Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Voice over IP (VoIP) services hold promise because of their offered features and low cost. Most VoIP networks depend on the Session Initiation Protocol (SIP) to handle signaling functions. The SIP is a text-based protocol that is vulnerable to many attacks. Denial of Service (DoS) and distributed denial of service (DDoS) attacks are the most harmful types of attacks, because they drain VoIP resources and render SIP service unavailable to legitimate users. In this paper, we present recently introduced approaches to detect DoS and DDoS attacks, and classify them based on various factors. We then analyze these approaches according to various characteristics; furthermore, we investigate the main strengths and weaknesses of these approaches. Finally, we provide some remarks for enhancing the surveyed approaches and highlight directions for future research to build effective detection solutions.

Detection of Intruders and Flooding in VoIP using IDS, Jacobson Fast and Hellinger Distance Algorithms

VoIP services are becoming increasingly a big competition to existing telephony services (PSTN). Hence, the need arises to protect VoIP services from all kinds of attacks that target network bandwidth, server capacity or server architectural constrains. SIP Protocol is used for VoIP connection establishment. It works based on either TCP or UDP Protocols. This protocol structure is almost as same as HTTP Protocol, i.e. for every request there will be some response, even though the request is invalid. HTTP Protocol is prone to flooding attacks, like SYN-Flood attack. Because of Session Initiation Protocol (SIP) is same as HTTP, SIP is also prone to Flooding attacks. The proposed Intrusion Detection System (IDS) is used to detect the intruders in telephony system. Genetic algorithm is used to recognize the authorized user. VoIP Flood Detection System (VFDS) is aimed to detect TCP Flooding attacks and SIP Flooding attacks on SIP devices using Jacobian Fast and Hellinger distance algorithms. The Jacobian Fast Algorithm fixes the threshold limit and Hellinger distance calculation is a statistical anomaly based algorithm uses to detect deviation in traffic