله5,288,167
تعداد دریافت فایل اصل مقاله4,882,893
Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. (1391). Detecting Denial of Service Message Flooding Attacks in SIP based Services. نشریه مهندسی عمران امیرکبیر, 44(1), 75-85. doi: 10.22060/eej.2012.44
Zoha Asgharian; Hassan Asgharian; Ahmad Akbari; Bijan Raahemi. "Detecting Denial of Service Message Flooding Attacks in SIP based Services". نشریه مهندسی عمران امیرکبیر, 44, 1, 1391, 75-85. doi: 10.22060/eej.2012.44
Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. (1391). 'Detecting Denial of Service Message Flooding Attacks in SIP based Services', نشریه مهندسی عمران امیرکبیر, 44(1), pp. 75-85. doi: 10.22060/eej.2012.44
Asgharian, Zoha, Asgharian, Hassan, Akbari, Ahmad, Raahemi, Bijan. Detecting Denial of Service Message Flooding Attacks in SIP based Services. نشریه مهندسی عمران امیرکبیر, 1391; 44(1): 75-85. doi: 10.22060/eej.2012.44

Detecting Denial of Service Message Flooding Attacks in SIP based Services

AUT Journal of Electrical Engineering
مقاله 7، دوره 44، شماره 1، تیر 2012، صفحه 75-85    اصل مقاله (719.13 K)
نوع مقاله: Research Article
شناسه دیجیتال (DOI): 10.22060/eej.2012.44
نویسندگان
Zoha Asgharian1؛ Hassan Asgharian* 2؛ Ahmad Akbari3؛ Bijan Raahemi4
1Zoha Asgharian graduated from computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: z_asgharian@comp.iust.ac.ir)
2Corresponding Author, Hassan Asgharian is PhD student in computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: asgharian@iust.ac.ir)
3Ahmad Akbari is an associate professor in the computer engineering school of Iran University of Science and Technology, Tehran, Iran (email: Akbari@iust.ac.ir)
4Bijan Raahemi is with University of Ottawa, Canada (email: raahemi@iust.ac.ir)
چکیده
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target ‎directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined ‎anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine ‎concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP ‎based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection ‎system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more ‎comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and ‎anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final ‎extracted results to select the working point of our system (set related thresholds). ‎
 
کلیدواژه‌ها
Denial of Service؛ Session Initiation Protocol؛ Flooding Attacks؛ State Machine؛ Intrusion Detection System
عنوان مقاله [English]
Detecting Denial of Service Message Flooding Attacks in SIP based Services
چکیده [English]
Increasing the popularity of SIP based services (VoIP, IPTV, IMS infrastructure) lead to concerns about its ‎security. The main signaling protocol of next generation networks and VoIP systems is Session Initiation Protocol ‎‎(SIP). Inherent vulnerabilities of SIP, misconfiguration of its related components and also its implementation ‎deficiencies cause some security concerns in SIP based infrastructures. New attacks are developed that target ‎directly the underlying SIP protocol in these related SIP setups. To detect such kinds of attacks we combined ‎anomaly-based and specification-based intrusion detection techniques. We took advantages of the SIP state machine ‎concept (according to RFC 3261) in our proposed solution. We also built and configured a real test-bed for SIP ‎based services to generate normal and assumed attack traffics. We validated and evaluated our intrusion detection ‎system with the dump traffic of this real test-bed and we also used another specific available dataset to have a more ‎comprehensive evaluation. The experimental results show that our approach is effective in classifying normal and ‎anomaly traffic in different situations. The Receiver Operating Characteristic (ROC) analysis is applied on final ‎extracted results to select the working point of our system (set related thresholds). ‎
 
کلیدواژه‌ها [English]
Denial of Service, Session Initiation Protocol, Flooding Attacks, State Machine, Intrusion Detection System
مراجع

[1]     J. Rosenberg, H. Schulzrinne, G. Camarillo, A. Johnston, J. Peterson, R. Spark, M. Handley, and E. Schooler. Session Initiation Protocol”, 2002. RFC 3261.

[2]     A. Ahson, M. Ilyas. “SIP Handbook”, Taylor & Francis Group, 2009.

[3]     S. Ehlert, D. Geneiatakis, T. Magedanz. “Survey of network security systems to counter SIP-based denial-of-service attacks”, Elsevier, 2009.

[4]     D. Sisalem, J. Floroiu, J. Kuthan, U. Abend, H. Schulzrinne. “SIP Security”, John Wiley and Sons, 2009.

[5]     C. EY. “Detecting DoS attacks on SIP systems”, 1st IEEE workshop on VoIP management and security, 2006.

[6]     S. Ehlert, C. Wang. T. Magedanz, D. Sisalem. “Specification-based denial-of-service detection for SIP Voice-over-IP networks”, Third international conference on internet monitoring andprotection, 2008.

[7]     W. YS, S. Bagchi, S. Garg, N. Singh, T. Tsai. “SCIDIVE: a stateful andcross protocol intrusion detection architecture for Voice-over-IP environments”, International conference on dependable systems and networks, 2004.

[8]     A. Lahmadi, O. Festor. “SecSip: A Stateful Firewall for SIP-based Networks”, 11th IFIP/IEEE International Symposium on Integrated Network Management, 2009.

[9]     J. Fiedler, T. Kupka, S. Ehlert, T. Magedanz, D. Sisalem. “VoIP Defender: Highly scalable SIP-based security architecture”, Proceeding of International Conferenceon Principles, Systems and Applications of IP Telecommunications, pp. 11–17, 2007.

[10]   H. Zhang, Z. Gu, C. Liu, T. Jie. “Detecting VoIP-specific Denial-of-Service Using Change-Point Method”, 11th International Conference on Advanced Communication Technology, pp. 1059-1064, 2009.

[11]   D. Geneiatakis, N. Vrakas, C. Lambrinoudakis. “Utilizing bloom filters for detecting flooding attacks against SIP based services”, Elsevier Journal of Computers & Security, pp. 578–591, 2009.

[12]   M. Ali Akbar, Z. Tariq, M. Farooq, A Comparative Study of Anomaly Detection Algorithms for Detection of SIP Flooding in IMS”, 2nd International Conference on Internet Multimedia Services Architecture and Applications, pp. 1-6, 2008.

[13]   A. Karim Ganame, J. Bourgeois, R. Bidou, F. Spies, “A Global Security Architecture for Intrusion Detection on Computer Networks”, IEEE International Symposium on Parallel and Distributed Processing, pp. 1-8, 2007.

[14]   R. Sekar et al. “Specification-based anomaly detection: a new approach for detecting network intrusions”, in Proceedings of the 9th ACM conference on Computer and communications security, pp. 265-274, 2002.

[15]   http://sipp.sourceforge.net/

[16]   www.tcpdump.org

[17]   Iran University of Science and Technology, Research Center of Information Technology, Network Research Group, SIP security page: http://nrg.iust.ac.ir/sip-security

[18]   Z. Asgharian, H. Asgharian, A. Akbari, B. Raahemi, "A framework for SIP intrusion detection and response systems," International Symposium on Computer Networks and Distributed Systems, pp.100-105, 2011.

[19]   Z. Asgharian, H. Asgharian, A. Akbari, B. Raahemi, “Detecting Denial of Service Attacks on SIP Based Services and Proposing Solutions.” In Kabiri, P. (Ed.), Privacy, Intrusion Detection and Response: Technologies for Protecting Networks. (pp. 145-167). doi:10.4018/978-1-60960-836-1.ch006

[20]   OPENSIPS, open source SIP proxy, http://www.opensips.org/

[21]   M. Nassar, R. State, O. Festor, "Labeled VoIP data-set for intrusion detection evaluation”, Proceedings of the 16th  EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management, pp. 97-106, 2010.

[22]   M. Nassar, R. State, O. Festor, "Monitoring SIP Traffic Using Support Vector Machines”,  Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, pp. 311-330, 2008.

[23]   S. Ehlert, G. Zhang, D. Geneiatakis, G. Kambourakis, T. Dagiuklas, J. Markl, D. Sisalem, “Two Layer Denial of Service Prevention on SIP VoIP Infrastructures”, Computer Communications, pp. 2443–2456, 2008.

[24]   Angelos D. Keromytis, “Voice over IP Security”, Springer, DOI 10.1007/978-1-4419-9866-8, 2011.

[25]   G. Ormazabal, S. Nagpal, E. Yardeni, H. Schulzrinne, “Secure SIP: A Scalable Prevention Mechanism for DoS ‎Attacks on SIP Based VoIP Systems”, Proceedings of the 2nd International Conference on Principles, Systems and ‎Applications of IP Telecommunications, pp. 107–132, 2008‎.

آمار
تعداد مشاهده مقاله: 4,868
تعداد دریافت فایل اصل مقاله: 2,660


سامانه مدیریت نشریات علمی. طراحی و پیاده سازی از سیناوب