数据面的电话拒绝服务防御(TDoSD@DP)

Aldo Febro, Hannan Xiao, Joseph Spring
{"title":"数据面的电话拒绝服务防御(TDoSD@DP)","authors":"Aldo Febro, Hannan Xiao, Joseph Spring","doi":"10.1109/NOMS.2018.8406281","DOIUrl":null,"url":null,"abstract":"The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.","PeriodicalId":19331,"journal":{"name":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","volume":"6 1","pages":"1-6"},"PeriodicalIF":0.0000,"publicationDate":"2018-07-06","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Telephony Denial of Service defense at data plane (TDoSD@DP)\",\"authors\":\"Aldo Febro, Hannan Xiao, Joseph Spring\",\"doi\":\"10.1109/NOMS.2018.8406281\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.\",\"PeriodicalId\":19331,\"journal\":{\"name\":\"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium\",\"volume\":\"6 1\",\"pages\":\"1-6\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2018-07-06\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/NOMS.2018.8406281\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"NOMS 2018 - 2018 IEEE/IFIP Network Operations and Management Symposium","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/NOMS.2018.8406281","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 9

摘要

会话发起协议(SIP)是一个应用层控制协议,用于建立和终止全局部署的呼叫。攻击者发送大量SIP INVITE报文,导致合法用户无法使用电话业务的TDoS (telephone Denial of Service)事件。传统的TDoS防御通常作为网络设备来实现,并且没有充分部署以支持早期检测。为了使TDoS防御更广泛地部署并且价格合理,本文提出了TDoSD@DP,其中TDoS检测和缓解在数据平面编程,以便它可以在每个交换机端口上启用,因此可以用作分布式SIP传感器。使用这种方法,损害被隔离在特定的交换机上,并且由于不向上游发送攻击数据包而节省了带宽。已经执行了一些实验来跟踪SIP状态机并限制每个端口的活动SIP会话的数量。结果表明,TDoSD@DP能够检测和减轻正在进行的INVITE洪水攻击,保护SIP服务器,并限制对本地交换机的损害。将TDoS防御功能引入数据平面提供了一个在SIP协议下操作的新颖数据平面应用程序,并为TDoS防御实现提供了一种新的方法。
本文章由计算机程序翻译,如有差异,请以英文原文为准。
查看原文
分享 分享
微信好友 朋友圈 QQ好友 复制链接
本刊更多论文
Telephony Denial of Service defense at data plane (TDoSD@DP)
The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.
求助全文
通过发布文献求助,成功后即可免费获取论文全文。 去求助
来源期刊
自引率
0.00%
发文量
0
期刊最新文献
SSH Kernel: A Jupyter Extension Specifically for Remote Infrastructure Administration Visual emulation for Ethereum's virtual machine Analyzing throughput and stability in cellular networks Network events in a large commercial network: What can we learn? Economic incentives on DNSSEC deployment: Time to move from quantity to quality
×
引用
GB/T 7714-2015
复制
MLA
复制
APA
复制
导出至
BibTeX EndNote RefMan NoteFirst NoteExpress
×
×
提示
您的信息不完整,为了账户安全,请先补充。
现在去补充
×
提示
您因"违规操作"
具体请查看互助需知
我知道了
×
提示
现在去查看 取消
×
提示
确定
0
微信
客服QQ
Book学术公众号 扫码关注我们
反馈
×
意见反馈
请填写您的意见或建议
请填写您的手机或邮箱
已复制链接
已复制链接
快去分享给好友吧!
我知道了
×
扫码分享
扫码分享
Book学术官方微信
Book学术文献互助
Book学术文献互助群
群 号:481959085
Book学术
文献互助 智能选刊 最新文献 互助须知 联系我们:info@booksci.cn
Book学术提供免费学术资源搜索服务,方便国内外学者检索中英文文献。致力于提供最便捷和优质的服务体验。
Copyright © 2023 Book学术 All rights reserved.
ghs 京公网安备 11010802042870号 京ICP备2023020795号-1