“…The selection of these symbols reflects the different parts of a SIP message that an attacker could craft in order to launch a resource consumption or other type of attack. In fact, this method of assault is well-documented and evaluated in various researches so far [7,8,9,31]. For instance, a malicious actor could fabricate different SIP messages by modifying some of their parts 135 such as <Via>, <From>, <To>, <Call-ID> headers or even the First Line (corresponding to symbols S2 -S5, and S1 in Figure 1) depending on the situation at hand.…”
Section: Symbol Definitionmentioning
confidence: 99%
“…with the aim to paralyze the victim as reported in [31,37] or execute a low-volume DoS to silently consume valuable network resources. This is for sure to gradually increase user discontent, which in turn leads to reducing provider's market share.…”
“…The selection of these symbols reflects the different parts of a SIP message that an attacker could craft in order to launch a resource consumption or other type of attack. In fact, this method of assault is well-documented and evaluated in various researches so far [7,8,9,31]. For instance, a malicious actor could fabricate different SIP messages by modifying some of their parts 135 such as <Via>, <From>, <To>, <Call-ID> headers or even the First Line (corresponding to symbols S2 -S5, and S1 in Figure 1) depending on the situation at hand.…”
Section: Symbol Definitionmentioning
confidence: 99%
“…with the aim to paralyze the victim as reported in [31,37] or execute a low-volume DoS to silently consume valuable network resources. This is for sure to gradually increase user discontent, which in turn leads to reducing provider's market share.…”
“…Geneiatakis et al [5] surveyed SIP security mechanisms. In a later paper, Geneiatakis et al [6] detailed memory usage of a SIP proxy under a flooding attack but did not discuss effects of such an attack on the UAC host. Additionally, they presented a bloom filter system to track call state in order to detect Invite floods.…”
Abstract. As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats. We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone. To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.
“…Roh et al [12] propose whitelist-based countermeasure scheme based on none-member ratio by utilizing CBF. Geneiatakis et al [13], [14] take advantage of CBF to calculate session distance of SIP to detect anomalies with the assumption that flooding attack is associated with incomplete sessions and there exists correlations between different SIP attributes. Rebahi et al [15] also consider the half-open connection issue, and propose a non-parametric CUSUM algorithm to detect gradual change in means of time series.…”
SUMMARYAs a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.