Skip to Main content Skip to Navigation
Conference papers

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Abstract : Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker’s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.
Complete list of metadatas

Cited literature [10 references]  Display  Hide  Download
Contributor : Hal Ifip <>
Submitted on : Tuesday, December 6, 2016 - 2:44:47 PM
Last modification on : Tuesday, January 19, 2021 - 10:16:03 AM


Files produced by the author(s)


Distributed under a Creative Commons Attribution 4.0 International License



Tomas Cejka, Vaclav Bartos, Lukas Truxa, Hana Kubatova. Using Application-Aware Flow Monitoring for SIP Fraud Detection. 9th Autonomous Infrastructure, Management, and Security (AIMS), Jun 2015, Ghent, Belgium. pp.87-99, ⟨10.1007/978-3-319-20034-7_10⟩. ⟨hal-01410154⟩



Record views


Files downloads