A Cost-Sensitive Automated Response System for SIP-based Applications

Network security technologies have different issues that is important in next generation networks because of the real-time nature of its applications (e.g. VoIP and IPTV). The main requirements of these types of applications is to handle the attack situations without quality degradation. There are many references for implementation of intrusion detection systems in VoIP infrastructures but there is little effort on intrusion response systems. We concentrate on response systems for SIP-based entities and present a cost sensitive response system which considers environmental dynamic conditions. We categorize the deployable responses into different groups based on their severity level by considering their side effects. We also propose a new quantitative metric for damage cost to compare it with response cost. Our proposed decision making process is done based on the comparison of these costs (response and damage costs), the environmental conditions (CPU, network and memory usages) and also the time of the detected attack. We verify our proposed framework by a real test-bed which is implemented by open-source tools such as OPENSIPS and SIPp. The implementation results show the effectiveness of our proposed SIP intrusion response system.