DOI QR코드

DOI QR Code

Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages

  • Ryu, Jea-Tek (Graduate School of Information and Communication, Ajou University) ;
  • Roh, Byeong-Hee (Graduate School of Information and Communication, Ajou University) ;
  • Ryu, Ki-Yeol (Graduate School of Information and Communication, Ajou University)
  • Published : 2009.10.30

Abstract

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.

Keywords

References

  1. J. Rosenberg, H. Schulzrinne, G. Cvamarillo, A. Johnston, J. Peterson, R. Spark, M. Handley, and E. Schooler, “SIP : Session Initiation Protocol,” RFC 3261, June 2002.
  2. D. Sisalem, J. Kuthan, and S. Ehlert, “Denial of Service Attacks Targeting a SIP VoIP Infrastructure: Attack Scenarios and Prevention Mechanisms,” IEEE Network, Vol.20, No.5, pp.26-31, Sept./Oct. 2006.
  3. D. Sisalem, J. Floroiu, J. Kuthan, U. Abend, and H. Schulzrinne, “SIP Security,” John Wiley & Sons Ltd., 2009.
  4. A. Bremler-Barr and R. Halachmi-Bekel, “Unregister attacks in SIP,” IEEE 2nd Workshop on Secure Network Protocols 2006, Santa Barbara, CA., Nov. 2006.
  5. F. Wang and Y. Zhang, “A New Provably Secure Authentication and Key Agreement Mechanism for SIP Using Certificateless Pubilic-Key Cryptography,” IEEE ICCIS'2007, Dec. 2007.
  6. D. Geneiatakis and C. Lambrinoudakis, “A lightweight protection mechanism against signaling attacks in a SIP-based VoIP environment,” Telecommunication System, Vol.36, No.4, pp.1018-4864, Dec. 2007.
  7. Y. Rebahi, M. Sher, and T. Magedanz, “Detecting Flooding Attack against IP Multimedia Subsystem (IMS) Network,” IEEE AICCSA'2008, April 2008.
  8. H. Sengar, H. Wang, D. Wijesekera, and S. Jajodia, “Detecting VoIP Floods Using the Hellinger Distance,” IEEE Trans. Parallel and Distributed Systems, Vol. 19, No. 6, pp.794-805, June 2008. https://doi.org/10.1109/TPDS.2007.70786
  9. V. Siris and F. Papagalou, “Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks,” Computer Communications, Vol. 29, No. 9, pp. 1433-1442, May 2006. https://doi.org/10.1016/j.comcom.2005.09.008
  10. M. A. Akbar, Z. Tariq, and M. Farooq, “A comparative study of anomaly detection algorithms for detection of SIP flooding in IMS,” IEEE IMSAA'2008, Dec. 2008.
  11. Y. Ding and G. Su, “Intrusion Detection System for Signal Based SIP Attacks Through Timed HCPN,” IEEE ARES'07, Apr. 2007.
  12. S. Kim and B. Roh, “Fast Detection of Distributed Global Scale Network Attack Symptoms and Patterns in High-speed Backbone Networks,” KSII Tr. Internet and Information Systems, Vol.2, No.3, pp.135-149, Jun. 2008. https://doi.org/10.3837/tiis.2008.03.001
  13. H. Sinnreich and A. B. Johnston, “Internet Communications Using SIPs: Delivering VoIP and Multimedia Services with Session Initiation Protocol,” 2nd Ed., Wiley Publishing, Inc., 2006.

Cited by

  1. A secure and efficient SIP authentication scheme for converged VoIP networks vol.33, pp.14, 2009, https://doi.org/10.1016/j.comcom.2010.03.026
  2. 블룸필터를 사용한 화이트리스트 기반의 SIP 서버스 거부 공격 대응 기법 vol.36, pp.b11, 2009, https://doi.org/10.7840/kics.2011.36b.11.1297