Abstract
As a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which is quite open to the public. Though designed rigorously, similar to VoIP service, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. In this paper, two schemes inspired by Counting Bloom Filter (CBF) are proposed to thwart these attacks. In scheme I, we leverage CBF to accomplish flooding attack detection. In scheme II, we design a versatile CBF-like structure, PFilter, to achieve the same goal. Compared with previous relevant works, our detection schemes gain advantages in many aspects including low-rate flooding attack and stealthy flooding attack. Moreover, not only can our schemes detect the attacks with high accuracy, but also find out the attacker to ensure normal operation of VoLTE. Extensive experiments are performed to well evaluate the performance of the proposed two schemes.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Kim, H., Kim, D.,. Kwon, M., Han, H., Jang, Y., Han, D., Kim, T., Kim, Y.: Breaking and fixing VoLTE: exploiting hidden data channels and mis-implementations. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 328–339. ACM (2015)
Li, C.-Y., Tu, G.-H., Peng, C., Yuan, Z., Li, Y., Lu, S., Wang, X.: Insecurity of voice solution volte in LTE mobile networks. In: Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 316–327. ACM (2015)
Tang, J., Cheng, Y., Hao, Y.: Detection and prevention of SIP flooding attacks in voice over IP networks. In: 2012 Proceedings IEEE INFOCOM, pp. 1161–1169. IEEE (2012)
Tang, J., Cheng, Y., Hao, Y., Song, W.: SIP flooding attack detection with a multi-dimensional sketch design. IEEE Trans. Depend. Secur. Comput. 11(6), 582–595 (2014)
Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Fast detection of denial-of-service attacks on ip telephony. In: 2006 14th IEEE International Workshop on Quality of Service, pp. 199–208. IEEE (2006)
Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP floods using the hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19(6), 794–805 (2008)
Fan, L., Cao, P., Almeida, J., Broder, A.Z.: Summary cache: a scalable wide-area web cache sharing protocol. IEEE/ACM Trans. Netw. (TON) 8(3), 281–293 (2000)
Meng, W., Li, W., Kwok, L.-F.: EFM: enhancing the performance of signature-based network intrusion detection systems using enhanced filter mechanism. Comput. Secur. 43, 189–204 (2014)
Roh, B., Kim, J.W., Ryu, K.-Y., Ryu, J.-T.: A whitelist-based countermeasure scheme using a bloom filter against SIP flooding attacks. Comput. Secur. 37, 46–61 (2013)
Geneiatakis, D., Vrakas, N., Lambrinoudakis, C.: Performance evaluation of a flooding detection mechanism for VoIP networks. In: 2009 16th International Conference on Systems, Signals and Image Processing, pp. 1–5. IEEE (2009)
Geneiatakis, D., Vrakas, N., Lambrinoudakis, C.: Utilizing bloom filters for detecting flooding attacks against SIP based services. Comput. Secur. 28(7), 578–591 (2009)
Tang, J., Cheng, Y.: Quick detection of stealthy SIP flooding attacks in VoIP networks. In: 2011 IEEE International Conference on Communications (ICC), pp. 1–5. IEEE (2011)
Akbar, A., Basha, S.M., Sattar, S.A.: Leveraging the SIP load balancer to detect and mitigate DDos attacks. In: 2015 International Conference on Green Computing and Internet of Things (ICGCIoT), pp. 1204–1208. IEEE (2015)
Golait, D., Hubballi, N.: VoIPFD: voice over IP flooding detection. In: 2016 Twenty Second National Conference on Communication (NCC), pp. 1–6. IEEE (2016)
Ryu, J.-T., Roh, B.-H., Ryu, K.-Y.: Detection of SIP flooding attacks based on the upper bound of the possible number of SIP messages. KSII Trans. Internet Inf. Syst. 3(5), 507–526 (2009)
Mehić, M., Mikulec, M., Voznak, M., Kapicak, L.: Creating covert channel using SIP. In: Dziech, A., Czyżewski, A. (eds.) International Conference on Multimedia Communications, Services and Security, pp. 182–192. Springer, Cham (2014). doi:10.1007/978-3-319-07569-3
Acknowledgments
This work is supported by Chinese National Research Fund (NSFC) Key Project No. 61532013; National China 973 Project No. 2015CB352401; Shanghai Scientific Innovation Act of STCSM No.15JC1402400; 985 Project of Shanghai Jiao Tong University with No. WF220103001; SIT Collaborative innovation platform under Grant No. 3921NH166033; NSFC No. 61170227 and No. 61672350.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2017 Springer International Publishing AG
About this paper
Cite this paper
Wu, M. et al. (2017). Detect SIP Flooding Attacks in VoLTE by Utilizing and Compressing Counting Bloom Filter. In: Ma, L., Khreishah, A., Zhang, Y., Yan, M. (eds) Wireless Algorithms, Systems, and Applications. WASA 2017. Lecture Notes in Computer Science(), vol 10251. Springer, Cham. https://doi.org/10.1007/978-3-319-60033-8_12
Download citation
DOI: https://doi.org/10.1007/978-3-319-60033-8_12
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-60032-1
Online ISBN: 978-3-319-60033-8
eBook Packages: Computer ScienceComputer Science (R0)