• DocumentCode
    652226
  • Title

    Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic

  • Author

    Aziz, Ahmedullah ; Hoffstadt, Dirk ; Ganz, Sebastian ; Rathgeb, Erwin

  • Author_Institution
    Comput. Networking Technol. Group, Univ. of Duisburg-Essen, Essen, Germany
  • fYear
    2013
  • fDate
    16-18 July 2013
  • Firstpage
    675
  • Lastpage
    682
  • Abstract
    Security issues like service misuse and fraud are emerging problems of SIP-based networks. To devise effective countermeasures it is important to know how these attacks are launched in reality. Multi-stage attacks to commit Toll Fraud are already known in principle. We have identified different variations in these attack patterns by analyzing over 25 GByte of SIP attack traffic collected in our SIP Honeynet over a period of three years i.e., from December 2009 to November 2012. Based on this analysis, we have developed a Generic Attack Replay tool (GART) which allows replaying samples of the major attack variants in arbitrary network setups. This tool can be used for evaluation of detection and mitigation components where realistic and reproducible attack traffic is needed. The tool described here and the sample database will be made available to interested groups.
  • Keywords
    Internet telephony; computer network security; signalling protocols; telecommunication traffic; GART; SIP Honeynet; SIP attack traffic; SIP-based networks; arbitrary network setups; fraud; generic VoIP attack sequences; generic attack replay tool; multistage attacks; real attack traffic analysis; reproducible attack traffic; security issues; service misuse; toll fraud; voice-over-IP communication; Databases; IP networks; Monitoring; Registers; Security; Servers; Standards; Honeynet; SIP; STR; VoIP; analyze; attack patterns; evaluation; fraud; misuse; security;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Trust, Security and Privacy in Computing and Communications (TrustCom), 2013 12th IEEE International Conference on
  • Conference_Location
    Melbourne, VIC
  • Type

    conf

  • DOI
    10.1109/TrustCom.2013.82
  • Filename
    6680901