Proceedings ArticleDOI
A whitelist approach to protect SIP servers from flooding attacks
Eric Y. Chen,Mistutaka Itoh +1 more
- pp 1-6
Reads0
Chats0
TLDR
It is argued that whitelist, as a strategy to defend against flooding attacks, can be more effective on a SIP server than a Web server because most SIP clients tend to have persistent connections with their server, and a whitelist is relatively easy to maintain.Abstract:
As SIP-based VoIP services are expected to slowly replace the traditional PSTN services, SIP servers are becoming potential targets of various attacks, one of which is flooding. In this paper, we argue that whitelist, as a strategy to defend against flooding attacks, can be more effective on a SIP server than a Web server. Since most SIP clients tend to have persistent connections with their server, and a whitelist is relatively easy to maintain. The methodology we propose to build a whitelist is capable of keeping the most comprehensive and up-to-date information about the legitimate SIP clients without any integration with a SIP server. We also study the impact of various attacks on a SIP server, and evaluate the effectiveness of our approach under the most powerful attacks.read more
Citations
More filters
Journal ArticleDOI
Flow whitelisting in SCADA networks
TL;DR: This work proposes an approach to improve the security of SCADA networks based on flow whitelisting, and demonstrates the applicability of the approach using real-world traffic traces, captured in two water treatment plants and a gas and electric utility.
DissertationDOI
Anomaly Detection in SCADA Systems - A Network Based Approach
TL;DR: This work provides the first comprehensive analysis of real-world SCADA traffic, and proposes PeriodAnalyzer, an approach that uses deep packet inspection to automatically identify the different messages and the frequency at which they are issued and can be used to detect data injection and Denial of Service attacks.
Journal ArticleDOI
A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol SIP
TL;DR: This survey presents a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences, and classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets.
Journal ArticleDOI
A whitelist-based countermeasure scheme using a Bloom filter against SIP flooding attacks
TL;DR: A whitelist-based countermeasure scheme is proposed, to protect both normal SIP users and servers from malicious flooding attacks and uses the non-membership ratio as a measure for the attack detection, instead of using the message rate usually used in conventional schemes.
Proceedings ArticleDOI
Coping with denial-of-service attacks on the IP telephony system
Frantz Cadet,Daniel T. Fokum +1 more
TL;DR: This work assesses DoS detection and prevention schemes and simulate a SIP-based flooding attack against a widely used SIP server and proposes a new mitigation scheme, which consists of implementing Snort in inline mode as an Intrusion Protection System (IPS).
References
More filters
Book ChapterDOI
SIP: Session Initiation Protocol
Jonathan Rosenberg,Henning Schulzrinne,G. Camarillo,Alan B. Johnston,J. Peterson,Robert Sparks,Mark Handley,Eve M. Schooler +7 more
TL;DR: Session Initiation Protocol (SIP) as discussed by the authors is an application layer control (signaling) protocol for creating, modifying, and terminating sessions with one or more participants, such as Internet telephone calls, multimedia distribution, and multimedia conferences.
Proceedings ArticleDOI
Protection from distributed denial of service attacks using history-based IP filtering
TL;DR: This paper introduces a practical scheme to defend against distributed denial of service (DDoS) attacks based on IP source address filtering, and presents several heuristic methods to make the IP address database accurate and robust.
Journal ArticleDOI
Survey of security vulnerabilities in session initiation protocol
Dimitris Geneiatakis,Tasos Dagiuklas,Georgios Kambourakis,Costas Lambrinoudakis,Stefanos Gritzalis,Karlovassi Sven Ehlert,Dorgham Sisalem +6 more
TL;DR: This article identifies and describes security problems in the SIP protocol that may lead to denial of service, including flooding attacks, security vulnerabilities in parser implementations, and attacks exploiting vulnerabilities at the signaling-application level.
Journal ArticleDOI
Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms
TL;DR: A major conclusion of the work is the knowledge that SIP provides a wide range of features that can be used to mount DoS attacks, including attacks utilizing the DNS system and those targeting the parser.
Proceedings ArticleDOI
Detecting DoS attacks on SIP systems
TL;DR: A method to detect DoS attacks that involve flooding SIP entities with illegitimate SIP messages by modifying the original finite-state machines for SIP transactions in such a way that transaction anomalies can be detected in a stateful manner.