SIP 기반의 VoIP 시스템에서 서비스 거부 및 통화단절 공격 탐지
DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | 유승화 | - |
dc.contributor.author | Ryu, Jae Tek | - |
dc.date.accessioned | 2019-10-21T07:17:14Z | - |
dc.date.available | 2019-10-21T07:17:14Z | - |
dc.date.issued | 2011-02 | - |
dc.identifier.other | 11586 | - |
dc.identifier.uri | https://dspace.ajou.ac.kr/handle/2018.oak/17804 | - |
dc.description | 학위논문(석사)--아주대학교 정보통신전문대학원 :정보통신공학과,2011. 2 | - |
dc.description.abstract | This dissertation provides an in depth analysis of the existing security threats which are call disruption attacks and flooding attacks in SIP(Session Initiation Protocol) based VoIP(Voice over IP) systems. Also it discusses the goals and requirements of detection schemes for reliable SIP based VoIP systems. This dissertation presents various enhanced detection schemes against such attacks as the systems degrade QoS(Quality of Service). The first scheme is detection of SIP flooding attacks based on the upper bound of the possible number of SIP messages, which is an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. This method can be easily extended to detect flooding attacks by other SIP messages. However, such attacks cannot be easily classified the attack signatures, since they may be frequently modified and newly created. That is, it makes difficult to provide the additional countermeasure scheme after detecting the attacks. Therefore, we also propose bloom filter based SIP flooding attack detection scheme. This scheme utilizes bloom filter for classifying SIP flooding attacks whose attack signatures is defined according to the modulated message pattern. In case of call disruption attacks, we propose an effective detection method for those attack(CANCEL, BYE or REGISTER attack) without authentication or encryption schemes. In order to achieve that, Extended INFO method is utilized to deal with the security threats and can be applied in both pre-call and mid-call VoIP mobility environments without additional functions or systems. The performance of our proposed schemes is evaluated in terms of attack detection time, system resource cost(Memory, CPU consumption and so on) and effectiveness of the schemes both in simulation and analytically. | - |
dc.description.tableofcontents | ACKNOWLEDGEMENTS 2 ABSTRACT 3 TABLE OF CONTENTS 4 LIST OF FIGURES 6 CHAPTER 1 9 INTRODUCTION 9 1.1 Motivation 9 1.2 Thesis Objectives 11 1.3 Thesis Contribution 12 1.4 Thesis Contribution 13 CHAPTER 2 15 BACKGROUND 15 2.1 SIP Overview 15 2.2 Session Establishment 15 2.2.1 Session Cancellation 16 2.2.2 Session Termination 17 2.2.3 Session Registration 17 2.3 SIP Security Threat Issues 18 2.3.1 SIP Flooding Attack Overview 18 2.3.2 SIP Call Disruption Attack Overview 20 2.4 Security Threats Issues on SIP based Mobility Environment 23 2.4.1 Pre-call Mobility 24 2.4.2 Mid-call Mobility 25 2.4.3 REGISTER Attack related to Pre-call Mobility 26 2.4.4 re-INVITE Attack in Mid-call Mobility 28 2.5 Bloom Filter Overview 29 CHAPTER 3 31 DETECTION OF SIP FLOODING ATTACKS BASED ON THE UPPER BOUND OF THE POSSIBLE NUMBER OF SIP MESSAGES 31 3.1 SIP Retransmission Mechanism 32 3.1.1 Retransmission of INVITE Request Messages 32 3.1.2 Retransmission of non-INVITE Request Messages 32 3.2 Upper Bound of the Possible Number of SIP Messages 33 3.3 Detection of SIP Flooding Attacks 38 3.3.1 Algorithm 1: Detection of INVITE Flooding Attacks 38 3.3.2 Algorithm 2: Detection of BYE Flooding Attacks 41 3.3.3 Algorithm 3: Detection of CANCEL Flooding Attacks 43 3.4 Experimental Results 44 3.4.1 Effect of Retransmission Rate 44 3.4.2 Effectiveness of Algorithm 1 46 3.4.3 Effectiveness of Algorithm 2 49 3.4.4 Effectiveness of Algorithm 3 52 3.5 Discussion 54 3.6 Summary 55 CHAPTER 4 56 DETECTION OF SIP FLOODING ATTACK BASED ON BLOOM FILTER 56 4.1 Classification of SIP Flooding Attacks 57 4.1.1 Bloom Filter based SIP Flooding Attack Classification 60 4.1.2 SIP Flooding Attack Detection Algorithm based on Bloom filter 62 4.2 Performance Evaluation 64 4.3 Summary 68 CHAPTER 5 69 DETECTION OF SIP CALL-DISRUPTION ATTACK ON SIP BASED VOIP SYSTEMS 69 5.1 Extension of the INFO Method for Detection of Call Disruption Attacks 70 5.1.1 INFO Method 71 5.1.2 Extension of the INFO Method 72 5.1.3 Example Usage of an INFO Method against a CANCEL Attack 74 5.1.4 Example Usage of an INFO Method against and a BYE Message Attack Detection 76 5.1.5 Example Usage of an INFO Method against a REGISTER Attack in Pre-call Mobility 77 5.1.6 Example of the Use of the INFO Method against a re-INVITE Attack in Mid-call Mobility 78 5.2 A Weakness of Proposed scheme 79 5.3 Hybrid Detection Scheme for Call disruption attacks 80 5.4 Performance Evaluation 82 5.5 Summary 86 CHAPTER 6 88 CONCLUSION AND FUTURE WORK 88 REFERENCES 90 List of Publications 95 | - |
dc.language.iso | eng | - |
dc.publisher | The Graduate School, Ajou University | - |
dc.rights | 아주대학교 논문은 저작권에 의해 보호받습니다. | - |
dc.title | SIP 기반의 VoIP 시스템에서 서비스 거부 및 통화단절 공격 탐지 | - |
dc.type | Thesis | - |
dc.contributor.affiliation | 아주대학교 정보통신전문대학원 | - |
dc.contributor.department | 정보통신전문대학원 정보통신공학과 | - |
dc.date.awarded | 2011. 2 | - |
dc.description.degree | Master | - |
dc.identifier.localId | 569197 | - |
dc.identifier.url | http://dcoll.ajou.ac.kr:9080/dcollection/jsp/common/DcLoOrgPer.jsp?sItemId=000000011586 | - |
dc.subject.keyword | SIP security | - |
dc.subject.keyword | flooding attack | - |
dc.subject.keyword | call disruption | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.