{"title":"VoIP网络过载漏洞","authors":"Hemant Sengar","doi":"10.1109/DSN.2009.5270310","DOIUrl":null,"url":null,"abstract":"Internet is vulnerable to overloading caused by flash crowds and distributed denial-of-service (DDoS) attacks. Recently vo ice over IP (VoIP), an Internet-based service is experiencing a phenomenal growth. As its deployment spreads, VoIP systems are likely to become attack targets, of which flooding lists high, perhaps due to its simplicity and the abundance of tool support. The DDoS attacks and flash crowds degrade the performance of call processing server to the point where it becomes sluggish and even unresponsive. The network administrator's dilemma is that how to give a differential treatment to malicious and legitimate call requests that differ in intent, but not in content. In this paper, we show that DDoS attacks and flash crowds, while similar in the message structure and the number of INVITEs they generate, exhibit different traffic patterns and hence making them distinguishable. We also introduce a new entropy-based approach to detect those DDoS attacks that masquerade as flash crowds. Our approach is based on an observation that the creation of malicious sessions has certain effects on entropy of the call durations; hence, a change in the entropy provides an important clue for mimicry attack detection. As an overloading preventive measure, we exploit the SIP protocol's inbuilt reliability mechanism and exponential backoff timer values to regulate and distinguish legitimates call requests from the spoofed ones.","PeriodicalId":376982,"journal":{"name":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2009-09-29","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"10","resultStr":"{\"title\":\"Overloading vulnerability of VoIP networks\",\"authors\":\"Hemant Sengar\",\"doi\":\"10.1109/DSN.2009.5270310\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Internet is vulnerable to overloading caused by flash crowds and distributed denial-of-service (DDoS) attacks. Recently vo ice over IP (VoIP), an Internet-based service is experiencing a phenomenal growth. As its deployment spreads, VoIP systems are likely to become attack targets, of which flooding lists high, perhaps due to its simplicity and the abundance of tool support. The DDoS attacks and flash crowds degrade the performance of call processing server to the point where it becomes sluggish and even unresponsive. The network administrator's dilemma is that how to give a differential treatment to malicious and legitimate call requests that differ in intent, but not in content. In this paper, we show that DDoS attacks and flash crowds, while similar in the message structure and the number of INVITEs they generate, exhibit different traffic patterns and hence making them distinguishable. We also introduce a new entropy-based approach to detect those DDoS attacks that masquerade as flash crowds. Our approach is based on an observation that the creation of malicious sessions has certain effects on entropy of the call durations; hence, a change in the entropy provides an important clue for mimicry attack detection. As an overloading preventive measure, we exploit the SIP protocol's inbuilt reliability mechanism and exponential backoff timer values to regulate and distinguish legitimates call requests from the spoofed ones.\",\"PeriodicalId\":376982,\"journal\":{\"name\":\"2009 IEEE/IFIP International Conference on Dependable Systems & Networks\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2009-09-29\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"10\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2009 IEEE/IFIP International Conference on Dependable Systems & Networks\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/DSN.2009.5270310\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2009 IEEE/IFIP International Conference on Dependable Systems & Networks","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/DSN.2009.5270310","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Internet is vulnerable to overloading caused by flash crowds and distributed denial-of-service (DDoS) attacks. Recently vo ice over IP (VoIP), an Internet-based service is experiencing a phenomenal growth. As its deployment spreads, VoIP systems are likely to become attack targets, of which flooding lists high, perhaps due to its simplicity and the abundance of tool support. The DDoS attacks and flash crowds degrade the performance of call processing server to the point where it becomes sluggish and even unresponsive. The network administrator's dilemma is that how to give a differential treatment to malicious and legitimate call requests that differ in intent, but not in content. In this paper, we show that DDoS attacks and flash crowds, while similar in the message structure and the number of INVITEs they generate, exhibit different traffic patterns and hence making them distinguishable. We also introduce a new entropy-based approach to detect those DDoS attacks that masquerade as flash crowds. Our approach is based on an observation that the creation of malicious sessions has certain effects on entropy of the call durations; hence, a change in the entropy provides an important clue for mimicry attack detection. As an overloading preventive measure, we exploit the SIP protocol's inbuilt reliability mechanism and exponential backoff timer values to regulate and distinguish legitimates call requests from the spoofed ones.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
