Utilizing bloom filters for detecting flooding attacks against SIP based services

Geneiatakis, Dimitris; Vrakas, Nikos; Lambrinoudakis, Costas

doi:10.1016/j.cose.2009.04.007

Cited by 60 publications

(51 citation statements)

References 27 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…The selection of these symbols reflects the different parts of a SIP message that an attacker could craft in order to launch a resource consumption or other type of attack. In fact, this method of assault is well-documented and evaluated in various researches so far [7,8,9,31]. For instance, a malicious actor could fabricate different SIP messages by modifying some of their parts 135 such as <Via>, <From>, <To>, <Call-ID> headers or even the First Line (corresponding to symbols S2 -S5, and S1 in Figure 1) depending on the situation at hand.…”

Section: Symbol Definitionmentioning

confidence: 99%

See 1 more Smart Citation

An efficient and easily deployable method for dealing with DoS in SIP services

Tsiatsikas

Geneiatakis

Kambourakis

et al. 2015

Computer Communications

Self Cite

View full text Add to dashboard Cite

Section: Symbol Definitionmentioning

confidence: 99%

“…with the aim to paralyze the victim as reported in [31,37] or execute a low-volume DoS to silently consume valuable network resources. This is for sure to gradually increase user discontent, which in turn leads to reducing provider's market share.…”

mentioning

confidence: 99%

An efficient and easily deployable method for dealing with DoS in SIP services

Tsiatsikas

Geneiatakis

Kambourakis

et al. 2015

Computer Communications

Self Cite

View full text Add to dashboard Cite

“…Geneiatakis et al [5] surveyed SIP security mechanisms. In a later paper, Geneiatakis et al [6] detailed memory usage of a SIP proxy under a flooding attack but did not discuss effects of such an attack on the UAC host. Additionally, they presented a bloom filter system to track call state in order to detect Invite floods.…”

Section: Related Workmentioning

confidence: 99%

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

Farley

Wang

2013

Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

View full text Add to dashboard Cite

Abstract. As more and more people are using VoIP softphones in their laptop and smart phones, vulnerabilities in VoIP protocols and systems could introduce new threats to the computer that runs the VoIP softphone. In this paper, we investigate the security ramifications that VoIP softphones expose their host to and ways to mitigate such threats. We show that crafted SIP traffic (noisy attack) can disable a Windows XP host that runs the official Vonage VoIP softphone within several minutes. While such a noisy attack can be effectively mitigated by threshold based filtering, we show that a stealthy attack could defeat the threshold based filtering and disable the targeted computer silently without ever ringing the targeted softphone. To mitigate the stealthy attack, we have developed a limited context aware (LCA) filtering that leverages the context and SIP protocol information to ascertain the intentions of a SIP message on behalf of the client. Our experiments show that LCA filtering can effectively defeat the stealthy attack while allowing legitimate VoIP calls to go through.

show abstract

“…Roh et al [12] propose whitelist-based countermeasure scheme based on none-member ratio by utilizing CBF. Geneiatakis et al [13], [14] take advantage of CBF to calculate session distance of SIP to detect anomalies with the assumption that flooding attack is associated with incomplete sessions and there exists correlations between different SIP attributes. Rebahi et al [15] also consider the half-open connection issue, and propose a non-parametric CUSUM algorithm to detect gradual change in means of time series.…”

Section: Related Workmentioning

confidence: 99%

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Ruan

Wang

et al. 2017

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

SUMMARYAs a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme.

show abstract

Utilizing bloom filters for detecting flooding attacks against SIP based services

Cited by 60 publications

References 27 publications

An efficient and easily deployable method for dealing with DoS in SIP services

An efficient and easily deployable method for dealing with DoS in SIP services

Disabling a Computer by Exploiting Softphone Vulnerabilities: Threat and Mitigation

Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Contact Info

Product

Resources

About