Hemant Sengar, Haining Wang, D. Wijesekera, S. Jajodia
{"title":"IP电话拒绝服务攻击的快速检测","authors":"Hemant Sengar, Haining Wang, D. Wijesekera, S. Jajodia","doi":"10.1109/IWQOS.2006.250469","DOIUrl":null,"url":null,"abstract":"Recently voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks","PeriodicalId":248938,"journal":{"name":"200614th IEEE International Workshop on Quality of Service","volume":"2 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2006-11-30","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"69","resultStr":"{\"title\":\"Fast Detection of Denial-of-Service Attacks on IP Telephony\",\"authors\":\"Hemant Sengar, Haining Wang, D. Wijesekera, S. Jajodia\",\"doi\":\"10.1109/IWQOS.2006.250469\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Recently voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks\",\"PeriodicalId\":248938,\"journal\":{\"name\":\"200614th IEEE International Workshop on Quality of Service\",\"volume\":\"2 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2006-11-30\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"69\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"200614th IEEE International Workshop on Quality of Service\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/IWQOS.2006.250469\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"200614th IEEE International Workshop on Quality of Service","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/IWQOS.2006.250469","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Fast Detection of Denial-of-Service Attacks on IP Telephony
Recently voice over IP (VoIP) is experiencing a phenomenal growth. Being a real-time service, VoIP is more susceptible to denial-of-service (DoS) attacks than regular Internet services. Moreover, VoIP uses multiple protocols for call control and data delivery, making it vulnerable to various DoS attacks at different protocol layers. An attacker can easily disrupt VoIP services by flooding TCP SYN packets, UDP-based RTP packets, or SIP-based INVITE messages, which pose a critical threat to IP telephony. In this paper, we present an online statistical detection mechanism, called vFDS, to detect DoS attacks in the context of VoIP. The core of vFDS is based on Hellinger distance method, which computes the variability between two probability measures. Using Hellinger distance, we characterize normal protocol behaviors and then detect the traffic anomalies caused by flooding attacks. Our experimental results show that vFDS achieves fast and accurate detection of DoS attacks
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
