Skip to main content
SpringerLink
Log in

Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers

  • Conference paper
Information Security Applications (WISA 2009)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5932))

Included in the following conference series:

  • 1144 Accesses

Abstract

NGN (Next Generation Network) is often called all-IP network as the general idea behind NGN is that one network transports all information and services. When NGN is deployed in a large scale, VoIP will eventually replace PSTN, the traditional model of voice telephony. While VoIP promises both low cost and a variety of advanced services, it may entail security vulnerabilities. Unlike PSTN, intelligence is placed at the edge and the security measures are not incorporated into the network. VoIP-specific attacks have already been introduced, of which the ringing-based DoS attack belongs. In this paper, we propose a detection system of the ringing-based DoS attacks. We model the normal traffic of legitimate users with the gamma distribution and then quantify the discrepancy between the normal traffic and the attack traffic with Pearson’s chi-square statistic. Simulation results show that the proposed detection system can reliably detect the ringing-based DoS attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Abidogun, O.A.: Data mining, fraud detection and mobile telecommunications: Call pattern analysis with unsupervised neural networks. Master’s thesis, University of the Wester Cape (August 2005)

    Google Scholar 

  2. Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall, Englewood Cliffs (1993)

    Google Scholar 

  3. Benini, M., Sicari, S.: Assessing the risk of intercepting VoIP calls. Computer Networks 52(12), 2432–2446 (2008)

    Article  Google Scholar 

  4. Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-service attack-detection techniques. IEEE Internet Computing 10(1), 82–89 (2006)

    Article  Google Scholar 

  5. Chen, E.Y.: Detecting DoS attacks on SIP systems. In: 1st IEEE Workshop on VoIP Management and Security, pp. 53–58. IEEE, Los Alamitos (2006)

    Google Scholar 

  6. Chen, E.Y., Itoh, M.: Scalable detection of SIP fuzzing attacks. In: SECURWARE, pp. 114–119. IEEE, Los Alamitos (2008)

    Google Scholar 

  7. Conner, W., Nahrstedt, K.: Protecting SIP proxy servers from ringing-based denial-of-service attacks. In: ISM, pp. 340–347. IEEE Computer Society, Los Alamitos (2008)

    Google Scholar 

  8. Dang, T.D., Sonkoly, B., Molnar, S.: Fractal analysis and modeling of VoIP traffic. In: Telecommunications Network Strategy and Planning Symposium, Networks 2004, pp. 123–130 (2004)

    Google Scholar 

  9. Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: DISCEX, vol. (1), pp. 303–314. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  10. Fuchs, C., Aschenbruck, N., Leder, F., Martini, P.: Detecting VoIP based DoS attacks at the public safety answering point. In: ASIACCS, pp. 148–155. ACM, New York (2008)

    Chapter  Google Scholar 

  11. Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., Sisalem, D.: Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys and Tutorials 8(1-4), 68–81 (2006)

    Article  Google Scholar 

  12. Gonzalez, M.C., Hidalgo, C.A., Barabási, A.-L.: Understanding individual human mobility patterns. Nature 453, 779–782 (2008)

    Article  Google Scholar 

  13. Gupta, P., Shmatikov, V.: Security analysis of Voice-over-IP protocols. In: CSF, pp. 49–63. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  14. Heger, M.: Human travel patterns surprisingly predictable. IEEE Spectrum Magazine (June 2008), http://www.spectrum.ieee.org/telecom/wireless/human-travel-patterns-surprisingly-predictable

  15. Hines, M.: Attackers get chatty on VoIP. PCWorld (May 2007), http://www.pcworld.com/businesscenter/article/132389/

  16. Juels, A., Brainard, J.G.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: NDSS.The Internet Society (1999)

    Google Scholar 

  17. Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In: NSDI. USENIX (2005)

    Google Scholar 

  18. Lee, H., Park, K.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: INFOCOM, pp. 338–347. IEEE, Los Alamitos (2001)

    Google Scholar 

  19. Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: BSDCon, pp. 89–97. USENIX (2002)

    Google Scholar 

  20. Leu, F.-Y., Yang, W.-J.: Intrusion detection with CUSUM for TCP-based DDoS. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 1255–1264. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

  21. Mirkovic, J., Reiher, P.L.: A taxonomy of DDoS attack and DDoS defense mechanisms. Computer Communication Review 34(2), 39–53 (2004)

    Article  Google Scholar 

  22. Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: USENIX Security Symposium. USENIX (2001)

    Google Scholar 

  23. Ohsita, Y., Ata, S., Murata, M.: Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically. IEICE Transactions 89-B(10), 2868–2877 (2006)

    Google Scholar 

  24. Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT calls by checking human communication patterns. In: ICC, pp. 1979–1984. IEEE, Los Alamitos (2007)

    Google Scholar 

  25. Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)

    Google Scholar 

  26. Russell, T.: Session Initiation Protocol (SIP): Controlling Convergent Networks. McGraw-Hill Osborne Media, New York (2008)

    Google Scholar 

  27. Schulzrinne, H., Casner, S.L., Frederick, R., Jacobson, V.: RTP: A transport protocol for real-time applications. RFC 3550 (July 2003)

    Google Scholar 

  28. Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19(6), 794–805 (2008)

    Article  Google Scholar 

  29. Seo, D., Lee, H., Nuwere, E.: Detecting more SIP attacks on VoIP services by combining rule matching and state transition models. In: SEC. IFIP, vol. 278, pp. 397–411. Springer, Heidelberg (2008)

    Google Scholar 

  30. Sicker, D.C., Lookabaugh, T.D.: VoIP security: Not an afterthought. ACM Queue 2(6), 56–64 (2004)

    Article  Google Scholar 

  31. Siris, V.A., Papagalou, F.: Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications 29(9), 1433–1442 (2006)

    Article  Google Scholar 

  32. Sparks, R.: SIP: basics and beyond. ACM Queue 5(2), 22–33 (2007)

    Article  Google Scholar 

  33. Walpole, R.E., Myers, R.H., Myers, S.L., Ye, K.: Probability and Statistics for Engineers and Scientists. Prentice-Hall, Englewood Cliffs (2006)

    Google Scholar 

  34. Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: INFOCOM, IEEE, Los Alamitos (2002)

    Google Scholar 

  35. Wikipedia. Normal distribution, http://en.wikipedia.org/wiki/Normal_distribution

  36. Wikipedia. Pearson’s chi-square test, http://en.wikipedia.org/wiki/Pearson%27s_chi-square_test

  37. Zhang, R., Wang, X., Yang, X., Farley, R., Jiang, X.: An empirical investigation into the security of phone features in SIP-based VoIP systems. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 59–70. Springer, Heidelberg (2009)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Information Security Lab, POSTECH, Republic of Korea

    Dae Hyun Yum, Sun Young Kim & Pil Joong Lee

  2. Central R&D Lab, KT, Republic of Korea

    HoKun Moon, Mi-Yeon Kim & Jae-Hoon Roh

Authors
  1. Dae Hyun Yum
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sun Young Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. HoKun Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mi-Yeon Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Jae-Hoon Roh
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Pil Joong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information Security Engineering, Soonchunhyang University, 646, Eupnae-ri, Shinchang-myun, Asan-si, Chungnam-do, 336-745, Korea

    Heung Youl Youm

  2. Computer Science Department, Google Inc. and Columbia University, Room 464, S.W. Mudd Building, NY 10027, New York, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2009 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yum, D.H., Kim, S.Y., Moon, H., Kim, MY., Roh, JH., Lee, P.J. (2009). Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_25

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-10838-9_25

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-10837-2

  • Online ISBN: 978-3-642-10838-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation