Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering.

Slides:

Advertisements

Similar presentations

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Advertisements

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.

Skype Connected to a SIP PBX

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

A simulation-based comparative evaluation of transport protocols for SIP Authors: M.Lulling*, J.Vaughan Department of Computer science, University college.

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

CS158B Project By Shing Chau Jerry Ko Ying Li

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.

Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Design and Implementation of SIP-aware DDoS Attack Detection System.

4/11/40 page 1 Department of Computer Engineering, Kasetsart University Introduction to Computer Communications and Networks CONSYL Computer and.

1.  A protocol is a set of rules that governs the communications between computers on a network.  Functions of protocols:  Addressing  Data Packet.

Voice & Data Convergence Network Services January 11, 2001.

COGNITIVE RADIO FOR NEXT-GENERATION WIRELESS NETWORKS: AN APPROACH TO OPPORTUNISTIC CHANNEL SELECTION IN IEEE BASED WIRELESS MESH Dusit Niyato,

Transport Layer Issue in Wireless Ad Hoc and Sensor Network

Towards a Scalable and Secure VoIP Infrastructure Towards a Scalable and Secure VoIP Infrastructure Lab for Advanced Networking Systems Director: David.

Presentation on Osi & TCP/IP MODEL

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 7: Transport Layer Introduction to Networking.

Chapter 1: Introduction to Web Applications. This chapter gives an overview of the Internet, and where the World Wide Web fits in. It then outlines the.

To Build Context-Aware VoIP Support using Session Initiation Protocol By Prasad Vunnam Ritesh Reddy Gunna.

Denial of Service (DoS) Attacks in Green Mobile Ad–hoc Networks Ashok M.Kanthe*, Dina Simunic**and Marijan Djurek*** MIPRO 2012, May 21-25,2012, Opatija,

P2P VoIP Speaker : Ching Chen Chang Date: 2007/09/27.

E Multimedia Communications Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore – , India Multimedia.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

A Comparative Study of Signaling Protocols for Data Management and Synchronization # Department of Computer Engineering, Kocaeli University.

Voice over IP by Rahul varikuti course instructor: Vicky Hsu.

Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.

NATIONAL INSTITUTE OF SCIENCE & TECHNOLOGY VOICE OVER INTERNET PROTOCOL SHREETAM MOHANTY [1] VOICE OVER INTERNET PROTOCOL SHREETAM MOHANTY ROLL # EC

Authentication of Signaling in VoIP Applications Authors: Srinivasan et al. (MIT Campus of Anna University, India) Source: IJNS review paper Reporter:

CINBAD CERN/HP ProCurve Joint Project on Networking 26 May 2009 Ryszard Erazm Jurga - CERN Milosz Marian Hulboj - CERN.

Omar A. Abouabdalla Network Research Group (USM) SIP – Functionality and Structure of the Protocol SIP – Functionality and Structure of the Protocol By.

E Multimedia Communications Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore – , India Multimedia.

What is SIGTRAN?. SIGTRAN Signaling Transport (SIGTRAN) is an Internet Engineering Task Force (IETF) standard for transporting Public-Switched Telephone.

Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.

TCP/IP Model & How it Relates to Browsing the Internet Anonymously BY: HELEN LIN.

Electrical Engineering Department EE-430 IP Telephony Presented by Adeeb Al-Harbi ID#

A Cooperative SIP Infrastructure for Highly Reliable Telecommunication Services BY Sai kamal neeli AVINASH THOTA.

E Multimedia Communications Anandi Giridharan Electrical Communication Engineering, Indian Institute of Science, Bangalore – , India Multimedia.

Selective Packet Inspection to Detect DoS Flooding Using Software Defined Networking Author : Tommy Chin Jr., Xenia Mountrouidou, Xiangyang Li and Kaiqi.

Towards Self-Healing Smart Grid via Intelligent Local Controller Switching under Jamming Hongbo Liu, Yingying Chen Department of ECE Stevens Institute.

Voice Over Internet Protocol (VoIP) Copyright © 2006 Heathkit Company, Inc. All Rights Reserved Presentation 1 – Introduction to VoIP.

Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.

Voice over Internet Protocol Presenter: Devesh Patidar Arunjay Singh August 2, 2009.

“End to End VoIP“ The Challenges of VoIP Access to the Enterprise Charles Rutledge VP Marketing Quintum Technologies

The Internet Technological Background. Topic Objectives At the end of this topic, you should be able to do the following: Able to define the Internet.

Presented by Maria Shah. Road Map  VoIP Benefits  VoIP Protocols  VoIP Analysis  Advantages  Disadvantages  Implementing  Security  Summary.

1Security for Service Providers – Dave Gladwin – Newport Networks – SIP ’04 – 22-Jan-04 Security for Service Providers Protecting Service Infrastructure.

VoIP ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts.

MISY 3312: Introduction to Telecommunications Summer 2012 VoIP

IP Telephony (VoIP).

Introduction to Technology Infrastructure

VOICE AND VIDEO OVER IP VOIP, RTP, RSVP.

The study and demonstration on SIP security vulnerabilities

Introduction to Networking

Introduction to Technology Infrastructure

Net 431: ADVANCED COMPUTER NETWORKS

DDoS Attack Detection under SDN Context

TCP/IP Protocol Suite: Review

Network Architecture for Cyberspace

Topic 12: Virtual Private Networks

Presentation transcript:

Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering Illinois Institute of Technology,IEEE INFOCOM 2012 報告人 : 徐裕量 2013/1/29

Outline Introduction System Model Performance Evaluation Discussion Conclusion

Introduction Compared to the traditional public switched telephone network (PSTN), voice over IP (VoIP) is a much more economic technology. But with the tradeoff of more security concerns due to its open infrastructure mainly based on the session initiation protocol (SIP) and the Internet protocol (IP).

Introduction (cont.) The SIP flooding attack is among the most severe of all because it is easy to launch and capable of quickly draining the resources of both networks and nodes.

System Model VoIP utilizes SIP as the application-layer signaling protocol to establish. At the transport layer, SIP normally favors the user datagram protocol (UDP) over the transmission control protocol (TCP) due to the simplicity of UDP and the connection oriented nature of SIP itself.

System Model (cont.)

1) INVITE Flooding: In this attack, thousands of INVITE messages are generated and transmitted to the victim proxy servers which can barely support all of them. 2) BYE Flooding: Therefore it can be utilized by the attackers to bring down ongoing VoIP phone calls. 3) Multi-Attribute Flooding: Intelligent attackers can launch different forms of SIP flooding attacks together to the victim proxy servers in a distributed manner.

System Model (cont.) 1) Sketch: The sketch data structure is a probabilistic data summarization technique.

System Model (cont.) 2) Hellinger Distance: To compute HD, suppose that we have two histogram distributions on the same sample space, namely, P = (p1,p2, ⋅ ⋅ ⋅,pn) and Q = (q1,q2, ⋅ ⋅ ⋅, qn). The HD between the two distributions is defined as follow

System Model (cont.)

Performance Evaluation In the normal condition, the average call generating rate is uniformly distributed from 25 to 75 per second with a mean of 50. The senders of the messages are chosen from 100,000 users.

Performance Evaluation (cont.)

when K increases, the prevention rate increases accordingly. As K becomes larger than the attacker number 300, we achieve almost 100% accuracy.

Performance Evaluation (cont.)

Discussion Under stealthy attack circumstances, intelligent and patient attackers start with no rush from a low initial rate. This stealthy attack does not cause sudden directly observable changes in traffic.

Discussion (cont.) To effectively detect the stealthy flooding attack, we should quickly identify the deviation from normal traffic brought by the attack. Such thoughts inspire us to resort to wavelet analysis, a signal processing technique which is able to decompose the observed traffic measures into different levels and enable observations on these more detailed levels to identify the deviation.

Conclusion It propose an online VoIP flooding detection and prevention scheme by integrating two techniques, sketch and Hellinger distance. The “estimation freeze mechanism” presented shows its ability to both maintain the information about normal behavior under attack and determine the durations of the flooding attacks.