Post on 05-Jan-2016
transcript
Design and implementation of SIP-aware DDoS attack detection system
By: Arif Iqbal
Distributed Denial of Service
Types of DDoS Attacks
Physical Layer
Internet Layer
Transport Layer
Data Link Layer
Network Centric Attack
Application Layer
Application Layer Attack
Application Layer
Transport Layer
Internet Layer
Physical Layer
Data Link Layer
Why DDoS Attack
. Very Easy to Launch
. No Special Resources Required
. No special Skills are required
. Target are open on internet -> TO receive all request.
Attack Detection System
. SIP application traffic statistics
. SIP DDoS attack detection threshold Stored. Applying knowledge base rules to each user agent. Monitoring activities of -> User -> Call -> Server
User behavior Analysis
. REGISTER Message Transmit Period
. Number of INVITE Message
. From/ To/ Call-ID Ratio Analysis
. Top N traffic User Analysis
Call Behavior Analysis
. Call-ID/SSRC Ratio Analysis
. Req/Res Ratio Analysis
. Method per Transmission Rate Analysis. IP/URI Ratio Analysis within REGISTER Message. RTP Seq. No Randomness per SSRC
Server/network Status Analysis
• SIP/RTP Traffic Volume Transition Analysis
• Status code Ration Analysis per server
• QoS Change Analysis
Test Environment
Critique and Criticism
Critique and Criticism
. Transport Layer Security-> UDP flood -> TCP state exhaustion attacks-> SYN floods. IP Layer Security-> Spoofed Internet Protocol(IP) packet floods-> ICMP flood attacks. . Data Link Layer Security-> Fragmentation Attack
Thanks
Any Question