Detecting Denial of Service Attacks on SIP Based Services and Proposing Solutions

One of the main goals of employing Next Generation Networks (NGN) is an integrated access to the multimedia services like Voice over IP (VoIP), and IPTV. The primary signaling protocol in these multimedia services is Session Initiation Protocol (SIP). This protocol, however, is vulnerable to attacks, which may impact the Quality of Service (QoS), which is an important feature in NGN. One of the most frequent attacks is Denial of Service (DoS) attack, which is generated easily, but its detection is not trivial. In this chapter, a framework is proposed to detect Denial of Service attacks and a few other forms of intrusions, and then we react accordingly. The proposed detection engine combines the specification- and anomaly-based intrusion detection techniques. The authors set up a test-bed and generate a labeled dataset. The traffic generated for the test-bed is composed of two types of SIP packets: attack and normal. They then record the detection rates and false alarms based on the labeled dataset. The experimental results demonstrate that the proposed approach can successfully detect intruders and limit their accesses. The results also confirm that the framework is scalable and robust.