VoIP-aware network attack detection based on statistics and behavior of SIP traffic

Jonghan Lee; Kyumin Cho; Chang Yong Lee; Seungjoo Kim

doi:10.1007/s12083-014-0289-8

VoIP-aware network attack detection based on statistics and behavior of SIP traffic

Jonghan Lee, Kyumin Cho, Chang Yong Lee, Seungjoo Kim

School of Cybersecurity

Research output: Contribution to journal › Article › peer-review

12 Citations (Scopus)

Abstract

VoIP is one of the most popular Internet services. However, VoIP service is vulnerable to several potential security threats. Moreover, existing IP-based security solutions are unable to inspect call setup information. In this paper, we propose a VoIP-aware attack-detection scheme. The proposed scheme is able to detect VoIP network attacks including VoIP DoS and SPAM. It can detect VoIP DoS attacks with low false negatives using a statistics-based detection algorithm and can recognize SPAM with low false positives using a caller behavior-based detection algorithm. We have included experimental results to confirm the proposed scheme.

Original language	English
Pages (from-to)	872-880
Number of pages	9
Journal	Peer-to-Peer Networking and Applications
Volume	8
Issue number	5
DOIs	https://doi.org/10.1007/s12083-014-0289-8
Publication status	Published - 2015 Sept 7

Keywords

Attack detection
Behavior-based detection
SIP
SPAM
Statistic-based detection
VoIP
VoIP DoS

ASJC Scopus subject areas

Software
Computer Networks and Communications

Access to Document

10.1007/s12083-014-0289-8

Cite this

@article{82820a0e688b4b27b329429abc486775,

title = "VoIP-aware network attack detection based on statistics and behavior of SIP traffic",

abstract = "VoIP is one of the most popular Internet services. However, VoIP service is vulnerable to several potential security threats. Moreover, existing IP-based security solutions are unable to inspect call setup information. In this paper, we propose a VoIP-aware attack-detection scheme. The proposed scheme is able to detect VoIP network attacks including VoIP DoS and SPAM. It can detect VoIP DoS attacks with low false negatives using a statistics-based detection algorithm and can recognize SPAM with low false positives using a caller behavior-based detection algorithm. We have included experimental results to confirm the proposed scheme.",

keywords = "Attack detection, Behavior-based detection, SIP, SPAM, Statistic-based detection, VoIP, VoIP DoS",

author = "Jonghan Lee and Kyumin Cho and Lee, {Chang Yong} and Seungjoo Kim",

note = "Funding Information: Supported by a Korea University Grant and MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2014-H0301-14-1004) supervised by the NIPA (National IT Industry Promotion Agency). Publisher Copyright: {\textcopyright} 2014, The Author(s).",

year = "2015",

month = sep,

day = "7",

doi = "10.1007/s12083-014-0289-8",

language = "English",

volume = "8",

pages = "872--880",

journal = "Peer-to-Peer Networking and Applications",

issn = "1936-6442",

publisher = "Springer New York",

number = "5",

}

TY - JOUR

T1 - VoIP-aware network attack detection based on statistics and behavior of SIP traffic

AU - Lee, Jonghan

AU - Cho, Kyumin

AU - Lee, Chang Yong

AU - Kim, Seungjoo

N1 - Funding Information: Supported by a Korea University Grant and MSIP (Ministry of Science, ICT and Future Planning), Korea, under the ITRC (Information Technology Research Center) support program (NIPA-2014-H0301-14-1004) supervised by the NIPA (National IT Industry Promotion Agency). Publisher Copyright: © 2014, The Author(s).

PY - 2015/9/7

Y1 - 2015/9/7

N2 - VoIP is one of the most popular Internet services. However, VoIP service is vulnerable to several potential security threats. Moreover, existing IP-based security solutions are unable to inspect call setup information. In this paper, we propose a VoIP-aware attack-detection scheme. The proposed scheme is able to detect VoIP network attacks including VoIP DoS and SPAM. It can detect VoIP DoS attacks with low false negatives using a statistics-based detection algorithm and can recognize SPAM with low false positives using a caller behavior-based detection algorithm. We have included experimental results to confirm the proposed scheme.

AB - VoIP is one of the most popular Internet services. However, VoIP service is vulnerable to several potential security threats. Moreover, existing IP-based security solutions are unable to inspect call setup information. In this paper, we propose a VoIP-aware attack-detection scheme. The proposed scheme is able to detect VoIP network attacks including VoIP DoS and SPAM. It can detect VoIP DoS attacks with low false negatives using a statistics-based detection algorithm and can recognize SPAM with low false positives using a caller behavior-based detection algorithm. We have included experimental results to confirm the proposed scheme.

KW - Attack detection

KW - Behavior-based detection

KW - SIP

KW - SPAM

KW - Statistic-based detection

KW - VoIP

KW - VoIP DoS

UR - http://www.scopus.com/inward/record.url?scp=84938751624&partnerID=8YFLogxK

U2 - 10.1007/s12083-014-0289-8

DO - 10.1007/s12083-014-0289-8

M3 - Article

AN - SCOPUS:84938751624

SN - 1936-6442

VL - 8

SP - 872

EP - 880

JO - Peer-to-Peer Networking and Applications

JF - Peer-to-Peer Networking and Applications

IS - 5

ER -

VoIP-aware network attack detection based on statistics and behavior of SIP traffic

Abstract

Keywords

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this