By Topic

Detecting Anomaly Traffic using Flow Data in the real VoIP network

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$31 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Hyeongu Son ; Dept. of Comput. Eng., Chungnam Nat. Univ., Daejeon, South Korea ; Youngseok Lee

As wireless LANs as well as the high-speed broadband Internet service are widely deployed, the VoIP service has become popular. Generally, a lot of commercial VoIP services use SIP and RTP for signaling and voice transport protocols. Most commercial VoIP service providers employ only simple security functions such as basic authentication without packet encryption because of fast implementation and deployment. Therefore, the VoIP service is highly vulnerable to several threats and attacks, because secure protocols for carrying VoIP packets are not fully utilized. For instance, unencrypted SIP packets including authentication messages could be easily forged to be exploited for generating anomaly traffic by malicious users. In this paper, we propose a flow-based VoIP anomaly traffic detection method that could find three representative VoIP anomaly attacks of SIP CANCEL, BYE DoS and RTP flooding that could be easily exploited in the real VoIP network. Our scheme uses the IETF IPFIX standard for monitoring VoIP calls in flow units. From the experiments with the commercial SIP phones in the real VoIP network, we show that SIP CANCEL, BYE DoS and RTP flooding attacks are easily generated and that they could be detected effectively by our proposed method.

Published in:

Applications and the Internet (SAINT), 2010 10th IEEE/IPSJ International Symposium on

Date of Conference:

19-23 July 2010