Sketch-Based SIP Flooding Detection Using Hellinger Distance
GLOBECOM 2009 - 2009 IEEE Global Telecommunications Conference
The Voice over IP (VoIP) application utilizes the Internet to provide voice service; thus it is susceptible to various security issues common on the IP networks, such as the flooding attack. Moreover, VoIP uses the Session Initiation Protocol (SIP) for session control and management. The transactional nature of SIP makes flooding attack an even severer threat, which can consequentially lead to denial of service (DoS). In this paper, we develop an efficient online SIP flooding detection scheme
... detection scheme by integrating the sketch technique with Hellinger distance (HD) based detection. The sketch data structure can summarize the SIP call generating process into a fixed set of data for developing a probability model. The HD technique, combined with on-line traffic estimation, can efficiently identify attacks by monitoring the distance between current traffic distribution and the estimated distribution based on history information. Compared to the original HD detection system, our technique achieves the advantages of higher accuracy, flexibility to deal with multi-attribute attacks and DDoS attacks, and the ability to track the period of attack. Computer simulation results are presented to demonstrate the performance of the proposed technique. This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE "GLOBECOM" 2009 proceedings.