Font Size: a A A

Detecting SIP-based DDoS Attack On IMS

Posted on:2014-03-11Degree:MasterType:Thesis
Country:ChinaCandidate:Z Q ChenFull Text:PDF
GTID:2268330392962843Subject:Software engineering
Abstract/Summary:PDF Full Text Request
IP Multimedia Subsystem (IMS) is a new multimedia architecture which is consideredto be the core technology of the next generation networks (NGN). IMS is supposed to beanIP-based architecture that aims to merge the cellular mobile communication networksand the Internet to uniformly deliver multimedia service on a single IP network. As IMSbase on IP protocol, it certainly inherits lots of security problems from IP network. Theprotocols used within IMS include SIP, RTP, TCP and UDP etc. The threats of theseprotocols make IMS vulnerable. SIP is a signaling protocol which used in IMS to initiateand control sessions. It is one of the core protocols in IMS. The attackers can easily triggera SIP-based DDoS attack to IMS with SIP signaling flows such as REGISTER andINVITE. When IMS is under such attack, the resource of IMS may be blocked andexhausted. Therefore the normal users will be not able to communicate. More and moreresearch pays attention to such attack and proposes some detection method. Most of theresearchers focus on DDoS targeting IMS servers, but neglect the one targeting IMSterminals. While the terminal has less processing ability than servers, attackers can triggera terminal-based DDoS attack with less resource. Although has limited impact, such attackcan make the terminal blocked and bring the user lots of molestation. Thus theterminal-based is another serious hidden danger on IMS.This paper focuses on a terminal-based DDoS flooding attack based on the INVITEsignaling flow. This attack makes the terminals being busy by sending INVITE requestconstantly. Thus other requests sent to these terminals will be discarded. Since the requestflow of the attack is legitimate and low, it can avoid the detection of servers or firewallssuccessfully, which make it more difficult to be detected.By analyzing the characteristics of the attack, some detection method based on sketch data structure and call patterns arepresented to detect it.This paper gives an experiment to simulate this kind of attack andshow the effectiveness of the detecting methods.
Keywords/Search Tags:IP Multimedia Subsystem, SIP Protocol, flooding attack, intrusion detection
PDF Full Text Request
Related items