Detecting SIP-based DDoS Attack On IMS

Posted on:2014-03-11

Degree:Master

Type:Thesis

Country:China

Candidate:Z Q Chen

Full Text:PDF

GTID:2268330392962843

Subject:Software engineering

Abstract/Summary:

PDF Full Text Request

IP Multimedia Subsystem (IMS) is a new multimedia architecture which is consideredto be the core technology of the next generation networks (NGN). IMS is supposed to beanIP-based architecture that aims to merge the cellular mobile communication networksand the Internet to uniformly deliver multimedia service on a single IP network. As IMSbase on IP protocol, it certainly inherits lots of security problems from IP network. Theprotocols used within IMS include SIP, RTP, TCP and UDP etc. The threats of theseprotocols make IMS vulnerable. SIP is a signaling protocol which used in IMS to initiateand control sessions. It is one of the core protocols in IMS. The attackers can easily triggera SIP-based DDoS attack to IMS with SIP signaling flows such as REGISTER andINVITE. When IMS is under such attack, the resource of IMS may be blocked andexhausted. Therefore the normal users will be not able to communicate. More and moreresearch pays attention to such attack and proposes some detection method. Most of theresearchers focus on DDoS targeting IMS servers, but neglect the one targeting IMSterminals. While the terminal has less processing ability than servers, attackers can triggera terminal-based DDoS attack with less resource. Although has limited impact, such attackcan make the terminal blocked and bring the user lots of molestation. Thus theterminal-based is another serious hidden danger on IMS.This paper focuses on a terminal-based DDoS flooding attack based on the INVITEsignaling flow. This attack makes the terminals being busy by sending INVITE requestconstantly. Thus other requests sent to these terminals will be discarded. Since the requestflow of the attack is legitimate and low, it can avoid the detection of servers or firewallssuccessfully, which make it more difficult to be detected.By analyzing the characteristics of the attack, some detection method based on sketch data structure and call patterns arepresented to detect it.This paper gives an experiment to simulate this kind of attack andshow the effectiveness of the detecting methods.

Keywords/Search Tags:

IP Multimedia Subsystem, SIP Protocol, flooding attack, intrusion detection

PDF Full Text Request

Related items

1	The Research And Realization Of SIP Flooding Detection Method In IMS Network
2	Studying On Intrusion Detection Based On SIP For IMS
3	Research Of Flooding Attack And Prevention In Ad Hoc Network
4	Distributed Active Collaborative Intrusion Detection System Intrusion Characterization And Subsystem Performance Improvements
5	Research And Implemention Of System For Protecting From SYN Flood Attacks With Dynamic Response Strategy
6	Research On Methods Of Routing Intrusion Detection In Ad Hoc Networks
7	Research On SDN-oriented Flooding Attack Defense And Recovery Mechanism
8	Research And Implementation Of The Signalling Of IP Multimedia Subsystem
9	Security Analysis And Intrusion Detection On IMS Key Interfaces
10	Research On Early Detection And Traceback Scheme For Flooding Attack