Muhammad Ali Akbar

Bio: Muhammad Ali Akbar is an academic researcher from National University of Computer and Emerging Sciences. The author has contributed to research in topics: Network packet & Social robot. The author has an hindex of 1, co-authored 2 publications receiving 24 citations.

Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony

Abstract: Security of session initiation protocol (SIP) servers is a serious concern of Voice over Internet (VoIP) vendors. The important contribution of our paper is an accurate and real-time attack classification system that detects: (1) application layer SIP flood attacks that result in denial of service (DoS) and distributed DoS attacks, and (2) Spam over Internet Telephony (SPIT). The major advantage of our framework over existing schemes is that it performs packet-based analysis using a set of spatial and temporal features. As a result, we do not need to transform network packet streams into traffic flows and thus save significant processing and memory overheads associated with the flow-based analysis. We evaluate our framework on a real-world SIP traffic—collected from the SIP server of a VoIP vendor—by injecting a number of application layer anomalies in it. The results of our experiments show that our proposed framework achieves significantly greater detection accuracy compared with existing state-of-the-art flooding and SPIT detection schemes.

Privacy-preserving SVM classification

Abstract: Traditional Data Mining and Knowledge Discovery algorithms assume free access to data, either at a centralized location or in federated form. Increasingly, privacy and security concerns restrict this access, thus derailing data mining projects. What is required is distributed knowledge discovery that is sensitive to this problem. The key is to obtain valid results, while providing guarantees on the nondisclosure of data. Support vector machine classification is one of the most widely used classification methodologies in data mining and machine learning. It is based on solid theoretical foundations and has wide practical application. This paper proposes a privacy-preserving solution for support vector machine (SVM) classification, PP-SVM for short. Our solution constructs the global SVM classification model from data distributed at multiple parties, without disclosing the data of each party to others. Solutions are sketched out for data that is vertically, horizontally, or even arbitrarily partitioned. We quantify the security and efficiency of the proposed method, and highlight future challenges.

Application Layer Denial-of-Service Attacks and Defense Mechanisms: A Survey

Abstract: Application layer Denial-of-Service (DoS) attacks are generated by exploiting vulnerabilities of the protocol implementation or its design. Unlike volumetric DoS attacks, these are stealthy in nature and target a specific application running on the victim. There are several attacks discovered against popular application layer protocols in recent years. In this article, we provide a structured and comprehensive survey of the existing application layer DoS attacks and defense mechanisms. We classify existing attacks and defense mechanisms into different categories, describe their working, and compare them based on relevant parameters. We conclude the article with directions for future research.

A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol SIP

Abstract: Session Initiation Protocol SIP is widely used as a signaling protocol to support voice and video communication in addition to other multimedia applications. However, it is vulnerable to several types of attacks because of its open nature and lack of a clear defense line against the increasing spectrum of security threats. Among these threats, flooding attack, known by its destructive impact, targets both of SIP User Agent Server UAS and User Agent Client UAC, leading to a denial of service in Voice over IP applications. In particular, INVITE message is considered as one of the major root causes of flooding attacks in SIP. This is due to the fact that an attacker may send numerous INVITE requests without waiting for responses from the UAS or the proxy in order to exhaust their respective resources. Most of the devised solutions to cope with the flooding attack are either difficult to deploy in practice or require significant changes in the SIP servers implementation. Apart from these challenges, flooding attacks are much more diverse in nature, which makes the task of defeating them a real challenge. In this survey, we present a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences. We also classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets. Moreover, we conduct a thorough investigation of the main strengths and weaknesses of these solutions and deeply analyze the underlying assumptions of each of them for better understanding of their limitations. Finally, we provide some recommendations for enhancing the effectiveness of the surveyed solutions and address some open challenges. Copyright © 2015 John Wiley & Sons, Ltd.