Title: Source-oriented pattern analysis of flooding-type attacks in SIP-based internet telephony services
Authors: Joon Heo, Eric Y. Chen, Tetsuya Kusumoto, Mitsutaka Itoh
Addresses: NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan. ' NTT Information Sharing Platform Laboratories, NTT Corporation, Midori-Cho, 3-Chome, Musashino-Shi, Tokyo 180-8585, Japan
Abstract: Session initiation protocol (SIP)-based internet telephony can reduce capital and operating costs and opens up new multimedia service opportunities, but at the same time introduces new security problems based on these standards that cannot be solved with current security mechanisms. In particular, flooding-type attacks that use SIP messages and target the proxy server or user agent can cause a denial-of-service status. Furthermore, if attackers continuously generate a high load of flooding messages, the quality of service (QoS) of multimedia services that use SIP as the basic signalling protocol will be decreased. To prevent repeated flooding and to guarantee QoS, it is important to discover the attack pattern. We present a source-oriented pattern analysis system that can determine the characteristics of flooding-type attacks. Using the proposed system, we can detect outlier traffic and identify the message composition, occurrence type, and transfer type of flooding attacks. We describe our approach and present experimental results in this paper.
Keywords: security; internet telephony; session initiation protocol; SIP; traffic analysis; flooding attacks; source-oriented pattern analysis; multimedia services; denial-of-service; quality of service; QoS.
DOI: 10.1504/IJMIS.2010.035973
International Journal of Multimedia Intelligence and Security, 2010 Vol.1 No.1, pp.90 - 115
Published online: 11 Oct 2010 *
Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article