| Abstract: | Voice over IP (VoIP) architecture and services consist of different software and hardware
components that may be susceptible to a plethora of attacks. Among them, Denial
of Service (DoS) is perhaps the most powerful one, as it aims to drain the underlying
resources of a service and make it inaccessible to the legitimate users. So far, various
detection and prevention schemes have been deployed to detect, deter and eliminate
DoS occurrences. However, none of them seems to be complete in assessing in both
realtime and offline modes if a system remains free of such types of attacks. To this
end, in the context of this paper, we assert that audit trails in VoIP can be a rich source
of information toward flushing out DoS incidents and evaluating the security level of
a given system. Specifically, we introduce a privacy-friendly service to assess whether
or not a SIP service provider suffers a DoS by examining either the recorded audit
trails (in a forensic-like manner) or the realtime traffic. Our solution relies solely on
the already received network logistic files, making it simple, easy to deploy, and fully
compatible with existing SIP installations. It also allows for the exchange of log files
between different providers for cross-analysis or its submission to a single analysis
center (as an outsourced service) in an opt-in basis. Through extensive evaluation involving
both offline and online executions and a variety of DoS scenarios, it is argued that our detection scheme is efficient enough, while its realtime operation introduces negligible overhead. |
|---|
Greek