Summary
In this paper, a two‐tier model has been developed that includes a Handler and a Bloom filter (HBF). In the first‐tier, the handler detects both the flooding and fake signaling attacks. The Bloom filter, in the second‐tier, prevents both the attacks before reaching the victim. In the existing systems, the packet level features are used which do not perform well for detection and prevention of both the attacks. In this work, flow level features are applied in both tiers. The proposed model is implemented on the innocent Session Initiation Protocol (SIP) server in the VoIP network. The two‐tier model ensures the reliability and trustworthiness between the service provider and the customer. Besides, it also provides billing information along with the exact call duration to a customer who makes a call. The experimental results show that the HBF results in a reduced detection time of 9 seconds with the reduced false positive (FP) of less than 1% and the false negative (FN) of 0.002% and also preserves the voice call quality during media conversation.
Voice over Internet Protocol (VoIP) is an emerging trend of applications on the internet today. As with any recent technology, VoIP also introduces both fortuity and problems. Existing VoIP honeypot experimental set ups based on SIP (Session Initiation Protocol) deals with the basic attacks like DoS (Denial of Service), enumeration detection, signature collection and SPIT (Spam over Internet Telephony). These VoIP service abuse attacks cause discrepancy between the services offered to the VoIP users and service providers. We executed successive attempts with different sets of attributes and sample subsets to collect exact traffic records used for detecting and categorizing the attack packets using honeypot. Finally, a comparison of both the algorithms with its true and false positive rates is evaluated. For result analysis, we propose a test-bed using Zoiper (SIP clients), Asterisk server, Artemisa honeypot and Wireshark as network analyzer. The test-bed demonstrates how the honeypot effectively works in improvising the robustness of the VoIP security system from billing attacks and toll frauds.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.