Browse > Article

A SIP INVITE Flooding Detection algorithm Considering Upperbound of Possible Number of SIP Messages  

Ryu, Jea-Tek (아주대학교 정보통신전문대학원 정보통신공학과)
Ryu, Ki-Yeol (아주대학교 정보통신전문대학원 정보통신공학과)
Roh, Byeong-Hee (아주대학교 정보통신전문대학원 정보통신공학과)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.34, no.8B, 2009 , pp. 797-804 More about this Journal
Abstract
Recently, SIP(Session Initiation Protocol) is used to set up and manage sessions for multimedia applications such as VoIP(Voice over IP) and IMS(IP Multimedia Subsystem). However, because SIP operates over the Internet, it is exposed to pre-existed internet security threats such as service degradation or service disruptions. Multimedia applications which are delay sensitive even suffers more from the threats mentioned above. The proposed methods so far to detect SIP INVITE flooding are CUSUM(Cumulative Sum), Hellinger distance and adaptive threshold, but among methods only take normal state into consideration. So, it is not capable of adapting the condition of the network congestion which are dynamically changing. In this paper, SIP INVITE flooding detection algorithm considering network congestion which enables efficient detections of such attacks is proposed. The proposed algorithm is expected to detect other types of attacks such as BYE and CANCEL more precisely compared to other methods.
Keywords
SIP INVITE flooding; Flooding detection; SIP security; SIP threat;
Citations & Related Records
연도 인용수 순위
  • Reference
1 Yacine Rebahi et al., 'Detecting Flooding Attack against IP Multimedia Subsystem(IMS) Network', AICCSA April 2008.   DOI
2 Akbar, M.A.; Tariq, Z.; Farooq, M. 'A comparative study of anomaly detection algorithms for detection of SIP flooding in IMS', IMSAA 2008, 10-12 Dec. 2008
3 Hemant Sengar et al., 'Detecting VoIP Floods Using the Hellinger Distance', IEEE Transaction on Parallel and Distributed Systems, vol. 19, no. 6, June 2008.   DOI   ScienceOn
4 A. Bremler-Barr, R. Halachmi-Bekel, 'Unregister attacks in SIP', NPSEC 2006, Nov. 2006.
5 V. Siris and F. Papagalou, "Application of Anomaly Detection Algorithms for Detecting SYN Flooding Attacks," Computer Communications, vol. 29, no. 9, pp. 1433-1442, 2006.   DOI   ScienceOn
6 Geneiatakis, D et al., 'A lightweight protection mechanism against signaling attacks in a SIPbased VoIP environment', Telecommunication system 1018-4864, Dec. 2007.   DOI   ScienceOn
7 Fengjiao Wang et al., 'A New Provably Secure Authentication and Key Agreement Mechnism for SIP Using Certificateless Pubilic-Key Cryptography', ICCIS 2007 Dec. 2007.   DOI
8 J.Rosenberg et al 'SIP : Session Initiation Protocol', RFC 3261, June 2002. system 1018- 4864, Dec. 2007.