Hunting SIP Authentication Attacks Efficiently

Abstract : Extended flow records with application layer (L7) information allow for detection of various types of malicious traffic. Voice over IP (VoIP) is an example of technology that works on L7 and many attacks against it cannot be reliably detected using just basic flow information. Session Initiation Protocol (SIP), which is commonly used for VoIP signalling, is a frequent target of many types of attacks. This paper proposes and evaluates a novel algorithm for near real time detection of username scanning and password guessing attacks on SIP servers. The detection is based on analysis of L7 extended flow records.
Complete list of metadatas

Cited literature [5 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Friday, June 1, 2018 - 4:01:21 PM
Last modification on : Friday, June 1, 2018 - 4:03:03 PM
Long-term archiving on : Sunday, September 2, 2018 - 3:51:32 PM


 Restricted access
To satisfy the distribution rights of the publisher, the document is embargoed until : 2020-01-01

Please log in to resquest access to the document


Distributed under a Creative Commons Attribution 4.0 International License



Tomáš Jansky, Tomáš Čejka, Václav Bartoš. Hunting SIP Authentication Attacks Efficiently. 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jul 2017, Zurich, Switzerland. pp.125-130, ⟨10.1007/978-3-319-60774-0_9⟩. ⟨hal-01806064⟩



Record views