In the last few years the number and impact of security attacks over the Internet, and in particular against VoIP, have been continuously increasing. To face this issue, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network and application security. In this paper we address the problem considering a novel statistical technique for detecting attacks towards the SIP protocol. Our approach is based on the use of Markovian models (namely high order Markov chains) for modelling SIP signalling traffic. In particular our work focuses on detection of three kinds of attacks: VoIP Fuzzing, Flood based denial of service, and Signalling manipulation. The performance results shown in the paper, justify the proposed method and highlight the improvements over commonly used statistical techniques .
A Novel Method for Detecting Attacks Towards the SIP Protocol
CALLEGARI, CHRISTIAN;GARROPPO, ROSARIO GIUSEPPE;GIORDANO, STEFANO;PAGANO, MICHELE;RUSSO, FRANCO
2009-01-01
Abstract
In the last few years the number and impact of security attacks over the Internet, and in particular against VoIP, have been continuously increasing. To face this issue, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network and application security. In this paper we address the problem considering a novel statistical technique for detecting attacks towards the SIP protocol. Our approach is based on the use of Markovian models (namely high order Markov chains) for modelling SIP signalling traffic. In particular our work focuses on detection of three kinds of attacks: VoIP Fuzzing, Flood based denial of service, and Signalling manipulation. The performance results shown in the paper, justify the proposed method and highlight the improvements over commonly used statistical techniques .I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.
