Artemisa:开源蜜罐后端，支持VoIP域的安全

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops Pub Date : 2011-05-23 DOI:10.1109/INM.2011.5990712

R. Carmo, M. Nassar, O. Festor

{"title":"Artemisa:开源蜜罐后端，支持VoIP域的安全","authors":"R. Carmo, M. Nassar, O. Festor","doi":"10.1109/INM.2011.5990712","DOIUrl":null,"url":null,"abstract":"Voice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios.","PeriodicalId":433520,"journal":{"name":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","volume":"37 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-05-23","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"25","resultStr":"{\"title\":\"Artemisa: An open-source honeypot back-end to support security in VoIP domains\",\"authors\":\"R. Carmo, M. Nassar, O. Festor\",\"doi\":\"10.1109/INM.2011.5990712\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Voice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios.\",\"PeriodicalId\":433520,\"journal\":{\"name\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"volume\":\"37 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2011-05-23\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"25\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/INM.2011.5990712\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/INM.2011.5990712","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 25

摘要

IP语音(VoIP)和会话发起协议(SIP)凭借其低成本服务和易于管理的优势，正在IP多媒体通信领域中确立自己的强势地位。然而，安全方面还没有完全掌握。在本文中，我们提出了一个名为Artemisa的VoIP sip专用蜜罐的开源实现。蜜罐被设计为连接到VoIP企业域中作为后端用户代理，以便在早期检测恶意活动。此外，蜜罐还可以实时调整其所在企业域的安全策略。我们的目标是，通过这一贡献，鼓励大规模部署这种蜜罐并收集攻击痕迹。我们测试了蜜罐处理一系列已知SIP攻击的能力，并给出了来自不同场景的结果。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Artemisa: An open-source honeypot back-end to support security in VoIP domains

Voice over IP (VoIP) and the Session Initiation Protocol (SIP) are establishing themselves as strong players in the field of multimedia communications over IP, leveraged by low cost services and easy management. Nevertheless, the security aspects are not yet fully mastered. In this paper we present an open-source implementation of a VoIP SIP-specific honeypot named Artemisa. The honeypot is designed to connect to a VoIP enterprise domain as a back-end user-agent in order to detect malicious activity at an early stage. Moreover, the honeypot can play a role in the real-time adjustment of the security policies of the enterprise domain where it is deployed. We aim, by this contribution, to encourage the deployment of such honeypots at large scale and the collection of attack traces. We test the capacity of the honeypot to handle a series of known SIP attacks and present results from diverse scenarios.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

12th IFIP/IEEE International Symposium on Integrated Network Management (IM 2011) and Workshops

自引率

0.00%

发文量