SFADS: A SIP Flooding Attack Detection Scheme with the Internal and External Detection Features in IMS Networks
- Authors
- Sun, Qibo; Wang, Shangguang; Lug, Ning; Wong, Kok-Seng; Kim, Myung Ho
- Issue Date
- Dec-2016
- Publisher
- NATL ILAN UNIV, JIT
- Keywords
- IMS network; SIP flooding attacks; Detection feature; Cumulative sum control chart; Fuzzy logic
- Citation
- JOURNAL OF INTERNET TECHNOLOGY, v.17, no.7, pp.1327 - 1338
- Journal Title
- JOURNAL OF INTERNET TECHNOLOGY
- Volume
- 17
- Number
- 7
- Start Page
- 1327
- End Page
- 1338
- URI
- http://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/7439
- DOI
- 10.6138/JIT.2016.17.7.20141009
- ISSN
- 1607-9264
- Abstract
- IP Multimedia Subsystem (IMS) is a standardized Next Generation Networking (NGN) architecture. It takes Session Initiation Protocol (SIP) as the core signaling protocol of IMS and NGN. With IMS networks widespread deployment, SIP flooding attacks are becoming into a major threat to IMS network. However, the existing SIP flooding attack detection schemes are inefficient for detecting low rate SIP flooding attacks and are lacking in poor recovery for detecting high-rate SIP flooding attacks. In this paper, we propose a novel SIP flooding attack detection scheme with the internal and external detection features in IMS networks, called SFADS (SIP flooding attack detection scheme). In SFADS, based on the analysis of SIP flooding attacks, we first extract the abrupt change of SIP session request as the external detection feature, and the abnormal abrupt change of difference between the sequence of legitimate SIP session establishment and the SIP session request messages as the internal detection feature. Then we use the improved cumulative sum control chart algorithm to analyze the two detection features. Finally, we take the analysis data as inputs and adopt Fuzzy Logic to detect SIP flooding attacks. To investigate the detection performance of the proposed SFADS, we conduct simulations with the prototype implement in an IMS network testbed. Simulation results show the performance of the proposed SFADS is better than that of other schemes.
- Files in This Item
- There are no files associated with this item.
- Appears in
Collections - College of Information Technology > School of Software > 1. Journal Articles
![qrcode](https://api.qrserver.com/v1/create-qr-code/?size=55x55&data=https://scholarworks.bwise.kr/ssu/handle/2018.sw.ssu/7439)
Items in ScholarWorks are protected by copyright, with all rights reserved, unless otherwise indicated.