A Framework for Automated Exploit Prevention from Known Vulnerabilities in Voice Over IP Services

Abdelkader Lahmadi 1 Olivier Festor 1
1 MADYNES - Management of dynamic networks and services
Inria Nancy - Grand Est, LORIA - NSS - Department of Networks, Systems and Services
Abstract : We propose a prevention system for SIP-based networks which adopts a rule-based approach to build prevention specifications on SIP protocol activities that stop attacks exploiting an existing vulnerability before reaching their targets. Our approach innovates from existing solutions by making use of the contextual information of a vulnerability targeted by an attack to apply the prevention specification. Manually coding these prevention specifications is tedious and error-prone. Our method automatically infers prevention specifications by analyzing captured SIP exploit traffic. The detection engine uses an efficient method based on event graphs to match protocol activities against available prevention specifications. We describe the different components of our approach and show through an extended performance study of the implemented system its applicability to enterprise level VoIP protection.
Type de document :
Article dans une revue
IEEE Transactions on Network and Service Management, IEEE, 2012, 9 (2), pp.114-127. 〈10.1109/TNSM.2012.011812.110125〉
Liste complète des métadonnées

Littérature citée [28 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-00746977
Contributeur : Abdelkader Lahmadi <>
Soumis le : mardi 30 octobre 2012 - 11:23:56
Dernière modification le : jeudi 11 janvier 2018 - 06:25:23
Document(s) archivé(s) le : samedi 17 décembre 2016 - 06:13:11

Fichier

etnsm_lahmadi.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Abdelkader Lahmadi, Olivier Festor. A Framework for Automated Exploit Prevention from Known Vulnerabilities in Voice Over IP Services. IEEE Transactions on Network and Service Management, IEEE, 2012, 9 (2), pp.114-127. 〈10.1109/TNSM.2012.011812.110125〉. 〈hal-00746977〉

Partager

Métriques

Consultations de la notice

406

Téléchargements de fichiers

162