Article: Source-oriented pattern analysis of flooding-type attacks in SIP-based internet telephony services Journal: International Journal of Multimedia Intelligence and Security (IJMIS) 2010 Vol.1 No.1 pp.90 - 115 Abstract: Session initiation protocol (SIP)-based internet telephony can reduce capital and operating costs and opens up new multimedia service opportunities, but at the same time introduces new security problems based on these standards that cannot be solved with current security mechanisms. In particular, flooding-type attacks that use SIP messages and target the proxy server or user agent can cause a denial-of-service status. Furthermore, if attackers continuously generate a high load of flooding messages, the quality of service (QoS) of multimedia services that use SIP as the basic signalling protocol will be decreased. To prevent repeated flooding and to guarantee QoS, it is important to discover the attack pattern. We present a source-oriented pattern analysis system that can determine the characteristics of flooding-type attacks. Using the proposed system, we can detect outlier traffic and identify the message composition, occurrence type, and transfer type of flooding attacks. We describe our approach and present experimental results in this paper. Inderscience Publishers - linking academia, business and industry through research

Title: Source-oriented pattern analysis of flooding-type attacks in SIP-based internet telephony services

Authors: Joon Heo, Eric Y. Chen, Tetsuya Kusumoto, Mitsutaka Itoh

Addresses: NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan

Abstract: Session initiation protocol (SIP)-based internet telephony can reduce capital and operating costs and opens up new multimedia service opportunities, but at the same time introduces new security problems based on these standards that cannot be solved with current security mechanisms. In particular, flooding-type attacks that use SIP messages and target the proxy server or user agent can cause a denial-of-service status. Furthermore, if attackers continuously generate a high load of flooding messages, the quality of service (QoS) of multimedia services that use SIP as the basic signalling protocol will be decreased. To prevent repeated flooding and to guarantee QoS, it is important to discover the attack pattern. We present a source-oriented pattern analysis system that can determine the characteristics of flooding-type attacks. Using the proposed system, we can detect outlier traffic and identify the message composition, occurrence type, and transfer type of flooding attacks. We describe our approach and present experimental results in this paper.

Keywords: security; internet telephony; session initiation protocol; SIP; traffic analysis; flooding attacks; source-oriented pattern analysis; multimedia services; denial-of-service; quality of service; QoS.

DOI: 10.1504/IJMIS.2010.035973

International Journal of Multimedia Intelligence and Security, 2010 Vol.1 No.1, pp.90 - 115

Published online: 11 Oct 2010 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article

Title: Source-oriented pattern analysis of flooding-type attacks in SIP-based internet telephony services

Keep up-to-date