Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Nazih, Waleed; Elkilani, Wail S.; Dhahri, Habib; Abdelkader, Tamer

doi:10.3390/electronics9111827

Cited by 19 publications

(15 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Paper [4] presented a detailed survey on detection procedures for DoS and DDoS attacks in the context of VoIP network. DoS attack by flooding the SIP server with different SIP-messages, analysing the performance by SIP server by considering different performance metrics such as CPU and memory utilization is highlighted in [5].…”

Section: Related Workmentioning

confidence: 99%

Segregating Signaling and Media Planes into Different containers

V¹,

N²

2021

JUSST

View full text Add to dashboard Cite

Scalability is an important aspect of communication networks. With the ascent of SIP and associated modern real-time protocols, IP telephony has become a revolutionary technology in connecting users through real-time voice communications with enabled video and instant messaging capabilities. B2BUA is a SIP server that provides call management and authentication functionality by reformulating the request and routing the traffic to other user agents in the network. It comprises signaling and media entities that handle all control signaling messages and real-time data(media) information respectively. The signaling and entities run as different processes in the same container. Such an architecture encounters a large CPU utilization after a specific number of maximum calls due to increase traffic flowing within the same node. Further Packet processing is CPU intensive and there is a need for an architecture that scales well with increasing traffic without hitting the CPU performance. The paper presents the design of decoupled architecture for Signaling and Media entities by running both the processes in different containers. With such an approach, one Signaling entity can communicate with multiple Media entities or vice versa thereby providing a suitable scalable solution to deal with the increased traffic and further maintaining the system efficiency. The paper is concluded by highlighting the difference between Kubernetes and OpenStack for the proposed architecture

show abstract

Section: Related Workmentioning

confidence: 99%

Segregating Signaling and Media Planes into Different containers

V¹,

N²

2021

JUSST

View full text Add to dashboard Cite

show abstract

“…The proposed approach outperformed SVM in the dual form in terms of detection time and training time. Using deep learning approaches are rarely used to detect DoS and DDoS attacks [4]. Nazih et al [9] proposed a DDoS detection approach based on RNN.…”

Section: Related Workmentioning

confidence: 99%

“…Denial of Service (DoS) is an attack preventing legitimate users from using VoIP services. Malformed messages and flooding are the most frequent DoS attacks [4]. In the case of malformed messages attacks, the attacker sends a tampered SIP message to cause a partial failure or a restart of the SIP device when trying to process this message.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Fast Detection of Distributed Denial of Service Attacks in VoIP Networks Using Convolutional Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

IJICIS

Self Cite

View full text Add to dashboard Cite

Voice over Internet Protocol (VoIP) is a recent technology used to transfer media and voice over Internet Protocol (IP). Many organizations moved to VoIP services instead of the traditional telephone systems because of its low cost and variety of introduced services. The Session Initiation Protocol (SIP) is the most used protocol for signaling functions in VoIP networks. It has simple implantation but suffers from less protection against attacks. The Distributed Denial of Service (DDoS) attack is a dangerous attack that preventing legitimate users from using VoIP services and draining their resources. In this paper, we proposed an approach that utilizes deep learning to detect DDoS attacks. The proposed approach uses token embedding to improve the extracted features of SIP messages. Then, Convolutional Neural Network (CNN) was used to detect DDoS attacks with different intensities. Furthermore, a real VoIP dataset that contains different scenarios of attacks was used to evaluate the proposed approach. Our experiments find that the CNN model achieved a high F1 score (99-100%) as another deep learning approach that utilizes Recurrent Neural Network (RNN) but with less detection time. Also, it outperforms another system that depends on classical machine learning in case of low-rate DDoS attacks.

show abstract

“…Botnets, which are made up of zombie devices taken over by internet hackers, are used by attackers. DDoS attacks are difficult to identify and block because they involve a large number of devices [8], [9]. As a result, one of the most pressing issues for administrators and network service providers is the rapid identification and mitigation of DDoS attacks.…”

Section: Introductionmentioning

confidence: 99%

Distributed denial of service attacks detection for software defined networks based on evolutionary decision tree model

Kamel

Abdullah

2022

Bulletin EEI

View full text Add to dashboard Cite

The software defined networks (SDN) system has modern techniques in networking, it separates the forwarding plane from the control plane and works to collect control functions in a central unit (controller), and this separation process leads to many advantages, such as cost reduction and programming ability. Concurrently, because of its centralized architecture, it is prone to a variety of attacks. Distributed denial of service (DDoS) attack has a significant impact on SDN, it is characterized by its ability to consume network resources as well as its ability to turn off the entire network. The work in this study aims to improve and increase the security and robustness of SDN systems against the attack or intrusion, by using a machine learning model to detect attack traffic and classify traffic of SDN as (attack or normal), and optimization algorithm (genetic algorithm) for improving the accuracy of the classification. After preparing and preprocessing the dataset, we used the genetic algorithm (GA) to optimize the hyperparameters of the decision tree (DT) model, and the proposed evolutionary decision tree (EDT) model was used to classify traffic into normal and attack traffic. The results indicate that the suggested model achieved a high classification accuracy of 99.46.

show abstract

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Cited by 19 publications

References 37 publications

Segregating Signaling and Media Planes into Different containers

Segregating Signaling and Media Planes into Different containers

Fast Detection of Distributed Denial of Service Attacks in VoIP Networks Using Convolutional Neural Networks

Distributed denial of service attacks detection for software defined networks based on evolutionary decision tree model

Contact Info

Product

Resources

About