ABSTRACT
In the dynamic landscape of Internet communication, systems employing the Session Initiation Protocol (SIP) for Voice over Internet Protocol (VoIP) are increasingly vulnerable to Denial of Service (DoS) attacks. Traditional detection methods fall short in accuracy and real-time response. The present study unveils a novel detection model for SIP-DoS attacks, incorporating traffic balance and fluctuation analysis to augment both precision and timeliness. Experimental results confirm the model's efficacy, marking a significant advancement in SIP-DoS attack detection and setting the stage for future research and applications.
- CSRIC VII, Working Group 6. 2021. CSRIC VII Report on SIP Security Challenges and Mitigation. Accessed May 12, 2023. https://www.fcc.gov/file/20609/download.Google Scholar
- Mirkovic, J., and Reiher, P. 2004. A Taxonomy of DDoS Attack and DDoS Defense Mechanisms. ACM SIGCOMM Computer Communication Review 34, 2 (2004), 39-53. https://doi.org/10.1145/997150.997156Google ScholarDigital Library
- Roesch, M. 1999. Snort: Lightweight Intrusion Detection for Networks. In Proceedings of Lisa '99. 229-238.Google Scholar
- Niccolini, S., Garroppo, R.G., Giordano, S., 2006. SIP Intrusion Detection and Prevention: Recommendations and Prototype Implementation. In Proceedings of the 1st IEEE Workshop on VoIP Management and Security. IEEE, 47-52. https://doi.org/10.1109/VOIPMS.2006.1638122Google ScholarCross Ref
- Chen, W.E., Lin, Y.B., and Pang, A.C. 2005. An IPv4-IPv6 Translation Mechanism for SIP Overlay Network in UMTS all-IP Environment. IEEE Journal on Selected Areas in Communications 23, 11 (2005), 2152-2160. https://doi.org/10.1109/JSAC.2005.856836Google ScholarDigital Library
- Ehlert, S., Zhang, G., and Magedanz, T. 2008. Increasing SIP Firewall Performance by Ruleset Size Limitation. In Proceedings of the 2008 IEEE 19th International Symposium on Personal, Indoor and Mobile Radio Communications. IEEE, 1-6. https://doi.org/10.1109/PIMRC.2008.4699868Google ScholarCross Ref
- Nassar, M.E.B., State, R., and Festor, O. 2006. Intrusion Detection Mechanisms for VoIP Applications. arXiv preprint cs/0610109.Google Scholar
- Sengar, H., Wang, H., Wijesekera, D., 2006. Fast Detection of Denial-of-Service Attacks on IP Telephony. In Proceedings of the 200614th IEEE International Workshop on Quality of Service. IEEE, 199-208. https://doi.org/10.1109/IWQOS.2006.250469Google ScholarCross Ref
- Gil, T.M., and Poletto, M. 2001. MULTOPS: A Data-Structure for Bandwidth Attack Detection. In Proceedings of the USENIX Security Symposium. 23-38.Google Scholar
- FengXiang, Z., and Shunji, A.B.E. 2006. A DoS/DDoS Attacks Detection Scheme Based on In/Out Traffic Proportion. Information and Communication Engineers 105, (2006), 7-11.Google Scholar
- Nassar, M., State, R., and Festor, O. 2010. Labeled VoIP Data-set for Intrusion Detection Evaluation. In Networked Services and Applications-Engineering, Control and Management: 16th EUNICE/IFIP WG 6.6 Workshop, EUNICE 2010, Trondheim, Norway, June 28-30, 2010. Springer Berlin Heidelberg, 97-106. https://doi.org/10.1007/978-3-642-13971-0_10Google ScholarCross Ref
- Verma, Vishal and Kumar, Vasudha, DOS/DDOS Attack Detection using Machine Learning: A Review (April 24, 2021). Proceedings of the International Conference on Innovative Computing & Communication (ICICC) 2021, Available at SSRN: https://ssrn.com/abstract=3833289 or http://dx.doi.org/10.2139/ssrn.3833289Google ScholarCross Ref
- O. Ali and P. Cotae, "Towards DoS/DDoS Attack Detection Using Artificial Neural Networks," 2018 9th IEEE Annual Ubiquitous Computing, Electronics & Mobile Communication Conference (UEMCON), New York, NY, USA, 2018, pp. 229-234, doi: 10.1109/UEMCON.2018.8796637.Google ScholarCross Ref
- Bouyeddou, B., Kadri, B., Harrou, F., and Sun, Y. 2020. DDOS-attacks detection using an efficient measurement-based statistical mechanism. Engineering Science and Technology, an International Journal 23, 4 (2020), 870-878. ISSN 2215-0986. https://doi.org/10.1016/j.jestch.2020.05.002.Google ScholarCross Ref
Recommendations
Detecting TCP SYN Flood Attack Based on Anomaly Detection
NETAPPS '10: Proceedings of the 2010 Second International Conference on Network Applications, Protocols and ServicesTransmission Control Protocol (TCP) Synchronized (SYN) Flood has become a problem to the network management to defend the network server from being attacked by the malicious attackers. The malicious attackers can easily exploit the TCP three-way ...
Web-based monitoring approach for network-based intrusion detection and prevention
There were many reports about incidents of network attacks and security treats. Damages caused by network attacks and malwares can be extremely expensive or unaffordable. In this paper, we present a web-based management system for network-based ...
A real-time and reliable approach to detecting traffic variations at abnormally high and low rates
ATC'06: Proceedings of the Third international conference on Autonomic and Trusted ComputingAbnormal variations of traffic are conventionally considered to occur under the condition that traffic rate is abnormally high in the cases, such as traffic congestions or traffic under distributed denial-of-service (DDOS) flood attacks. Various methods ...
Comments