Knowledge and Information Systems

, Volume 38, Issue 2, pp 491–510

Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony

Regular Paper

DOI: 10.1007/s10115-012-0595-5

Cite this article as:
Akbar, M.A. & Farooq, M. Knowl Inf Syst (2014) 38: 491. doi:10.1007/s10115-012-0595-5

Abstract

Security of session initiation protocol (SIP) servers is a serious concern of Voice over Internet (VoIP) vendors. The important contribution of our paper is an accurate and real-time attack classification system that detects: (1) application layer SIP flood attacks that result in denial of service (DoS) and distributed DoS attacks, and (2) Spam over Internet Telephony (SPIT). The major advantage of our framework over existing schemes is that it performs packet-based analysis using a set of spatial and temporal features. As a result, we do not need to transform network packet streams into traffic flows and thus save significant processing and memory overheads associated with the flow-based analysis. We evaluate our framework on a real-world SIP traffic—collected from the SIP server of a VoIP vendor—by injecting a number of application layer anomalies in it. The results of our experiments show that our proposed framework achieves significantly greater detection accuracy compared with existing state-of-the-art flooding and SPIT detection schemes.

Keywords

SIP Intrusion detection VoIP security SPAM Over IP Telephony  Denial of service 

Copyright information

© Springer-Verlag London 2012

Authors and Affiliations

  1. 1.Next Generation Intelligent Networks Research Center (nexGIN RC)National University of Computer & Emerging Sciences (FAST-NUCES)IslamabadPakistan