Title :
Specification-based intrusion detection for H.323-based voice over IP
Author :
Truong, Phu ; Nieh, Dennis ; Moh, Melody
Author_Institution :
Dept. of Comput. Sci., San Jose State Univ., CA
Abstract :
Voice over IP (VoIP) has been in a state of rapid development due to its economical advantage over traditional telephone services. Denial of service (DoS) attack has been a major security threat for many computer systems. This work introduces a specification-based intrusion detection system to protect H.323 gatekeepers from both external and internal DoS attacks. Based on the protocol for RAS (Registration, Admission Status) messages, a finite-state machine specification for correct behaviors between a gatekeeper and endpoints is produced. Security requirements against these DoS attacks are established, resulting in a formal protocol specification for secured gatekeepers. Developing the proposal into a practical solution, an intrusion detection module is built and incorporated into the open source software GNU Gatekeeper (also named OpenH323GK). A simple, proof-of-concept prototype has been built; the secured H. 323 gateway is able to fend off DoS attacks launched from GNU OpenPhone clients
Keywords :
Internet telephony; finite state machines; protocols; public domain software; telecommunication security; GNU Gatekeeper; GNU OpenPhone clients; H.323 gatekeepers; H.323-based voice over IP; OpenH323GK; RAS messages; VoIP; denial of service attack; finite-state machine specification; formal protocol specification; open source software; specification-based intrusion detection system; telephone services; Computer crime; Computer security; Internet telephony; Intrusion detection; Open source software; Proposals; Protection; Protocols; Prototypes; Software prototyping;
Conference_Titel :
Signal Processing and Information Technology, 2005. Proceedings of the Fifth IEEE International Symposium on
Conference_Location :
Athens
Print_ISBN :
0-7803-9313-9
DOI :
10.1109/ISSPIT.2005.1577128
