Abstract
NGN (Next Generation Network) is often called all-IP network as the general idea behind NGN is that one network transports all information and services. When NGN is deployed in a large scale, VoIP will eventually replace PSTN, the traditional model of voice telephony. While VoIP promises both low cost and a variety of advanced services, it may entail security vulnerabilities. Unlike PSTN, intelligence is placed at the edge and the security measures are not incorporated into the network. VoIP-specific attacks have already been introduced, of which the ringing-based DoS attack belongs. In this paper, we propose a detection system of the ringing-based DoS attacks. We model the normal traffic of legitimate users with the gamma distribution and then quantify the discrepancy between the normal traffic and the attack traffic with Pearson’s chi-square statistic. Simulation results show that the proposed detection system can reliably detect the ringing-based DoS attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Abidogun, O.A.: Data mining, fraud detection and mobile telecommunications: Call pattern analysis with unsupervised neural networks. Master’s thesis, University of the Wester Cape (August 2005)
Basseville, M., Nikiforov, I.V.: Detection of Abrupt Changes: Theory and Application. Prentice-Hall, Englewood Cliffs (1993)
Benini, M., Sicari, S.: Assessing the risk of intercepting VoIP calls. Computer Networks 52(12), 2432–2446 (2008)
Carl, G., Kesidis, G., Brooks, R.R., Rai, S.: Denial-of-service attack-detection techniques. IEEE Internet Computing 10(1), 82–89 (2006)
Chen, E.Y.: Detecting DoS attacks on SIP systems. In: 1st IEEE Workshop on VoIP Management and Security, pp. 53–58. IEEE, Los Alamitos (2006)
Chen, E.Y., Itoh, M.: Scalable detection of SIP fuzzing attacks. In: SECURWARE, pp. 114–119. IEEE, Los Alamitos (2008)
Conner, W., Nahrstedt, K.: Protecting SIP proxy servers from ringing-based denial-of-service attacks. In: ISM, pp. 340–347. IEEE Computer Society, Los Alamitos (2008)
Dang, T.D., Sonkoly, B., Molnar, S.: Fractal analysis and modeling of VoIP traffic. In: Telecommunications Network Strategy and Planning Symposium, Networks 2004, pp. 123–130 (2004)
Feinstein, L., Schnackenberg, D., Balupari, R., Kindred, D.: Statistical approaches to DDoS attack detection and response. In: DISCEX, vol. (1), pp. 303–314. IEEE Computer Society, Los Alamitos (2003)
Fuchs, C., Aschenbruck, N., Leder, F., Martini, P.: Detecting VoIP based DoS attacks at the public safety answering point. In: ASIACCS, pp. 148–155. ACM, New York (2008)
Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., Sisalem, D.: Survey of security vulnerabilities in session initiation protocol. IEEE Communications Surveys and Tutorials 8(1-4), 68–81 (2006)
Gonzalez, M.C., Hidalgo, C.A., Barabási, A.-L.: Understanding individual human mobility patterns. Nature 453, 779–782 (2008)
Gupta, P., Shmatikov, V.: Security analysis of Voice-over-IP protocols. In: CSF, pp. 49–63. IEEE Computer Society, Los Alamitos (2007)
Heger, M.: Human travel patterns surprisingly predictable. IEEE Spectrum Magazine (June 2008), http://www.spectrum.ieee.org/telecom/wireless/human-travel-patterns-surprisingly-predictable
Hines, M.: Attackers get chatty on VoIP. PCWorld (May 2007), http://www.pcworld.com/businesscenter/article/132389/
Juels, A., Brainard, J.G.: Client puzzles: A cryptographic countermeasure against connection depletion attacks. In: NDSS.The Internet Society (1999)
Kandula, S., Katabi, D., Jacob, M., Berger, A.: Botz-4-sale: Surviving organized DDoS attacks that mimic flash crowds. In: NSDI. USENIX (2005)
Lee, H., Park, K.: On the effectiveness of probabilistic packet marking for IP traceback under denial of service attack. In: INFOCOM, pp. 338–347. IEEE, Los Alamitos (2001)
Lemon, J.: Resisting SYN flood DoS attacks with a SYN cache. In: BSDCon, pp. 89–97. USENIX (2002)
Leu, F.-Y., Yang, W.-J.: Intrusion detection with CUSUM for TCP-based DDoS. In: Enokido, T., Yan, L., Xiao, B., Kim, D.Y., Dai, Y.-S., Yang, L.T. (eds.) EUC-WS 2005. LNCS, vol. 3823, pp. 1255–1264. Springer, Heidelberg (2005)
Mirkovic, J., Reiher, P.L.: A taxonomy of DDoS attack and DDoS defense mechanisms. Computer Communication Review 34(2), 39–53 (2004)
Moore, D., Shannon, C., Brown, D.J., Voelker, G.M., Savage, S.: Inferring internet denial-of-service activity. In: USENIX Security Symposium. USENIX (2001)
Ohsita, Y., Ata, S., Murata, M.: Detecting distributed denial-of-service attacks by analyzing TCP SYN packets statistically. IEICE Transactions 89-B(10), 2868–2877 (2006)
Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting SPIT calls by checking human communication patterns. In: ICC, pp. 1979–1984. IEEE, Los Alamitos (2007)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261, IETF (June 2002)
Russell, T.: Session Initiation Protocol (SIP): Controlling Convergent Networks. McGraw-Hill Osborne Media, New York (2008)
Schulzrinne, H., Casner, S.L., Frederick, R., Jacobson, V.: RTP: A transport protocol for real-time applications. RFC 3550 (July 2003)
Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19(6), 794–805 (2008)
Seo, D., Lee, H., Nuwere, E.: Detecting more SIP attacks on VoIP services by combining rule matching and state transition models. In: SEC. IFIP, vol. 278, pp. 397–411. Springer, Heidelberg (2008)
Sicker, D.C., Lookabaugh, T.D.: VoIP security: Not an afterthought. ACM Queue 2(6), 56–64 (2004)
Siris, V.A., Papagalou, F.: Application of anomaly detection algorithms for detecting SYN flooding attacks. Computer Communications 29(9), 1433–1442 (2006)
Sparks, R.: SIP: basics and beyond. ACM Queue 5(2), 22–33 (2007)
Walpole, R.E., Myers, R.H., Myers, S.L., Ye, K.: Probability and Statistics for Engineers and Scientists. Prentice-Hall, Englewood Cliffs (2006)
Wang, H., Zhang, D., Shin, K.G.: Detecting SYN flooding attacks. In: INFOCOM, IEEE, Los Alamitos (2002)
Wikipedia. Normal distribution, http://en.wikipedia.org/wiki/Normal_distribution
Wikipedia. Pearson’s chi-square test, http://en.wikipedia.org/wiki/Pearson%27s_chi-square_test
Zhang, R., Wang, X., Yang, X., Farley, R., Jiang, X.: An empirical investigation into the security of phone features in SIP-based VoIP systems. In: Bao, F., Li, H., Wang, G. (eds.) ISPEC 2009. LNCS, vol. 5451, pp. 59–70. Springer, Heidelberg (2009)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yum, D.H., Kim, S.Y., Moon, H., Kim, MY., Roh, JH., Lee, P.J. (2009). Detecting Ringing-Based DoS Attacks on VoIP Proxy Servers. In: Youm, H.Y., Yung, M. (eds) Information Security Applications. WISA 2009. Lecture Notes in Computer Science, vol 5932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10838-9_25
Download citation
DOI: https://doi.org/10.1007/978-3-642-10838-9_25
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10837-2
Online ISBN: 978-3-642-10838-9
eBook Packages: Computer ScienceComputer Science (R0)