Hunting SIP Authentication Attacks Efficiently

Abstract : Extended flow records with application layer (L7) information allow for detection of various types of malicious traffic. Voice over IP (VoIP) is an example of technology that works on L7 and many attacks against it cannot be reliably detected using just basic flow information. Session Initiation Protocol (SIP), which is commonly used for VoIP signalling, is a frequent target of many types of attacks. This paper proposes and evaluates a novel algorithm for near real time detection of username scanning and password guessing attacks on SIP servers. The detection is based on analysis of L7 extended flow records.
Complete list of metadatas

Cited literature [5 references]  Display  Hide  Download

https://hal.inria.fr/hal-01806064
Contributor : Hal Ifip <>
Submitted on : Friday, June 1, 2018 - 4:01:21 PM
Last modification on : Friday, June 1, 2018 - 4:03:03 PM
Long-term archiving on : Sunday, September 2, 2018 - 3:51:32 PM

File

 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2020-01-01

Please log in to resquest access to the document

Licence


Distributed under a Creative Commons Attribution 4.0 International License

Identifiers

Citation

Tomáš Jansky, Tomáš Čejka, Václav Bartoš. Hunting SIP Authentication Attacks Efficiently. 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jul 2017, Zurich, Switzerland. pp.125-130, ⟨10.1007/978-3-319-60774-0_9⟩. ⟨hal-01806064⟩

Share

Metrics

Record views

64