SIP FLOODING ATTACK DETECTION NEW PROPOSED ALGORITHM

Due to the readily available tools and its simple nature, flooding attack has become the most common and effective Denial of Service Attack (DoS) which target the Voice over Internet Protocol (VoIP) applications, especially Session Initiation Protocol (SIP). The most common anomaly detection techniques which are currently used to detect the SIP flooding attacks have crucial problems, giving the opportunity for attacker to remain undetectable. Moreover, the spanning of SIP flooding attacks over a wide range of flooding request rates make these detection techniques unable to detect different flooding attack rates accurately. In this paper we present a new misuse SIP flooding attacks detection algorithm, called Weighted Sum, which overcomes the existing anomaly detection algorithms problems. The proposed algorithm is tested using simulated traffic datasets, and compared with other four well known anomaly detection algorithms; the test result shows that the proposed algorithm has the highest correct detection rate and lowest false alarms.