Presentation is loading. Please wait.

Presentation is loading. Please wait.

Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering.

Published byGeoffrey Cox Modified over 9 years ago

Similar presentations

Presentation on theme: "Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering."— Presentation transcript:

1 Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering Illinois Institute of Technology,IEEE INFOCOM 2012 報告人 : 徐裕量 2013/1/29

2 Outline Introduction System Model Performance Evaluation Discussion Conclusion

3 Introduction Compared to the traditional public switched telephone network (PSTN), voice over IP (VoIP) is a much more economic technology. But with the tradeoff of more security concerns due to its open infrastructure mainly based on the session initiation protocol (SIP) and the Internet protocol (IP).

4 Introduction (cont.) The SIP flooding attack is among the most severe of all because it is easy to launch and capable of quickly draining the resources of both networks and nodes.

5 System Model VoIP utilizes SIP as the application-layer signaling protocol to establish. At the transport layer, SIP normally favors the user datagram protocol (UDP) over the transmission control protocol (TCP) due to the simplicity of UDP and the connection oriented nature of SIP itself.

6 System Model (cont.)

7

8 1) INVITE Flooding: In this attack, thousands of INVITE messages are generated and transmitted to the victim proxy servers which can barely support all of them. 2) BYE Flooding: Therefore it can be utilized by the attackers to bring down ongoing VoIP phone calls. 3) Multi-Attribute Flooding: Intelligent attackers can launch different forms of SIP flooding attacks together to the victim proxy servers in a distributed manner.

9 System Model (cont.) 1) Sketch: The sketch data structure is a probabilistic data summarization technique.

10 System Model (cont.) 2) Hellinger Distance: To compute HD, suppose that we have two histogram distributions on the same sample space, namely, P = (p1,p2, ⋅ ⋅ ⋅,pn) and Q = (q1,q2, ⋅ ⋅ ⋅, qn). The HD between the two distributions is defined as follow

11 System Model (cont.)

12

13

14 Performance Evaluation In the normal condition, the average call generating rate is uniformly distributed from 25 to 75 per second with a mean of 50. The senders of the messages are chosen from 100,000 users.

15 Performance Evaluation (cont.)

16

17

18

19 when K increases, the prevention rate increases accordingly. As K becomes larger than the attacker number 300, we achieve almost 100% accuracy.

20 Performance Evaluation (cont.)

21 Discussion Under stealthy attack circumstances, intelligent and patient attackers start with no rush from a low initial rate. This stealthy attack does not cause sudden directly observable changes in traffic.

22 Discussion (cont.) To effectively detect the stealthy flooding attack, we should quickly identify the deviation from normal traffic brought by the attack. Such thoughts inspire us to resort to wavelet analysis, a signal processing technique which is able to decompose the observed traffic measures into different levels and enable observations on these more detailed levels to identify the deviation.

23 Conclusion It propose an online VoIP flooding detection and prevention scheme by integrating two techniques, sketch and Hellinger distance. The “estimation freeze mechanism” presented shows its ability to both maintain the information about normal behavior under attack and determine the durations of the flooding attacks.

Download ppt "Detection and Prevention of SIP Flooding Attacks in Voice over IP Networks Jin Tang, Yu Cheng and Yong Hao Department of Electrical and Computer Engineering."

Similar presentations

www.dynamicsoft.com Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.

Fall VoN 2000 SIP for IP Communications Jonathan Rosenberg Chief Scientist.
VoIP PRESENTATION BY HÜSEYİN SAVRAN 220702044. OUTLINE PSTN an brief history of telephone.

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.

Data Link Layer B. Konkoth. PDU  Protocol Data Unit  A unit of data which is specified in a protocol of a given layer  Layer 5, 6, 7 – Data  Layer.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.

The study and demonstration on SIP security vulnerabilities Mahidhar Penigi Vamsi Krishna Karnati.
UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.

UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.
Skype Connected to a SIP PBX

Skype Connected to a SIP PBX
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
A simulation-based comparative evaluation of transport protocols for SIP Authors: M.Lulling*, J.Vaughan Department of Computer science, University college.

A simulation-based comparative evaluation of transport protocols for SIP Authors: M.Lulling*, J.Vaughan Department of Computer science, University college.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.

VoIP Voice Transmission Over Data Network. What is VoIP?  A method for Taking analog audio signals Turning audio signals into digital data Digital data.
CS158B Project By Shing Chau Jerry Ko Ying Li

CS158B Project By Shing Chau Jerry Ko Ying Li
UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.

UNCLASSIFIED Secure Indirect Routing and An Autonomous Enterprise Intrusion Defense System Applied to Mobile ad hoc Networks J. Leland Langston, Raytheon.
Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.

Networking and Internetworking Devices Networks and Protocols Prepared by: TGK First Prepared on: Last Modified on: Quality checked by: Copyright 2009.
Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.

Internetworking Fundamentals (Lecture #2) Andres Rengifo Copyright 2008.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,
Design and Implementation of SIP-aware DDoS Attack Detection System.

Design and Implementation of SIP-aware DDoS Attack Detection System.
4/11/40 page 1 Department of Computer Engineering, Kasetsart University 204325 Introduction to Computer Communications and Networks CONSYL Computer and.

4/11/40 page 1 Department of Computer Engineering, Kasetsart University Introduction to Computer Communications and Networks CONSYL Computer and.

Similar presentations

Ads by Google