{"title":"利用实际VoIP网络中的流量数据检测异常流量","authors":"Hyeongu Son, Youngseok Lee","doi":"10.1109/SAINT.2010.108","DOIUrl":null,"url":null,"abstract":"As wireless LANs as well as the high-speed broadband Internet service are widely deployed, the VoIP service has become popular. Generally, a lot of commercial VoIP services use SIP and RTP for signaling and voice transport protocols. Most commercial VoIP service providers employ only simple security functions such as basic authentication without packet encryption because of fast implementation and deployment. Therefore, the VoIP service is highly vulnerable to several threats and attacks, because secure protocols for carrying VoIP packets are not fully utilized. For instance, unencrypted SIP packets including authentication messages could be easily forged to be exploited for generating anomaly traffic by malicious users. In this paper, we propose a flow-based VoIP anomaly traffic detection method that could find three representative VoIP anomaly attacks of SIP CANCEL, BYE DoS and RTP flooding that could be easily exploited in the real VoIP network. Our scheme uses the IETF IPFIX standard for monitoring VoIP calls in flow units. From the experiments with the commercial SIP phones in the real VoIP network, we show that SIP CANCEL, BYE DoS and RTP flooding attacks are easily generated and that they could be detected effectively by our proposed method.","PeriodicalId":381377,"journal":{"name":"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2010-07-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"11","resultStr":"{\"title\":\"Detecting Anomaly Traffic using Flow Data in the real VoIP network\",\"authors\":\"Hyeongu Son, Youngseok Lee\",\"doi\":\"10.1109/SAINT.2010.108\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"As wireless LANs as well as the high-speed broadband Internet service are widely deployed, the VoIP service has become popular. Generally, a lot of commercial VoIP services use SIP and RTP for signaling and voice transport protocols. Most commercial VoIP service providers employ only simple security functions such as basic authentication without packet encryption because of fast implementation and deployment. Therefore, the VoIP service is highly vulnerable to several threats and attacks, because secure protocols for carrying VoIP packets are not fully utilized. For instance, unencrypted SIP packets including authentication messages could be easily forged to be exploited for generating anomaly traffic by malicious users. In this paper, we propose a flow-based VoIP anomaly traffic detection method that could find three representative VoIP anomaly attacks of SIP CANCEL, BYE DoS and RTP flooding that could be easily exploited in the real VoIP network. Our scheme uses the IETF IPFIX standard for monitoring VoIP calls in flow units. From the experiments with the commercial SIP phones in the real VoIP network, we show that SIP CANCEL, BYE DoS and RTP flooding attacks are easily generated and that they could be detected effectively by our proposed method.\",\"PeriodicalId\":381377,\"journal\":{\"name\":\"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2010-07-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"11\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/SAINT.2010.108\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2010 10th IEEE/IPSJ International Symposium on Applications and the Internet","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/SAINT.2010.108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Detecting Anomaly Traffic using Flow Data in the real VoIP network
As wireless LANs as well as the high-speed broadband Internet service are widely deployed, the VoIP service has become popular. Generally, a lot of commercial VoIP services use SIP and RTP for signaling and voice transport protocols. Most commercial VoIP service providers employ only simple security functions such as basic authentication without packet encryption because of fast implementation and deployment. Therefore, the VoIP service is highly vulnerable to several threats and attacks, because secure protocols for carrying VoIP packets are not fully utilized. For instance, unencrypted SIP packets including authentication messages could be easily forged to be exploited for generating anomaly traffic by malicious users. In this paper, we propose a flow-based VoIP anomaly traffic detection method that could find three representative VoIP anomaly attacks of SIP CANCEL, BYE DoS and RTP flooding that could be easily exploited in the real VoIP network. Our scheme uses the IETF IPFIX standard for monitoring VoIP calls in flow units. From the experiments with the commercial SIP phones in the real VoIP network, we show that SIP CANCEL, BYE DoS and RTP flooding attacks are easily generated and that they could be detected effectively by our proposed method.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
