Abstract
In this article, we present the design of an intrusion detection system for voice over IP (VoIP) networks. The first part of our work consists of a simple single- component intrusion detection system called Scidive. In the second part, we extend the design of Scidive and build a distributed and correlation-based intrusion detection system called Space Dive. We create several attack scenarios and evaluate the accuracy and efficiency of the system in the face of these attacks. To the best of our knowledge, this is the first comprehensive look at the problem of intrusion detection in VoIP systems. It includes treatment of the challenges faced due to the distributed nature of the system, the nature of the VoIP traffic, and the specific kinds of attacks at such systems.
Similar content being viewed by others
References
ITU-T: Packet-based multimedia communications systems. Recommendation H.323 February (1998)
Handley, M. et al.: SIP: Session Initiation Protocol. RFC 2543, March (1999)
Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications. IETF, RFC 3550, July (2003)
Arango, M. et al.: Media Gateway Control Protocol (MGCP) Version 1.0. RFC 2705 October (1999)
Cuervo, F. et al.: Megaco Protocol Version 1.0. RFC 3015, November (2000)
Baugher, M. et al.: The Secure Real-time Transport Protocol (SRTP). RFC 3711. March (2004)
The Snort Intrusion Detection System: http://www.snort.org
Express Router, S.I.P.: (ser) http://www.iptel.org/ser/
Prelude Hybrid IDS. Available at: http://www.prelude-ids.org
Software, I.B.M.: IBM Tivoli Intrusion Manager. Available at: http://www.ibm.com/software/tivoli/products/intrusionmgr/
Giovanni Vigna: William Robertson, Vishal Kher, Richard A. Kemmerer: A stateful intrusion detection system for world-wide web servers. In: Proceedings of the 19th Annual Computer Security Applications Conference. Las Vegas, Nevada 8–12 December 2003
Debian GNU/Linux: KDE K-Phone. Available at: http://www.wirlab.net/kphone/
Microsoft, “MSN Messenger v. 6.1,” Available at: http://www.messenger.msn.com/
ITU-T: Call Signaling protocols and media stream packetization for packet-based multimedia communication systems. Recommendation H.225.0, February (1988)
ITU-T: Control protocol for multimedia communication. Recommendation H.245, September (1988)
tcpdump/libpcap, Available at: http://www.tcpdump.org/
Author information
Authors and Affiliations
Corresponding author
Additional information
Y.-S. Wu and V. Apte contributed equally to the paper.
Rights and permissions
About this article
Cite this article
Wu, YS., Apte, V., Bagchi, S. et al. Intrusion detection in voice over IP environments. Int. J. Inf. Secur. 8, 153–172 (2009). https://doi.org/10.1007/s10207-008-0071-0
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-008-0071-0