Detail výsledku
Using Application-Aware Flow Monitoring for SIP Fraud Detection
a další
Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker's motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.
flow monitoring, network security, VoIP, SIP, fraud
@inproceedings{BUT119817,
author="Václav {Bartoš}",
title="Using Application-Aware Flow Monitoring for SIP Fraud Detection",
booktitle="Intelligent Mechanisms for Network Configuration and Security,",
year="2015",
series="Lecture Notes in Computer Science",
volume="9122",
pages="87--99",
publisher="Springer International Publishing",
address="Ghent",
doi="10.1007/978-3-319-20034-7\{_}10",
isbn="978-3-319-20033-0"
}Centrum excelence IT4Innovations, MŠMT, Operační program Výzkum a vývoj pro inovace, ED1.1.00/02.0070, zahájení: 2011-01-01, ukončení: 2015-12-31, ukončen