Voice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the realtime adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios.
Practical intrusion detection in Wireless MultihopNetworks (WMNs) is a hard challenge. The distributed nature of the network makes centralized intrusion detection difficult, while resource constraints of the nodes and the characteristics of the wireless medium often render decentralized, node-based approaches impractical. We demonstrate that an active-probingbased network intrusion detection system (AP-NIDS) is practical for WMNs. The key contribution of this paper is to optimize the active probing process: we introduce a general Bayesian model and design a probe selection algorithm that reduces the number of probes while maximizing the insights gathered by the AP-NIDS. We validate our model by means of testbed experimentation. We integrate it to our open source AP-NIDS DogoIDS and run it in an indoor wireless mesh testbed utilizing the IEEE 802.11s protocol. For the example of a selective packet dropping attack, we develop the detection states for our Bayes model, and show its feasibility. We demonstrate that our approach does not need to execute the complete set of probes, yet we obtain good detection rates.
Wireless Mesh Networks (WMN) are particularly vulnerable to attacks, since they feature constraint nodes, multi-hop communication, and an open wireless communication channel. These features limit the feasibility of the deployment of contemporary Intrusion Detection Systems (IDS): centralized systems fail because there is no strict network boundary, and distributed and/or cooperative systems challenge the limited resources of the nodes. As a result, practical IDSs for WMNs are scarce, and existing systems are limited with respect to detection capabilities. In this paper we present the design, implementation, and evaluation of "DogoIDS": an open source, mobile, activeprobing-based intrusion detection system. Exploiting mobility allows to mitigate the limitations of distributed, node-dependent systems. The active nature of the system achieves detection capabilities beyond that of a purely passive system. We show the accuracy and speed of our prototype in a testbed WMN-based on the IEEE 802.11s standard-under realistic attacks.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.