Abstract
The rapid evolution of beyond fifth-generation (B5G) and sixth-generation (6G) networks has significantly driven the growth of Internet of Things (IoT) applications. These applications are characterised by: a massive connectivity, high security level, trust, wireless coverage, also ultra-low latency, high throughput, and ultra-reliability, especially for real-time oriented sessions or sensor like cameras. While traditional protocols like MQTT and CoAP are inadequate for such types of applications, under certain conditions, the 3GPP standard Session Initiation Protocol (SIP) emerges as a promising solution. However, SIP faces various Distributed Denial of Service (DDoS) threats, as INVITE flooding attacks presenting a significant challenge. This work presents a GRU-based Intrusion Detection System (IDS) to detect SIP-INVITE flooding attacks. Leveraging recurrent neural networks, the IDS efficiently process sequential SIP traffic data in real time, identifying attack patterns effectively. The GRU’s ability to capture temporal dependencies enhances accuracy in classifying and detecting attack behaviors. The results demonstrate that the framework can effectively detect and mitigate INVITE flooding attacks of different intensities, under practical settings. The performance results show that the proposed framework is robust and can be practically deployed, e.g., inference time less than 800 \(\upmu \)s and a marginal rate for the misclassified traffic.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
References
Alvares, C., Dinesh, D., Alvi, S., Gautam, T., Hasib, M., Raza, A.: Dataset of attacks on a live enterprise voip network for machine learning based intrusion detection and prevention systems. Comput. Netw. 197, 108283 (2021)
Chung, J., Gulcehre, C., Cho, K., Bengio, Y.: Empirical evaluation of gated recurrent neural networks on sequence modeling. arXiv preprint arXiv:1412.3555 (2014)
Elman, J.L.: Finding structure in time. Cogn. Sci. 14(2), 179–211 (1990)
Graves, A., Graves, A.: Long short-term memory. Supervised sequence labelling with recurrent neural networks, pp. 37–45 (2012)
Hussain, I., Djahel, S., Zhang, Z., Naït-Abdesselam, F.: A comprehensive study of flooding attack consequences and countermeasures in session initiation protocol (SIP). Secur. Commun. Netw. 8(18), 4436–4451 (2015)
Inayat, U., Zia, M.F., Mahmood, S., Khalid, H.M., Benbouzid, M.: Learning-based methods for cyber attacks detection in IoT systems: a survey on methods, analysis, and future prospects. Electronics 11(9), 1502 (2022)
Khalil, H., Elgazzar, K.: Leveraging blockchain for device registration and authentication in tSIP-based phone-of-things (PoT) systems. In: 2023 International Wireless Communications and Mobile Computing (IWCMC), pp. 1605–1612. IEEE (2023)
Kumari, P., Jain, A.K.: A comprehensive study of DDoS attacks over IoT network and their countermeasures. Comput. Secur. 103096 (2023)
Mahajan, N., Chauhan, A., Kumar, H., Kaushal, S., Sangaiah, A.K.: A deep learning approach to detection and mitigation of distributed denial of service attacks in high availability intelligent transport systems. Mob. Netw. Appl. 27(4), 1423–1443 (2022)
Meddahi, A., Drira, H., Meddahi, A.: SIP-GAN: generative adversarial networks for sip traffic generation. In: 2021 International Symposium on Networks, Computers and Communications (ISNCC), pp. 1–6. IEEE (2021)
Meshram, C., Lee, C.C., Bahkali, I., Imoize, A.L.: An efficient fractional Chebyshev chaotic map-based three-factor session initiation protocol for the human-centered IoT architecture. Mathematics 11(9), 2085 (2023)
Mittal, M., Kumar, K., Behal, S.: Deep learning approaches for detecting DDoS attacks: a systematic review. Soft Comput. 1–37 (2022)
Nassar, M., State, R., Festor, O.: Labeled VoIP data-set for intrusion detection evaluation. In: Aagesen, F.A., Knapskog, S.J. (eds.) EUNICE 2010. LNCS, vol. 6164, pp. 97–106. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13971-0_10
Nazih, W., Hifny, Y., Elkilani, W.S., Dhahri, H., Abdelkader, T.: Countering DDoS attacks in sip based VoIP networks using recurrent neural networks. Sensors 20(20), 5875 (2020)
Omolara, A.E., Alabdulatif, A., Abiodun, O.I., Alawida, M., Alabdulatif, A., Arshad, H., et al.: The internet of things security: a survey encompassing unexplored areas and new insights. Comput. Secur. 112, 102494 (2022)
Pereira, D., Oliveira, R.: Detection of abnormal sip signaling patterns: a deep learning comparison. Computers 11(2), 27 (2022)
Pereira, D., Oliveira, R., Kim, H.S.: Classification of abnormal signaling sip dialogs through deep learning. IEEE Access 9, 165557–165567 (2021)
Rosenberg, J., et al.: SIP: session initiation protocol. Technical report (2002)
SIPp: Sipp. https://sipp.sourceforge.net/
Stanek, J., Kencl, L.: SIPp-DD: sip DDOS flood-attack simulation tool. In: 2011 Proceedings of 20th International Conference on Computer Communications and Networks (ICCCN), pp. 1–7. IEEE (2011)
Tas, I.M., Unsalver, B.G., Baktir, S.: A novel sip based distributed reflection denial-of-service attack and an effective defense mechanism. IEEE Access 8, 112574–112584 (2020)
Yang, I.F., Lin, Y.C., Yang, S.R., Lin, P.: The implementation of a SIP-based service platform for 5G IoT applications. In: 2021 IEEE 93rd Vehicular Technology Conference (VTC2021-Spring), pp. 1–6. IEEE (2021)
Yang, S.R., Lin, Y.C., Lin, P., Fang, Y.: AioTtalk: a sip-based service platform for heterogeneous artificial intelligence of things applications. IEEE Internet Things J. (2023)
Acknowledgment
This work has been carried in the context of the project Beyond5G, funded by the French government as part of the economic recovery plan, namely “France Relance” and the investments for the future program.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Sbai, O., Allaert, B., Sondi, P., Meddahi, A. (2024). SIP-DDoS: SIP Framework for DDoS Intrusion Detection Based on Recurrent Neural Networks. In: Renault, É., Boumerdassi, S., Mühlethaler, P. (eds) Machine Learning for Networking. MLN 2023. Lecture Notes in Computer Science, vol 14525. Springer, Cham. https://doi.org/10.1007/978-3-031-59933-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-031-59933-0_6
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-59932-3
Online ISBN: 978-3-031-59933-0
eBook Packages: Computer ScienceComputer Science (R0)