Using Application-Aware Flow Monitoring for SIP Fraud Detection

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F68407700%3A21240%2F15%3A00230407" target="_blank" >RIV/68407700:21240/15:00230407 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/00216305:26230/15:PU116960

Výsledek na webu

<a href="http://link.springer.com/chapter/10.1007/978-3-319-20034-7_10" target="_blank" >http://link.springer.com/chapter/10.1007/978-3-319-20034-7_10</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1007/978-3-319-20034-7_10" target="_blank" >10.1007/978-3-319-20034-7_10</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Popis výsledku v původním jazyce

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker?s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial lossto the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network.

Název v anglickém jazyce

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Popis výsledku anglicky

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker?s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial lossto the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/ED1.1.00%2F02.0070" target="_blank" >ED1.1.00/02.0070: Centrum excelence IT4Innovations</a><br>

Návaznosti

S - Specificky vyzkum na vysokych skolach

Rok uplatnění

2015

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Intelligent Mechanisms for Network Configuration and Security

ISBN

978-3-319-20033-0

ISSN

0302-9743

e-ISSN

—

Počet stran výsledku

13

Strana od-do

87-99

Název nakladatele

Springer International Publishing

Místo vydání

Cham

Místo konání akce

Ghent

Datum konání akce

22. 6. 2015

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000363692200010