A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department.

Slides:



Advertisements
Similar presentations
Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Advertisements

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Lecture 1: Overview modified from slides of Lawrie Brown.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
Research of the IP-Telephony for the Czech Armed Forces Zburníková Lucie Lt. Bc. Zburníková Lucie.
Rajeev Bevara CS-555 Security Threats in VoIP. What is VoIP ? ➔ VOIP - Voice Over Internet Protocol. ➔ Delivery of voice communications and multimedia.
Network Infrastructure Security. LAN Security Local area networks facilitate the storage and retrieval of programs and data used by a group of people.
Design and Implementation of SIP-aware DDoS Attack Detection System.
Voice & Data Convergence Network Services January 11, 2001.
Mark W. Propst Scientific Research Corporation.  Attack Motivations  Vulnerability Classification  Traffic Pattern Analysis  Testing Barriers  Concluding.
Intrusion and Anomaly Detection in Network Traffic Streams: Checking and Machine Learning Approaches ONR MURI area: High Confidence Real-Time Misuse and.
Chirag N. Modi and Prof. Dhiren R. Patel NIT Surat, India Ph. D Colloquium, CSI-2011 Signature Apriori based Network.
A Statistical Anomaly Detection Technique based on Three Different Network Features Yuji Waizumi Tohoku Univ.
A Vehicular Ad Hoc Networks Intrusion Detection System Based on BUSNet.
VoIP security : Not an Afterthought. OVERVIEW What is VoIP? Difference between PSTN and VoIP. Why VoIP? VoIP Security threats Security concerns Design.
Towards a Scalable and Secure VoIP Infrastructure Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David.
Cryptography and Network Security
Intrusion Detection System for Wireless Sensor Networks: Design, Implementation and Evaluation Dr. Huirong Fu.
“Securing IP Multimedia Subsystem (IMS) infrastructures …,” M. Tsagkaropoulos UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless.
INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION INTRUSION DETECTION.
Protecting VoIP networks against denial of service and service theft Henning Schulzrinne with Gaston Ormazabal (Verizon) and IRT graduate students Dept.
4 Intrusion Detection Systems in VoIP Selected Topics in Information Security – Bazara Barry.
VoIP Security Assessment: Methods and Tools H. Abdelnur, V. Cridlig, R. State and O. Festor Madynes, LORIA-INRIA.
1 A high grade secure VoIP using the TEA Encryption Algorithm By Ashraf D. Elbayoumy 2005 International Symposium on Advanced Radio Technologies Boulder,
A Hybrid, Stateful, and Cross- Protocol Intrusion Detection System for Converged Applications Department of Electrical Engineering University of Cape Town.
OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Software Security Testing Vinay Srinivasan cell:
UNIVERSITY OF PATRAS Department of Electrical & Computer Engineering Wireless Telecommunications Laboratory M. Tsagkaropoulos “Securing.
VoIP Security in Service Provider Environment Bogdan Materna Chief Technology Officer Yariba Systems.
OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.
Hemant Sengar, George Mason University
Chapter 4 Application Level Security in Cellular Networks.
Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering.
Chapter 1 Overview The NIST Computer Security Handbook defines the term Computer Security as:
IEEE Communications Surveys & Tutorials 1st Quarter 2008.
Firewalls  Firewall sits between the corporate network and the Internet Prevents unauthorized access from the InternetPrevents unauthorized access from.
. 1. Computer Security Concepts 2. The OSI Security Architecture 3. Security Attacks 4. Security Services 5. Security Mechanisms 6. A Model for Network.
Deployment of Snort IDS in SIP based VoIP environments Jiří Markl Jaroslav Dočkal.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 1 “Overview”. © 2016 Pearson.
Topic 1 – Introduction Huiqun Yu Information Security Principles & Applications.
Cryptography and Network Security Sixth Edition by William Stallings.
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Intrusion Detection Systems Paper written detailing importance of audit data in detecting misuse + user behavior 1984-SRI int’l develop method of.
Connected Security Your best defense against advanced threats Anne Aarness – Intel Security.
Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.
High Performance Research Network Dept. / Supercomputing Center 1 DDoS Detection and Response System NetWRAP : Running on KREONET Yoonjoo Kwon
The Utilization of Artificial Intelligence in a Hybrid Intrusion Detection System Authors : Martin Botha, Rossouw von Solms, Kent Perry, Edwin Loubser.
1. ABSTRACT Information access through Internet provides intruders various ways of attacking a computer system. Establishment of a safe and strong network.
Cyber Security in Smart Grids BY ADITYA KANDULA DEVASIA THOMAS.
A Listener Among the Static: Christian Prescott Gabriel Fair Security and Voice over IP.
Snort – IDS / IPS.
The study and demonstration on SIP security vulnerabilities
Intrusion Detection system
Presentation transcript:

A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department of Electrical Engineering University of Cape Town Bazara Barry and H. Anthony Chan

Contents Introduction Threat model Research Approach Comparison with related works. System Design Implementation and Experiment Attacks and Performance Evaluation Questions and Comments

Intrusion Detection Systems An intrusion attempt is the potential possibility of a deliberate unauthorized attempt to: 1. Access information, 2. Manipulate information, or 3. Render a system unreliable or unusable.

Intrusion Detection Systems Three main detection approaches: 1.Signature-based (detects known attacks but ineffective against previously unseen ones). 2.Anomaly-based (detects unknown attacks with a high false alarm rate). 3.Specification-based (detects any deviation from system specifications but ineffective against DoS and network probing attacks).

Intrusion Detection Systems Desirable features: 1.Protocol-syntax and Protocol-semantics anomaly detection. 2.Stateful detection 3.Cross-protocol and cross-layer detection.

VoIP Voice over IP (VoIP) is emerging as a standard that benefits from convergence and replaces older PSTN systems. VoIP networks and applications are less expensive than two separate telecommunications infrastructures.

VoIP Security Challenges Sharing the same physical infrastructure with data networks makes convergence inherit all the security weaknesses of IP protocol. VoIP distributes applications and services throughout the network. Standard VoIP protocols do not provide adequate or standardized call party authentication or end-to-end call confidentiality and integrity.

Threat Model SIP is susceptible to Denial of Service, Eavesdropping, Tearing down sessions, Session Hijacking. RTP is susceptible to voice injection and flooding. Protocols at lower layers such as IP and TCP are vulnerable to spoofing and Denial of Service.

Research Approach Hybrid intrusion detection that combines Signature-based and Specification-based approaches. Cross-protocol and Stateful detection. Syntax and Semantics-awareness for the monitored protocols.

Comparison With Related Work StatefulCross- protocol Signature- based Semantics anomaly detection Syntax anomaly detection STAT[4] NetSTAT[5] WebSTAT [6] SCIDIVE[7] vIDS[8] Our proposed IDS

State Transition Analysis

Extended Finite State Machines

System Design

Implementation & Simulation OMNeT++ Simulator with MMSim module are used to implement the design and attacks. The simulator is used to generate background traffic and attacks are injected in the traffic randomly. Attacks are chosen to be diverse and with various targets.

Network Topology

Attack NameProtocols InvolvedEffect BYE AttackSIP, RTPSession Tear down Re-INVITESIP,RTPSession Hijacking CANCELSIPDenial of Service Malformed MessagesAll ProtocolsDenial of Service REGISTER FloodingSIPDenial of Service Voice InjectionRTPPlaying Artificial Stream UDP StormUDPDenial of Service LANDIP, TCPDenial of Service BlatIP, TCPDenial of Service SmurfICMPDenial of Service Stealthy ProbingTCPIdentifying OS Ping of DeathICMPDenial of Service NeptuneTCPDenial of Service TeardropIPDenial of Service TCP SessionIP, TCPSession Hijacking

Performance Evaluation End-to-end delay. Call setup delay. Processing delay. Packet loss. Memory usage

Performance Evaluation

Publications Bazara Barry and H. Anthony Chan, "Intrusion Detection Systems: Classifications, Implementation Approaches, Testing Methods, and Evaluation Techniques," Book chapter in Handbook on Communications and Information Security, edited by Peter Stavroulakis, to be published by Springer in Bazara Barry and H. Anthony Chan, “A Signature Database for Intrusion Detection Systems Targeting Voice over Internet Protocol,” Accepted to Appear In Proceedings of the 2008 IEEE Military Communications Conference (MILCOM’08), San Diego, CA, November Bazara Barry and H. Anthony Chan, “On the Performance of A Hybrid Intrusion Detection Architecture for Voice over IP Systems,” In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm’08), Istanbul, Turkey, September Bazara Barry and H. Anthony Chan, “A Hybrid, Stateful, and Cross-protocol Intrusion Detection System for Converged Applications,” Springer LNCS, vol. 4804, OTM 2007, Part II, pp , November Bazara Barry and H. Anthony Chan, "A Cross-protocol approach to detect TCP Hijacking attacks," In Proceedings of 2007 IEEE International Conference on Signal Processing and Communications (ICSPC07), Dubai, United Arab Emirates (UAE), November Bazara Barry and H. Anthony Chan, “Towards Intelligent Cross-Protocol Intrusion Detection in the Next Generation Networks Based on Protocol Anomaly Detection,” In Proceedings of the 9th International Conference on Advanced Communication Technology (ICACT2007), Phoenix Park, Gangwon-Do, Korea, February 2007.

Questions & Comments

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.