A Framework for Detecting Anomalies in VoIP Networks

Bouzida, Yacine; Mangin, Christophe

doi:10.1109/ares.2008.205

Cited by 21 publications

(7 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Niccolin first proposed a framework for snort-based intrusion detection and prevention prototype system that uses knowledge-based intrusion detection to detect SIP malformed messages and messages tampering [5]. Bouzida gathered several attributes from the VoIP attacks and SIP protocol itself, and an intrusion detection is analyzed by two types of extracted features using decision tree [6]. Geneiatakis analyzed several kinds of SIP malformed message attacks, and extracted SIP characteristics of the malformed message.…”

Section: Related Workmentioning

confidence: 99%

A rules-based intrusion detection and prevention framework against SIP malformed messages attacks

Yang

et al. 2010

2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT)

View full text Add to dashboard Cite

SIP malformed messages detection and prevention has become an important indicator of high availability for SIP servers or IMS system. This paper describes the SIP malformed messages attacks, analyses sip protocol features and builds an abstract data model according to RFC 3261 protocol specification. The author presents an efficient intrusion detection and prevention framework against SIP malformed messages attacks. Using rules-based detection techniques, the paper improves detection performance against SIP malformed messages attacks and implements a detection algorithm in the kernel layer which improves the performance of the system.

show abstract

Section: Related Workmentioning

confidence: 99%

A rules-based intrusion detection and prevention framework against SIP malformed messages attacks

Yang

et al. 2010

2010 3rd IEEE International Conference on Broadband Network and Multimedia Technology (IC-BNMT)

View full text Add to dashboard Cite

show abstract

“…4) is composed of different SBCs (Session Border Controllers) that filter all the incoming traffic from Internet or legitimate clients. Since SBCs cannot filter all undesired traffic, VoIP intrusion detection system tools, such as that developed in [3], are deployed behind these SBCs to detect different attacks using some vulnerabilities of the SIP protocol. Other emerging VoIP IDSs [19], based on state machine analysis similar to previous works such as NetStat [22], may be used as a complementary IDS in our framework.…”

Section: Voip Use Casementioning

confidence: 99%

“…Other emerging VoIP IDSs [19], based on state machine analysis similar to previous works such as NetStat [22], may be used as a complementary IDS in our framework. Since this tool is not made available, we only consider that presented in [3]. One of the attack scenarios we consider is described in Figure 5.…”

Section: Voip Use Casementioning

confidence: 99%

See 1 more Smart Citation

Expression and Deployment of Reaction Policies

Cuppens¹,

Cuppens-Boulahia²,

Bouzida³

et al. 2008

2008 IEEE International Conference on Signal Image Technology and Internet Based Systems

Self Cite

View full text Add to dashboard Cite

Current prevention techniques provide restrictive responses that may take a local reaction in a limited information system infrastructure. In this paper, an in depth and comprehensive approach is introduced for responding to intrusions in an efficient way. This approach considers not only the threat and the architecture of the monitored information system, but also the security policy. The proposed reaction workflow links the lowest level of the information system corresponding to intrusion detection mechanisms, including misuse and anomaly techniques, and access control techniques with the higher level of the security policy. This reaction workflow evaluates the intrusion alerts at three different levels, it then reacts against threats with appropriate counter measures in each level accordingly.

show abstract

“…These algorithms can successfully detect DoS and DDoS attacks on SIP proxies, but do not allow any prevention mechanisms. A final group of researchers are focussing on developing combined solutions to detect multiple types of attacks [26], [27], [28], however none of them are able to deliver DDoS mitigation mechanisms.…”

Section: Related Workmentioning

confidence: 99%

Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

Onofrei¹,

Rebahi²,

Magedanz³

2010

IJNGN

View full text Add to dashboard Cite

Emergency services are vital services that Next Generation Networks (NGNs) have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs, 3GPP has carried the burden of specifying a standardized IMS-based emergency services framework. Unfortunately, like any other IP-based standards, the IMS-based emergency service framework is prone to Distributed Denial of Service (DDoS) attacks. We propose in this work, a simple but efficient solution that can prevent certain types of such attacks by creating firewall pinholes that regular clients will surely be able to pass in contrast to the attackers clients. Our solution was implemented, tested in an appropriate testbed, and its efficiency was proven.

show abstract

A Framework for Detecting Anomalies in VoIP Networks

Cited by 21 publications

References 4 publications

A rules-based intrusion detection and prevention framework against SIP malformed messages attacks

A rules-based intrusion detection and prevention framework against SIP malformed messages attacks

Expression and Deployment of Reaction Policies

Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing

Contact Info

Product

Resources

About