Two layer Denial of Service prevention on SIP VoIP infrastructures

详细信息    查看全文

• 作者：Sven Ehlert ; Ge Zhang ; Dimitris Geneiatakis ; Georgios Kambourakis ; Tasos Dagiuklas ; Jiř ; í ; Markl ; Dorgham Sisalem
• 关键词：VoIP ; SIP ; Denial of Service ; Flooding protection ; Security ; Malformed messages ; DNS cache
• 刊名：Computer Communications
• 出版年：2008
• 出版时间：25 June 2008
• 年：2008
• 卷：31
• 期：10
• 页码：2443-2456
• 全文大小：3147 K

文摘

The emergence of Voice over IP (VoIP) has offered numerous advantages for end users and providers alike, but simultaneously has introduced security threats, vulnerabilities and attacks not previously encountered in networks with a closed architecture like the Public Switch Telephone Network (PSTN). In this paper we propose a two layer architecture to prevent Denial of Service attacks on VoIP systems based on the Session Initiation Protocol (SIP). The architecture is designed to handle different types of attacks, including request flooding, malformed message sending, and attacks on the underlying DNS system. The effectiveness of the prevention mechanisms have been tested both in the laboratory and on a real live VoIP provider network.