Hunting SIP Authentication Attacks Efficiently - Security of Networks and Services in an All-Connected World
Conference Papers Year : 2017

Hunting SIP Authentication Attacks Efficiently

Tomáš Jansky
  • Function : Author
  • PersonId : 1032632
Tomáš Čejka
  • Function : Author
  • PersonId : 995399
Václav Bartoš
  • Function : Author
  • PersonId : 994070

Abstract

Extended flow records with application layer (L7) information allow for detection of various types of malicious traffic. Voice over IP (VoIP) is an example of technology that works on L7 and many attacks against it cannot be reliably detected using just basic flow information. Session Initiation Protocol (SIP), which is commonly used for VoIP signalling, is a frequent target of many types of attacks. This paper proposes and evaluates a novel algorithm for near real time detection of username scanning and password guessing attacks on SIP servers. The detection is based on analysis of L7 extended flow records.
Fichier principal
Vignette du fichier
452969_1_En_9_Chapter.pdf (240.23 Ko) Télécharger le fichier
Origin Files produced by the author(s)
Loading...

Dates and versions

hal-01806064 , version 1 (01-06-2018)

Licence

Identifiers

Cite

Tomáš Jansky, Tomáš Čejka, Václav Bartoš. Hunting SIP Authentication Attacks Efficiently. 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS), Jul 2017, Zurich, Switzerland. pp.125-130, ⟨10.1007/978-3-319-60774-0_9⟩. ⟨hal-01806064⟩
67 View
155 Download

Altmetric

Share

More