Skip to main content
Log in

Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony

  • Regular Paper
  • Published:
Knowledge and Information Systems Aims and scope Submit manuscript

Abstract

Security of session initiation protocol (SIP) servers is a serious concern of Voice over Internet (VoIP) vendors. The important contribution of our paper is an accurate and real-time attack classification system that detects: (1) application layer SIP flood attacks that result in denial of service (DoS) and distributed DoS attacks, and (2) Spam over Internet Telephony (SPIT). The major advantage of our framework over existing schemes is that it performs packet-based analysis using a set of spatial and temporal features. As a result, we do not need to transform network packet streams into traffic flows and thus save significant processing and memory overheads associated with the flow-based analysis. We evaluate our framework on a real-world SIP traffic—collected from the SIP server of a VoIP vendor—by injecting a number of application layer anomalies in it. The results of our experiments show that our proposed framework achieves significantly greater detection accuracy compared with existing state-of-the-art flooding and SPIT detection schemes.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7

Similar content being viewed by others

References

  1. Akbar M, Farooq M (2009) Application of evolutionary algorithms in detection of sip based flooding attacks. In: Proceedings of the 11th annual conference on genetic and evolutionary computation. ACM, pp 1419–1426

  2. Akbar M, Tariq Z, Farooq M (2008) A comparative study of anomaly detection algorithms for detection of SIP flooding in IMS. In: International conference on IP multimedia subsystem architecture and applications

  3. Branch J, Giannella C, Szymanski B, Wolff R, Kargupta H (2012) In-network outlier detection in wireless sensor networks. Knowl Inf Syst, pp 1–32. doi:10.1007/s10115-011-0474-5

  4. Chaisamran N, Okuda T, Blanc G, Yamaguchi S (2011) Trust-based voip spam detection based on call duration and human relationships. In: Applications and the internet (SAINT), 2011 IEEE/IPSJ 11th international symposium on. IEEE, pp 451–456

  5. Chen Z, Wen W, Yu D (2012) Detecting sip flooding attacks on ip multimedia subsystem (ims). In: Computing, networking and communications (ICNC), 2012 international conference on. IEEE, pp 154–158

  6. Ehlert S, Rebahi Y, Magedanz T (2009) Intrusion detection system for denial-of-service flooding attacks in sip communication networks. Int J Secur Netw 4(3):189–200

    Article  Google Scholar 

  7. Fawcett T (2004) ROC graphs: notes and practical considerations for researchers. Mach Learn 31:1–38

    Google Scholar 

  8. Geneiatakis D, Vrakas N, Lambrinoudakis C (2009) Performance evaluation of a flooding detection mechanism for voip networks. In: Systems, signals and image processing, 2009. IWSSIP 2009. 16th international conference on. IEEE, pp 1–5

  9. Gundecha P, Barbier G, Liu H (2011) Exploiting vulnerability to secure user privacy on a social networking site. In: Proceedings of the 17th ACM SIGKDD international conference on knowledge discovery and data mining. ACM, pp 511–519

  10. Ipoque (2007) Internet study 2007. http://www.ipoque.com/resources/internet-studies/internet-study-2007

  11. Jung T, Martin S, Ernst D, Leduc G (2012) Sprt for spit: using the sequential probability ratio test for spam in voip prevention. Dependable Netw Serv 7279:74–85

    Google Scholar 

  12. Keromytis A (2011) A comprehensive survey of voice over ip security research. Commun Surv Tutor IEEE (99):1–24

  13. Kumar G, Rahul A, Joonuthula K (2011) Voip flood detection using jacobson fast and hellinger distance algorithms. J Commun Comput 8(5):347–353

    Google Scholar 

  14. Liu L (2011) Uncovering sip vulnerabilities to dos attacks using coloured petri nets. In: Trust, security and privacy in computing and communications (TrustCom), 2011 IEEE 10th international conference on. IEEE, pp 29–36

  15. Maron M, Kuhns J (1960) On relevance, probabilistic indexing and information retrieval. J Assoc Comput Mach 7:216–244

    Article  Google Scholar 

  16. McCue C (2011) Operational security analytics: doing more with less. In: Proceedings of the 17th ACM SIGKDD international conference on knowledge discovery and data mining. ACM, pp 782–782

  17. McGann S, Sicker D (2005) An analysis of security threats and tools in SIP-based VoIP systems. In: Second VoIP security workshop

  18. Nassar M, State R, Festor O (2008) Monitoring sip traffic using support vector machines. In: RAID ’08: Proceedings of the 11th international symposium on recent advances in intrusion detection. Springer, Berlin, Heidelberg, pp 311–330

  19. Ono K, Schulzrinne H (2009) Have i met you before?: using cross-media relations to reduce spit. In: Proceedings of the 3rd international conference on principles, systems and applications of IP telecommunications. ACM, p 3

  20. Ormazabal G, Nagpal S, Yardeni E, Schulzrinne H (2008) Secure SIP: a scalable prevention mechanism for DoS attacks on SIP based VoIP systems. In: Principles, systems and applications of IP telecommunications. Services and security for next generation networks, vol 5310. Springer, Heidelberg, pp 107–132

  21. Packet vs flow-based anomaly detection (n.d.). Whitepaper, ESPHION Network Disaster Protection

  22. Pham D-S, Saha B, Phung D, Venkatesh S (2012) Detection of cross-channel anomalies. Knowl Inf Syst, pp 1–27. doi:10.1007/s10115-012-0509-6

  23. Quinlan J (1993) C4.5: programs for machine learning. Morgan Kaufmann, Los Altos

    Google Scholar 

  24. Quittek J, Niccolini S, Tartarelli S, Schlegel R (2006) Prevention of Spam over IP Telephony (SPIT). NEC Tech J 1(2):114–119

    Google Scholar 

  25. Radermacher T (2005) Spam prevention in voice over IP networks. University of Salzburg, Salzburg

    Google Scholar 

  26. Rafique M, Ali Akbar M, Farooq M (2009) Evaluating dos attacks against sip-based voip systems. In: Global telecommunications conference, 2009. GLOBECOM 2009, IEEE. IEEE, pp 1–6

  27. SANS-Institute (2007) SANS Top-20 2007 security risks. http://www.sans.org/top20/

  28. Sengar H, Wang H, Wijesekera D, Jajodia S (2006) Fast detection of denial-of-service attacks on ip telephony. In: Quality of service, 2006. IWQoS 2006. 14th IEEE international workshop on. IEEE, pp 199–208

  29. Sengar H, Wang H, Wijesekera D, Jajodia S (2008) Detecting VoIP floods using the Hellinger distance. IEEE Trans Parallel Distrib Syst 19(6):794–805

    Article  Google Scholar 

  30. Sengar H, Wang X, Nichols A (2011) Thwarting spam over internet telephony (spit) attacks on voip networks. In: Quality of Service (IWQoS), 2011 IEEE 19th international workshop on. IEEE, pp 1–3

  31. Sisalem D, Kuthan J, Ehlert S, Fokus F (2006) Denial of service attacks targeting a SIP VoIP infrastructure: attack scenarios and prevention mechanisms. IEEE Netw 20(5):26–31

    Article  Google Scholar 

  32. Tang J, Cheng Y, Zhou C (2009) Sketch-based sip flooding detection using hellinger distance. In: Global telecommunications conference, 2009. GLOBECOM 2009, IEEE. IEEE, pp 1–6

  33. Thandeeswaran R, Asha A et al (2012) Novel survey on detection of ddos attack using traceback technique in voip networks. Int J Math Arch (IJMA) 2(12):2712–2720

    Google Scholar 

  34. The-VoIP-Network (2008) VoIP market trends. http://www.the-voip-network.com/voipmarket.html/

  35. Vaidya J, Yu H, Jiang X (2008) Privacy-preserving svm classification. Knowl Inf Syst 14:161–178. doi:10.1007/s10115-007-0073-7

    Google Scholar 

  36. Witten I, Frank E (2005) Data mining: practical machine learning tools and techniques, 2nd edn. Morgan Kaufmann, Los Altos

    Google Scholar 

  37. Wu Y, Bagchi S, Singh N, Wita R (2009) Spam detection in voice-over-ip calls through semi-supervised clustering. In: Dependable systems & networks, 2009. DSN’09. IEEE/IFIP international conference on. IEEE, pp 307–316

  38. Yang B, Sato I, Nakagawa H (2011) Secure clustering in private networks. In: Data mining (ICDM), 2011 IEEE 11th international conference on. IEEE, pp 894–903

Download references

Acknowledgments

This work is supported by the National ICT R&D Fund, Ministry of Information Technology, Government of Pakistan. The information, data, comments, and views detailed herein may not necessarily reflect the endorsements of views of the National ICT R&D Fund.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Muhammad Ali Akbar.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Akbar, M.A., Farooq, M. Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony. Knowl Inf Syst 38, 491–510 (2014). https://doi.org/10.1007/s10115-012-0595-5

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10115-012-0595-5

Keywords

Navigation