Hemant Sengar, Haining Wang, D. Wijesekera, S. Jajodia
{"title":"Fast Detection of Denial-of-Service Attacks on IP Telephony","authors":"Hemant Sengar, Haining Wang, D. Wijesekera, S. Jajodia","doi":"10.1109/IWQOS.2006.250469","DOIUrl":null,"url":null,"abstract":"Recently voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks","PeriodicalId":248938,"journal":{"name":"200614th IEEE International Workshop on Quality of Service","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"69","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"200614th IEEE International Workshop on Quality of Service","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQOS.2006.250469","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 69
Abstract
Recently voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
