Mitigating Coordinated Call Attacks On VoIP Networks Using Hidden Markov Model
Corresponding Author(s) : Usman Haruna Nakorji
Kinetik: Game Technology, Information System, Computer Network, Computing, Electronics, and Control,
Vol 4, No 4, November 2019
Abstract
Abstract
This paper presents a 2-tier scheme for mitigating coordinated call attacks on VoIP networks. Call interaction pattern was considered using talk and salient periods in a VoIP call conversation. At the first-tier, Short Term Energy algorithm was used for call interaction feature extraction and at the second-tier Hidden Markov Model was used for caller legitimacy recognition. Data of VoIP call conversations were collated and analyzed to extract distinctive features in VoIP call interaction pattern to ascertain the legitimacy of a caller against coordinated call attacker. The performance metrics that was used are; False Error Rate (FER), Specificity, Detection Accuracy and Throughput. Several experiments were conducted to see how effective the mitigating scheme is, as the scheme acts as a proxy server to Session Initiation Protocol (SIP) server. The experiments show that; when the VoIP server is under coordinated call attack without a mitigating scheme only 15.2% of legitimate VoIP users had access to the VoIP network and out of which about half of the legitimate users had their calls dropped before completion, while with the 2-tier mitigating scheme, when the VoIP server is under coordinated call attacks over 90.3% legitimate VoIP callers had their calls through to completion
Download Citation
Endnote/Zotero/Mendeley (RIS)BibTeX
- M. O. O. Lemos, Y. G. Dantas, I. Fonseca, V. Nigam, and G. Sampaio, “A selective defense for mitigating coordinated call attacks,” 34th {Brazilian} {Symposium} {Computer} {Networks} {Distributed} {Systems}, 2016.
- Y. G. Dantas, M. O. O. Lemos, I. E. Fonseca, and V. Nigam, “Formal specification and verification of a selective defense for TDoS attacks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9942 LNCS, pp. 82–97, 2016.
- J. Safarik and J. Slachta, “VoIP attacks detection engine based on neural network,” Indep. Compon. Anal. Compressive Sampling, Large Data Anal. (LDA), Neural Networks, Biosyst. Nanoeng. XIII, vol. 9496, p. 94960J, 2015.
- J. Shukla and B. Sahni, “A Survey on VoIP Security Attacks and their Proposed Solutions,” Int. J. Appl. or Innov. Eng. Manag., vol. 2, no. 3, pp. 158–164, 2013.
- G. Martinez, J. S. Park, A. Pescapè, Z. Wang, J. Zhan, and A. Blyth, “International Journal of Network Security,” vol. 17, no. 1, 2015.
- Y. G. Dantas, V. Nigam, and I. E. Fonseca, “A selective defense for application layer DDoS attacks,” Proc. - 2014 IEEE Jt. Intell. Secur. Informatics Conf. JISIC 2014, pp. 75–82, 2014.
- L. Amor and S. Thabet, “Deployment of VoIP Technology: QoS Concerns,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 2, no. 9, pp. 3514–3521, 2013.
- T. G. Rahangdale, P. A. Tijare, S. NSawalkar, and S. C. O E T, “An Overview on Security Analysis of Session Initiation Protocol in VoIP network,” Int. J. Res. Advent Technol., vol. 2, no. 4, pp. 2321–9637, 2014.
- K. O. Detken and E. Eren, “VoIP Security regarding the Open Source Software Asterisk,” Imeti 2008 Int. Multi-Conference Eng. Technol. Innov. Vol I, Proc., pp. 93–98, 2008.
- D. Enqing, L. Guizhong, Z. Yatong, and C. Yu, “Voice activity detection based on short-time energy and noise spectrum adaptation,” Int. Conf. Signal Process. Proceedings, ICSP, vol. 1, no. 1, pp. 464–467, 2002.
- M. K. Mustafa, T. Allen, and K. Appiah, “A comparative review of dynamic neural networks and hidden Markov model methods for mobile on-device speech recognition,” Neural Comput. Appl., pp. 1–9, 2017.
- A. Bietti, F. Bach, and A. Cont, “An online em algorithm in hidden (semi-)Markov models for audio segmentation and clustering,” ICASSP, IEEE Int. Conf. Acoust. Speech Signal Process. - Proc., vol. 2015–Augus, pp. 1881–1885, 2015.
- S. Ehlert, C. Wang, T. Magedanz, and D. Sisalem, “Specification-based denial-of-service detection for SIP voice-over-IP networks,” Proc. - 3rd Int. Conf. Internet Monit. Prot. ICIMP 2008, pp. 59–66, 2008.
- Z. F. Fan, J. R. Yang, and X. Y. Wan, “A SIP DoS flooding attack defense mechanism based on custom weighted fair queue scheduling,” 2010 Int. Conf. Multimed. Technol. ICMT 2010, pp. 0–3, 2010.
- J. Tang, Y. Cheng, Y. Hao, and W. Song, “SIP flooding attack detection with a multi-dimensional sketch design,” IEEE Trans. Dependable Secur. Comput., vol. 11, no. 6, pp. 582–595, 2014.
References
M. O. O. Lemos, Y. G. Dantas, I. Fonseca, V. Nigam, and G. Sampaio, “A selective defense for mitigating coordinated call attacks,” 34th {Brazilian} {Symposium} {Computer} {Networks} {Distributed} {Systems}, 2016.
Y. G. Dantas, M. O. O. Lemos, I. E. Fonseca, and V. Nigam, “Formal specification and verification of a selective defense for TDoS attacks,” Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics), vol. 9942 LNCS, pp. 82–97, 2016.
J. Safarik and J. Slachta, “VoIP attacks detection engine based on neural network,” Indep. Compon. Anal. Compressive Sampling, Large Data Anal. (LDA), Neural Networks, Biosyst. Nanoeng. XIII, vol. 9496, p. 94960J, 2015.
J. Shukla and B. Sahni, “A Survey on VoIP Security Attacks and their Proposed Solutions,” Int. J. Appl. or Innov. Eng. Manag., vol. 2, no. 3, pp. 158–164, 2013.
G. Martinez, J. S. Park, A. Pescapè, Z. Wang, J. Zhan, and A. Blyth, “International Journal of Network Security,” vol. 17, no. 1, 2015.
Y. G. Dantas, V. Nigam, and I. E. Fonseca, “A selective defense for application layer DDoS attacks,” Proc. - 2014 IEEE Jt. Intell. Secur. Informatics Conf. JISIC 2014, pp. 75–82, 2014.
L. Amor and S. Thabet, “Deployment of VoIP Technology: QoS Concerns,” Int. J. Adv. Res. Comput. Commun. Eng., vol. 2, no. 9, pp. 3514–3521, 2013.
T. G. Rahangdale, P. A. Tijare, S. NSawalkar, and S. C. O E T, “An Overview on Security Analysis of Session Initiation Protocol in VoIP network,” Int. J. Res. Advent Technol., vol. 2, no. 4, pp. 2321–9637, 2014.
K. O. Detken and E. Eren, “VoIP Security regarding the Open Source Software Asterisk,” Imeti 2008 Int. Multi-Conference Eng. Technol. Innov. Vol I, Proc., pp. 93–98, 2008.
D. Enqing, L. Guizhong, Z. Yatong, and C. Yu, “Voice activity detection based on short-time energy and noise spectrum adaptation,” Int. Conf. Signal Process. Proceedings, ICSP, vol. 1, no. 1, pp. 464–467, 2002.
M. K. Mustafa, T. Allen, and K. Appiah, “A comparative review of dynamic neural networks and hidden Markov model methods for mobile on-device speech recognition,” Neural Comput. Appl., pp. 1–9, 2017.
A. Bietti, F. Bach, and A. Cont, “An online em algorithm in hidden (semi-)Markov models for audio segmentation and clustering,” ICASSP, IEEE Int. Conf. Acoust. Speech Signal Process. - Proc., vol. 2015–Augus, pp. 1881–1885, 2015.
S. Ehlert, C. Wang, T. Magedanz, and D. Sisalem, “Specification-based denial-of-service detection for SIP voice-over-IP networks,” Proc. - 3rd Int. Conf. Internet Monit. Prot. ICIMP 2008, pp. 59–66, 2008.
Z. F. Fan, J. R. Yang, and X. Y. Wan, “A SIP DoS flooding attack defense mechanism based on custom weighted fair queue scheduling,” 2010 Int. Conf. Multimed. Technol. ICMT 2010, pp. 0–3, 2010.
J. Tang, Y. Cheng, Y. Hao, and W. Song, “SIP flooding attack detection with a multi-dimensional sketch design,” IEEE Trans. Dependable Secur. Comput., vol. 11, no. 6, pp. 582–595, 2014.