Abstract
Although sharing the same physical infrastructure with data networks makes convergence attractive, it also makes Voice over Internet Protocol (VoIP) networks and applications inherit all the security weaknesses of IP protocol. In addition, VoIP converged networks come with their own set of security concerns. Voice traffic on converged networks is packet switched and vulnerable to interception with the same techniques used to sniff other traffic on a LAN or WAN. Denial of Service (DoS) attacks are one of the most critical threats to VoIP due to the disruption of service and loss of revenue they cause. VoIP systems are supposed to provide the same level of security provided by traditional PSTN networks, although more functionality and intelligence are distributed to the endpoints, and more protocols are involved to provide better service. All these factors make a new design and techniques in Intrusion Detection highly needed. In this paper we propose a novel host based intrusion detection architecture for converged VoIP applications. Our architecture uses the Communicating Extended Finite State Machines formal model to provide both stateful and cross-protocol detection. In addition, it combines signature-based and specification-based detection techniques alongside combining protocol syntax and semantics anomaly detection. A variety of attacks are implemented on our test bed, and the intrusion detection prototype shows promising efficiency. The accuracy of the prototype detection is discussed and analyzed.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Sekar, R., Gupta, A., Frullo, J., Shanbhag, T., Tiwari, A., Yang, H., Yang, Z.S.: Specification-based anomaly detection: A new approach for detecting network intrusions. In: ACM Computer and Communication Security Conference (CCS), Washington DC (2002)
Porter, T.: Practical VoIP Security, p. 6. Syngress Press (2006)
Khan, N.: The SIP Servlet Programming Model. Technology white paper (2007), http://dev2dev.bea.com
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC (2002), http://www.ietf.org/rfc/rfc3261.txt
Poikselka, M., Mayer, G., Khartabil, H., Niemi, A.: The IMS: IP Multimedia Concepts and Services in the Mobile Domain, pp. 262–279. Wiley, Sussex (2004)
Krishnakumar, A.S.: Reachability and Recurrence in Extended Finite State Machines: Modular Vector Addition Systems. In: Courcoubetis, C. (ed.) CAV 1993. LNCS, vol. 697, pp. 110–122. Springer, Heidelberg (1993)
Petrenko, A., Boroday, S., Groz, R.: Confirming Configurations in EFSM Testing. In: IEEE Transactions on Software Engineering (TSE) (2004)
Porras, P.: STAT – A State Transition Analysis Tool For Intrusion Detection. Technical Report: TRCS93-25, University of California at Santa Barbara (1993)
Vigna, G., Kemmerer, R.: NetSTAT: A Network-based Intrusion Detection Approach. In: ACSAC. Proceedings of the 14th Annual Computer Security Application Conference, Scottsdale, Arizona (1998)
Vigna, G., Robertson, W., Kher, V., Kemmerer, R.: A Stateful Intrusion Detection System for World-Wide Web Servers. In: ACSAC. Proceedings of the Annual Computer Security Applications Conference, Las Vegas, pp. 34–43 (2003)
Wu, Y., Bagchi, S., Garg, S., Singh, N., Tsai, T.: SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments. In: Proceedings of the International Conference on Dependable Systems and Networks (2004)
Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP Intrusion Detection Through Interacting Protocol State Machines. In: Proceedings of the International Conference on Dependable Systems and Networks, Philadelphia, USA (2006)
Kristensen, A.: SIP Servlet API Version 1.0 (2003), http://jcp.org
Paxon, V.: Bro: A System for Detecting Network Intruders in Real-Time. In: Proceedings of the 7th USENIX Security Symposium, San Antonio, TX (1998)
Using Netsh: Windows XP professional Product Documentation (2007), http://www.microsoft.com/resources/documentation/windows/xp/ all/proddocs/en-us/netsh.mspx?mfr=true
Barry, B.I.A., Chan, H.A.: Towards Intelligent Cross Protocol Intrusion Detection in the Next Generation Networks based on Protocol Anomaly Detection. In: Proceedings of the Ninth International Conference on Advanced Communication Technology, Phoenix Park, Republic of Korea (2007)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Barry, B.I.A., Chan, H.A. (2007). A Hybrid, Stateful and Cross-Protocol Intrusion Detection System for Converged Applications. In: Meersman, R., Tari, Z. (eds) On the Move to Meaningful Internet Systems 2007: CoopIS, DOA, ODBASE, GADA, and IS. OTM 2007. Lecture Notes in Computer Science, vol 4804. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76843-2_35
Download citation
DOI: https://doi.org/10.1007/978-3-540-76843-2_35
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-76835-7
Online ISBN: 978-3-540-76843-2
eBook Packages: Computer ScienceComputer Science (R0)