Mitigating Mimicry Attacks Against the Session Initiation Protocol

Marchal, Samuel; Mehta, Anil; Gurbani, Vijay K.; State, Radu; Kam-Ho, Tin; Sancier‐Barbosa, Flavia

doi:10.1109/tnsm.2015.2459603

Cited by 9 publications

(12 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Malicious messages are conceptually simulating benign messages. Using datasets with large differences between benign and malicious messages leads to unrealistic high performance [ 40 ]. To avoid this in our experiments, our attack simulation tool generates traffic that mimics the real traffic.…”

Section: Datasetmentioning

confidence: 99%

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

Many companies have transformed their telephone systems into Voice over IP (VoIP) systems. Although implementation is simple, VoIP is vulnerable to different types of attacks. The Session Initiation Protocol (SIP) is a widely used protocol for handling VoIP signaling functions. SIP is unprotected against attacks because it is a text-based protocol and lacks defense against the growing security threats. The Distributed Denial of Service (DDoS) attack is a harmful attack, because it drains resources, and prevents legitimate users from using the available services. In this paper, we formulate detection of DDoS attacks as a classification problem and propose an approach using token embedding to enhance extracted features from SIP messages. We discuss a deep learning model based on Recurrent Neural Networks (RNNs) developed to detect DDoS attacks with low and high-rate intensity. For validation, a balanced real traffic dataset was built containing three attack scenarios with different attack durations and intensities. Experiments show that the system has a high detection accuracy and low detection time. The detection accuracy was higher for low-rate attacks than that of traditional machine learning.

show abstract

Section: Datasetmentioning

confidence: 99%

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Preventing mimicry telephony denial of service (TDoS) using multiple classifier systems (MCS) was proposed by Marchal et al [46]. Mimicry TDoS can be launched by a malformed message that is slightly changed from a normal message.…”

Section: Machine Learning Approachesmentioning

confidence: 99%

“…It is worth mentioning that almost all the work surveyed uses a simulated dataset, excluding [46,49] where real datasets are used. In [23], the authors tried to mimic a real dataset by using a simulated dataset with one server and nine clients in different regions connected via the internet.…”

Section: Analysis Of Surveyed Approachesmentioning

confidence: 99%

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

et al. 2020

View full text Add to dashboard Cite

Voice over IP (VoIP) services hold promise because of their offered features and low cost. Most VoIP networks depend on the Session Initiation Protocol (SIP) to handle signaling functions. The SIP is a text-based protocol that is vulnerable to many attacks. Denial of Service (DoS) and distributed denial of service (DDoS) attacks are the most harmful types of attacks, because they drain VoIP resources and render SIP service unavailable to legitimate users. In this paper, we present recently introduced approaches to detect DoS and DDoS attacks, and classify them based on various factors. We then analyze these approaches according to various characteristics; furthermore, we investigate the main strengths and weaknesses of these approaches. Finally, we provide some remarks for enhancing the surveyed approaches and highlight directions for future research to build effective detection solutions.

show abstract

“…Flooding attack is considered as the result of the sending INVITE messages from one or several sources and also TCP-SYN like attacks in this study. In Marchal et al, 35 a particular telephony DoS attack named mimicry TDoS is studied. Also in Roh et al, 32 a detection method using Bloom data structure is proposed.…”

Section: Related Workmentioning

confidence: 99%

“…Also, an entropy-based method is used to compare the information and detect the attacks. In Marchal et al, 35 a particular telephony DoS attack named mimicry TDoS is studied. The authors elaborated malformed messages that have a slight difference with a syntactically correct one.…”

Section: Related Workmentioning

confidence: 99%

Anomaly‐based DoS detection and prevention in SIP networks by modeling SIP normal traffic

Hosseinpour

Yaghmaee

Seno

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Due to the various features of Voice over Internet Protocol (VoIP), this technology has attracted the attention of many users in comparison with the traditional telephony system. However, with the growth of this technology, the security issues and protection of its users against different kinds of threats have been raised as an essential requirement. Session Initiation Protocol is a predominant protocol to initiate and terminate multimedia sessions in VoIP networks that provide simplicity and text-based features. Despite its mentioned advantages, these features impose several vulnerabilities on VoIP networks. Denial of Service attack, as one of the most common attacks against VoIP networks, is also a noted security issue in the Internet Protocol platforms. In such attacks, the attacker tries to prevent service from authorized users by consuming server resources. These attacks can be launched by sending out-of-sequence messages, malformed messages, and flooding different kinds of messages. In this study, a new anomaly-based method is presented for detection and prevention of these attacks. Normal traffic of a VoIP network is modeled by making a finite state machine, which is used for attack detection besides other proposed modules. Furthermore, a whitelist method is implemented using Bloom data structure for attack prevention. The proposed method is completely implemented and tested using different test scenarios. The obtained results show that by using proposed method, attacks can be detected more accurately with lower false ratios and delay in comparison with the existing methods. KEYWORDSVoIP network, SIP security, DoS attacks, finite state machine (FSM)

show abstract

Mitigating Mimicry Attacks Against the Session Initiation Protocol

Cited by 9 publications

References 37 publications

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Anomaly‐based DoS detection and prevention in SIP networks by modeling SIP normal traffic

Contact Info

Product

Resources

About