SIP Protector: Defense Architecture Mitigating DDoS Flood Attacks Against SIP Servers

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21230%2F12%3A00201892" target="_blank" >RIV/68407700:21230/12:00201892 - isvavai.cz</a>

Výsledek na webu

<a href="http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6364674" target="_blank" >http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6364674</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1109/ICC.2012.6364674" target="_blank" >10.1109/ICC.2012.6364674</a>

Jazyk výsledku

angličtina

Název v původním jazyce

SIP Protector: Defense Architecture Mitigating DDoS Flood Attacks Against SIP Servers

Popis výsledku v původním jazyce

As Voice-over-IP becomes a commonly used technology, the need to keep it secure and reliable has grown. Session Initiation Protocol (SIP) is most often used to deploy VoIP and therefore SIP servers, the base components of SIP, are the most obvious targets of potential attacks. It has been demonstrated, that SIP servers are highly prone to DDoS flood attacks, yet no generally accepted defense solution mitigating these attacks is available. We propose a novel defense architecture against SIP DDoS floods,based upon a redirection mechanism and a combination of source and destination traffic filtering, exploiting the combined advantage of all the three techniques. We show that the proposed solution effectively mitigates various types of SIP DDoS flood attacks, discuss its strengths and weaknesses and propose its potential usability for other protocols. We also provide results of performance evaluation of the defense solution deployed in a SIP testbed.

Název v anglickém jazyce

SIP Protector: Defense Architecture Mitigating DDoS Flood Attacks Against SIP Servers

Popis výsledku anglicky

As Voice-over-IP becomes a commonly used technology, the need to keep it secure and reliable has grown. Session Initiation Protocol (SIP) is most often used to deploy VoIP and therefore SIP servers, the base components of SIP, are the most obvious targets of potential attacks. It has been demonstrated, that SIP servers are highly prone to DDoS flood attacks, yet no generally accepted defense solution mitigating these attacks is available. We propose a novel defense architecture against SIP DDoS floods,based upon a redirection mechanism and a combination of source and destination traffic filtering, exploiting the combined advantage of all the three techniques. We show that the proposed solution effectively mitigates various types of SIP DDoS flood attacks, discuss its strengths and weaknesses and propose its potential usability for other protocols. We also provide results of performance evaluation of the defense solution deployed in a SIP testbed.

Druh

D - Stať ve sborníku

CEP obor

JA - Elektronika a optoelektronika, elektrotechnika

OECD FORD obor

—

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2012

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2012 IEEE International Conference on Communications (ICC 2012)

ISBN

978-1-4577-2053-6

ISSN

1550-3607

e-ISSN

—

Počet stran výsledku

6

Strana od-do

6733-6738

Název nakladatele

IEEE

Místo vydání

Piscataway

Místo konání akce

Ottawa, ON

Datum konání akce

10. 6. 2012

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000312855707004