Loading...
Please wait, while we are loading the content...
Similar Documents
Security of voip analysis, testing and mitigation of sip-based ddos attacks on voip networks (2008).
| Content Provider | CiteSeerX |
|---|---|
| Abstract | Voice over IP (VoIP) is gaining more popularity in today‟s communications. The Session Initiation Protocol (SIP) is becoming one of the dominant VoIP signalling protocol[1, 2], however it is vulnerable to many kinds of attacks. Among these attacks, flood-based denial of service attacks have been identified as the major threat to SIP. Even though a great deal of research has been carried out to mitigate denial of service attacks, only a small proportion has been specific to SIP. This project examines the way denial of service attacks affect the performance of a SIP-based system and two evolutionary solutions to this problem that build on each other are proposed with experimental results to demonstrate the effectiveness of each solution. In stage one, this project proposes the Security-Enhanced SIP System (SESS), which contains a security-enhanced firewall, which evolved from the work of stage one and a security-enhanced SIP proxy server. This approach helps to improve the Quality-of-Service (QoS) of legitimate users during the SIP flooding attack, while maintaining a 100 percent success rate in blocking attack traffic. However, this system only mitigates SIP INVITE and REGISTER floods. In stage two, this project further advances SESS, and proposes an Improved Security-Enhanced SIP System (ISESS). ISESS advances the solution by blocking other SIP request floods, for example CANCEL, OK and BYE flood. JAIN Service Logic Execution Environment (JAIN SLEE) is a java-based application server specifically designed for event-driven applications. JAIN SLEE is used to implement enhancements of the SIP proxy server, as it is becoming a popular choice in implementing communication applications. The experimental results show that during a SIP flood, ISESS cannot only drop all attack packets but also the call setup delay of legitimate users can be improved substantially compared to and unsecured VoIP system. |
| File Format | |
| Publisher Date | 2008-01-01 |
| Access Restriction | Open |
| Subject Keyword | Service Attack Voip Network Sip-based Ddos Attack Voip Analysis Jain Slee Legitimate User Experimental Result Security-enhanced Sip Proxy Server Sip Request Flood Evolutionary Solution Example Cancel Sip Invite Security-enhanced Firewall Call Setup Delay Bye Flood Percent Success Rate Project Advance Sess Event-driven Application Way Denial Unsecured Voip System Popular Choice Jain Service Logic Execution Environment Major Threat Small Proportion Attack Traffic Dominant Voip Sip-based System Many Kind Great Deal Sip Flooding Attack Register Flood Communication Application Java-based Application Server Improved Security-enhanced Sip System Flood-based Denial Sip Proxy Server Session Initiation Protocol Attack Packet Security-enhanced Sip System Sip Flood |
| Content Type | Text |
