A Privacy-Preserving Entropy-Driven Framework for Tracing DoS Attacks in VoIP

Author

Tsiatsikas, Zisis ; Geneiatakis, D. ; Kambourakis, Georgios ; Keromytis, Angelos D.

Author_Institution

Dept. of Inform. & Comm. Syst. Eng., Univ. of the Aegean, Karlovassi, Greece

fYear

2013

fDate

2-6 Sept. 2013

Firstpage

224

Lastpage

229

Abstract

Network audit trails, especially those composed of application layer data, can be a valuable source of information regarding the investigation of attack incidents. Nevertheless, the analysis of log files of large volume is usually both complex (slow) and privacy-neglecting. Especially, when it comes to VoIP, the literature on how audit trails can be exploited to identify attacks remains scarce. This paper provides an entropy-driven, privacy preserving, and practical framework for detecting resource consumption attacks in VoIP ecosystems. We extensively evaluate our framework under various attack scenarios involving single and multiple assailants. The results obtained show that the proposed scheme is capable of identifying malicious traffic with a false positive alarm rate up to 3.5%.

Keywords

Internet telephony; computer network security; data privacy; telecommunication traffic; DoS attack tracing; VoIP ecosystems; application layer data; malicious traffic identification; multiple assailants; network audit trails; privacy-preserving entropy-driven framework; resource consumption attack detection; single assailant; Artificial intelligence; Computer crime; Context; Entropy; IP networks; Measurement; Abnormal Traffic; Anonymity; DoS; Entropy; Session Initiation Protocol;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security (ARES), 2013 Eighth International Conference on

Conference_Location

Regensburg

Type

conf

DOI

10.1109/ARES.2013.30

Filename

6657244