Specification-based intrusion detection for H.323-based voice over IP

Truong, Phu; Nieh, D.; Moh, Melody

doi:10.1109/isspit.2005.1577128

Cited by 10 publications

(5 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Initially, it was intended for execution monitoring of security-critical programs in distributed system [10]. However, it has been applied to routing protocols such AODV [12], [13], [14] or OSLR [15], DNP3 protocol [16], [17], [18] Voice over IP [19], [20], [21] and other areas of CPS as discussed in section III. A practical experience in the use of specification-based intrusion is presented by Uppuluri and Sekar in [11].…”

Section: B Specification-based Intrusion Detectionmentioning

confidence: 99%

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

Cyber-physical systems (CPS) integrate computation and communication capabilities to monitor and control physical systems. Even though this integration improves the performance of the overall system and facilitates the application of CPS in several domains, it also introduces security challenges. Over the years, intrusion detection systems (IDS) have been deployed as one of the security controls for addressing these security challenges. Traditionally, there are three main approaches to IDS, namely: anomaly detection, misuse detection and specificationbased detection. However, due to the unique attributes of CPS, the traditional IDS need to be modified or completely replaced before it can be deployed for CPS. In this paper, we present a survey of specification-based intrusion detection techniques for CPS. We classify the existing specification-based intrusion detection techniques in the literature according to the following attributes: specification source, specification extraction, specification modelling, detection mechanism, detector placement and validation strategy. We also discuss the details of each attribute and describe our observations, concerns and future research directions. We argue that reducing the efforts and time needed to extract the system specification of specification-based intrusion detection techniques for CPS and verifying the correctness of the extracted system specification are open issues that must be addressed in the future.

show abstract

Section: B Specification-based Intrusion Detectionmentioning

confidence: 99%

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Nweke¹

2021

IJACSA

View full text Add to dashboard Cite

show abstract

“…H. Sengar et al [14] present a protocol state machine based IDS for Voice over IP (VoIP), which identifies any deviation from normal protocol behaviors, and hence, could detect unknown attacks. P. Truong et al [15] also propose an FSM based intrusion detection model for H.323-based VoIP. In [16], state machines based intrusion detection is proposed for Advanced Metering Infrastructures (AMI) in Smart Grids that includes the devicelevel state machine for smart meters and the application-level state machine for the American National Standards Institute (ANSI) C12.22 protocol.…”

Section: Related Workmentioning

confidence: 99%

Stateful intrusion detection for IEC 60870-5-104 SCADA security

Yang

McLaughlin

Sezer

et al. 2014

2014 IEEE PES General Meeting | Conference &Amp; Exposition

View full text Add to dashboard Cite

“…Truong et al [124] describe a rules-based intrusion detection system for H.323 that uses an FSM model to detect unexpected messages, aimed at identifying illegitimate RAS (Registration, Admission and Status) messages being forwarded to a H.323 gatekeeper.…”

Section: ) Service Abuse (7 Items)mentioning

confidence: 99%

A Comprehensive Survey of Voice over IP Security Research

Keromytis

2012

IEEE Commun. Surv. Tutorials

116

View full text Add to dashboard Cite

Abstract-We present a comprehensive survey of Voice over IP security academic research, using a set of 245 publications forming a closed cross-citation set. We classify these papers according to an extended version of the VoIP Security Alliance (VoIPSA) Threat Taxonomy. Our goal is to provide a roadmap for researchers seeking to understand existing capabilities and to identify gaps in addressing the numerous threats and vulnerabilities present in VoIP systems. We discuss the implications of our findings with respect to vulnerabilities reported in a variety of VoIP products.We identify two specific problem areas (denial of service, and service abuse) as requiring significant more attention from the research community. We also find that the overwhelming majority of the surveyed work takes a black box view of VoIP systems that avoids examining their internal structure and implementation. Such an approach may miss the mark in terms of addressing the main sources of vulnerabilities, i.e., implementation bugs and misconfigurations. Finally, we argue for further work on understanding cross-protocol and cross-mechanism vulnerabilities (emergent properties), which are the byproduct of a highly complex system-of-systems and an indication of the issues in future large-scale systems.

show abstract

Specification-based intrusion detection for H.323-based voice over IP

Cited by 10 publications

References 4 publications

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

A Survey of Specification-based Intrusion Detection Techniques for Cyber-Physical Systems

Stateful intrusion detection for IEC 60870-5-104 SCADA security

A Comprehensive Survey of Voice over IP Security Research

Contact Info

Product

Resources

About