Conference Paper
Title: A Novel Method for Detecting Attacks towards the SIP protocol
Authors: Christian Callegari, Rosario G. Garroppo, Stefano Giordano, Michele Pagano, and Franco Russo

Conference: International Symposium on Performance Evaluation of Computer and Telecommunication Systems (SPECTS 2009), Istanbul, Turkey

Abstract: In the last few years the number and impact of security attacks over the Internet, and in particular against VoIP, have been continuously increasing. To face this issue, the use of Intrusion Detection Systems (IDSs) has emerged as a key element in network and application security. In this paper we address the problem considering a novel statistical technique for detecting attacks towards the SIP protocol. Our approach is based on the use of Markovian models (namely high order Markov chains) for modelling SIP signalling traffic. In particular our work focuses on detection of three kinds of attacks: VoIP Fuzzing, Flood based denial of service, and Signalling manipulation. The performance results shown in the paper, justify the proposed method and highlight the improvements over commonly used statistical techniques.