TY - GEN
T1 - Detecting more SIP attacks on VoIP services by combining rule matching and state transition models
AU - Seo, Dongwon
AU - Lee, Heejo
AU - Nuwere, Ejovi
N1 - Copyright:
Copyright 2019 Elsevier B.V., All rights reserved.
PY - 2008
Y1 - 2008
N2 - The Session Initiation Protocol (SIP) has been used widely for Voice over IP (VoIP) service because of its potential advantages, economical efficiency and call setup simplicity. However, SIP-based VoIP service basically has two main security issues, malformed SIP message attack and SIP flooding attack. In this paper, we propose a novel mechanism for SIP-based VoIP system utilizing rule matching algorithm and state transition models. It detects not only two main attacks, but also covers more SIP attacks. Instead of simply combining rule comparison and counting number of SIP messages, we develop secure RFC 3261 rules based on existing RFC 3261 rules, so that proposed mechanism shows 26% higher detection rate for malformed attack. Moreover, we utilize session information and define the features of each state in order to detect abnormal situations including SIP flooding. As the result, it is shown that the proposed mechanism provides not only higher accuracy, but also covering more SIP attacks including two main attacks.
AB - The Session Initiation Protocol (SIP) has been used widely for Voice over IP (VoIP) service because of its potential advantages, economical efficiency and call setup simplicity. However, SIP-based VoIP service basically has two main security issues, malformed SIP message attack and SIP flooding attack. In this paper, we propose a novel mechanism for SIP-based VoIP system utilizing rule matching algorithm and state transition models. It detects not only two main attacks, but also covers more SIP attacks. Instead of simply combining rule comparison and counting number of SIP messages, we develop secure RFC 3261 rules based on existing RFC 3261 rules, so that proposed mechanism shows 26% higher detection rate for malformed attack. Moreover, we utilize session information and define the features of each state in order to detect abnormal situations including SIP flooding. As the result, it is shown that the proposed mechanism provides not only higher accuracy, but also covering more SIP attacks including two main attacks.
UR - http://www.scopus.com/inward/record.url?scp=48249136517&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=48249136517&partnerID=8YFLogxK
U2 - 10.1007/978-0-387-09699-5_26
DO - 10.1007/978-0-387-09699-5_26
M3 - Conference contribution
AN - SCOPUS:48249136517
SN - 9780387096988
T3 - IFIP International Federation for Information Processing
SP - 397
EP - 411
BT - Proceedings of The Ifip Tc 11 23rd International Information Security Conference
PB - Springer New York
ER -