Protecting from Cloud-based SIP Flooding Attacks by Leveraging Temporal and Structural Fingerprints

Authors

Khaled Dassouki, Lebanese University, Lebanon
Haidar Safa, American University of Beirut (AUB), LebanonFollow
Mohamed Nassar, University of New Haven, CT, USAFollow
Abbas Hijazi, Lebanese University, Lebanon

Author URLs

Dr. Mohamed Nassar's Faculty Profile.

Document Type

Article

Publication Date

9-2017

Subject: LCSH

Session Initiation Protocol (Computer network protocol), Information storage and retrieval systems--Fingerprints, Computer security

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering

Abstract

The session initiation protocol (SIP) is among the most popular voice over IP (VoIP) signaling protocols. Like other Internet protocols, deployment in live scenarios showed its vulnerability to flooding attacks. These attacks are very similar to those against TCP protocol but have emerged at the application level of the Internet architecture. In this paper, we present a new approach to protect SIP devices from flooding attacks. Our proposed approach is mainly composed of two algorithms: 1) a detection algorithm that takes into consideration the temporal characteristics of SIP protocol as well as the fingerprints of its messages and 2) a mitigation algorithm that filters SIP messages based on a fingerprint whitelist database. We evaluate our approach through an extensive set of experimental tests using widely distributed virtual machines in the cloud and compare to similar approaches found in the literature. The experiments emulate a large flooding attack launched from mutually distant geographic data centers. The results report short detection time, low sensibility to false alarms and high effectiveness in reducing the computational resources.

Comments

Article published in Computers & Security, volume 70, 2017.

University of New Haven community members can access the full-text here.

DOI

10.1016/j.cose.2017.08.003

Repository Citation

Dassouki, Khaled; Safa, Haidar; Nassar, Mohamed; and Hijazi, Abbas, "Protecting from Cloud-based SIP Flooding Attacks by Leveraging Temporal and Structural Fingerprints" (2017). Electrical & Computer Engineering and Computer Science Faculty Publications. 124.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/124

Publisher Citation

Khaled Dassouki, Haidar Safa, Mohamed Nassar, Abbas Hijazi, Protecting from Cloud-based SIP flooding attacks by leveraging temporal and structural fingerprints, Computers & Security, Volume 70, 2017, Pages 618-633, ISSN 0167-4048, https://doi.org/10.1016/j.cose.2017.08.003. (https://www.sciencedirect.com/science/article/pii/S016740481730158X)