Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department.

Published byKellie Tillett Modified over 9 years ago

Similar presentations

Presentation on theme: "A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department."— Presentation transcript:

1 A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department of Electrical Engineering University of Cape Town Bazara Barry and H. Anthony Chan

2 Contents Introduction Threat model Research Approach Comparison with related works. System Design Implementation and Experiment Attacks and Performance Evaluation Questions and Comments

3 Intrusion Detection Systems An intrusion attempt is the potential possibility of a deliberate unauthorized attempt to: 1. Access information, 2. Manipulate information, or 3. Render a system unreliable or unusable.

4 Intrusion Detection Systems Three main detection approaches: 1.Signature-based (detects known attacks but ineffective against previously unseen ones). 2.Anomaly-based (detects unknown attacks with a high false alarm rate). 3.Specification-based (detects any deviation from system specifications but ineffective against DoS and network probing attacks).

5 Intrusion Detection Systems Desirable features: 1.Protocol-syntax and Protocol-semantics anomaly detection. 2.Stateful detection 3.Cross-protocol and cross-layer detection.

6 VoIP Voice over IP (VoIP) is emerging as a standard that benefits from convergence and replaces older PSTN systems. VoIP networks and applications are less expensive than two separate telecommunications infrastructures.

7 VoIP Security Challenges Sharing the same physical infrastructure with data networks makes convergence inherit all the security weaknesses of IP protocol. VoIP distributes applications and services throughout the network. Standard VoIP protocols do not provide adequate or standardized call party authentication or end-to-end call confidentiality and integrity.

8 Threat Model SIP is susceptible to Denial of Service, Eavesdropping, Tearing down sessions, Session Hijacking. RTP is susceptible to voice injection and flooding. Protocols at lower layers such as IP and TCP are vulnerable to spoofing and Denial of Service.

9 Research Approach Hybrid intrusion detection that combines Signature-based and Specification-based approaches. Cross-protocol and Stateful detection. Syntax and Semantics-awareness for the monitored protocols.

10 Comparison With Related Work StatefulCross- protocol Signature- based Semantics anomaly detection Syntax anomaly detection STAT[4] NetSTAT[5] WebSTAT [6] SCIDIVE[7] vIDS[8] Our proposed IDS

11 State Transition Analysis

12 Extended Finite State Machines

13 System Design

14 Implementation & Simulation OMNeT++ Simulator with MMSim module are used to implement the design and attacks. The simulator is used to generate background traffic and attacks are injected in the traffic randomly. Attacks are chosen to be diverse and with various targets.

15 Network Topology

16 Attack NameProtocols InvolvedEffect BYE AttackSIP, RTPSession Tear down Re-INVITESIP,RTPSession Hijacking CANCELSIPDenial of Service Malformed MessagesAll ProtocolsDenial of Service REGISTER FloodingSIPDenial of Service Voice InjectionRTPPlaying Artificial Stream UDP StormUDPDenial of Service LANDIP, TCPDenial of Service BlatIP, TCPDenial of Service SmurfICMPDenial of Service Stealthy ProbingTCPIdentifying OS Ping of DeathICMPDenial of Service NeptuneTCPDenial of Service TeardropIPDenial of Service TCP SessionIP, TCPSession Hijacking

17 Performance Evaluation End-to-end delay. Call setup delay. Processing delay. Packet loss. Memory usage

18 Performance Evaluation

19

20

21 Publications Bazara Barry and H. Anthony Chan, "Intrusion Detection Systems: Classifications, Implementation Approaches, Testing Methods, and Evaluation Techniques," Book chapter in Handbook on Communications and Information Security, edited by Peter Stavroulakis, to be published by Springer in 2009. Bazara Barry and H. Anthony Chan, “A Signature Database for Intrusion Detection Systems Targeting Voice over Internet Protocol,” Accepted to Appear In Proceedings of the 2008 IEEE Military Communications Conference (MILCOM’08), San Diego, CA, November 2008. Bazara Barry and H. Anthony Chan, “On the Performance of A Hybrid Intrusion Detection Architecture for Voice over IP Systems,” In Proceedings of the 4th International Conference on Security and Privacy in Communication Networks (SecureComm’08), Istanbul, Turkey, September 2008. Bazara Barry and H. Anthony Chan, “A Hybrid, Stateful, and Cross-protocol Intrusion Detection System for Converged Applications,” Springer LNCS, vol. 4804, OTM 2007, Part II, pp. 1616-1633, November 2007. Bazara Barry and H. Anthony Chan, "A Cross-protocol approach to detect TCP Hijacking attacks," In Proceedings of 2007 IEEE International Conference on Signal Processing and Communications (ICSPC07), Dubai, United Arab Emirates (UAE), 24-27 November 2007. Bazara Barry and H. Anthony Chan, “Towards Intelligent Cross-Protocol Intrusion Detection in the Next Generation Networks Based on Protocol Anomaly Detection,” In Proceedings of the 9th International Conference on Advanced Communication Technology (ICACT2007), Phoenix Park, Gangwon-Do, Korea, February 2007.

22 Questions & Comments

Download ppt "A Hybrid and Cross-Protocol Architecture with Semantics and Syntax Awareness to Improve Intrusion Detection Efficiency in Voice over IP Environments Department."

Similar presentations

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.

Copyright © 2007 Telcordia Technologies Challenges in Securing Converged Networks Prepared for : Telcordia Contact: John F. Kimmins Executive Director.
Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,

Loss-Sensitive Decision Rules for Intrusion Detection and Response Linda Zhao Statistics Department University of Pennsylvania Joint work with I. Lee,
Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.

Intrusion Detection System(IDS) Overview Manglers Gopal Paliwal Gopal Paliwal Roshni Zawar Roshni Zawar SenthilRaja Velu SenthilRaja Velu Sreevathsa Sathyanarayana.
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.

Cryptography and Network Security 2 nd Edition by William Stallings Note: Lecture slides by Lawrie Brown and Henric Johnson, Modified by Andrew Yang.
1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.

1 Voice over Internet Protocol (VoIP) Security Affects on the IP Network Architecture Conference ICS – Wireless Group Meeting Tempe, Arizona.
Lecture 1: Overview modified from slides of Lawrie Brown.

Lecture 1: Overview modified from slides of Lawrie Brown.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.

Hash-Based IP Traceback Best Student Paper ACM SIGCOMM’01.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 

Internet Protocol Security An Overview of IPSec. Outline:  What Security Problem?  Understanding TCP/IP.  Security at What Level?  IP Security. 
1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.

1 Cryptography and Network Security Third Edition by William Stallings Lecturer: Dr. Saleem Al_Zoubi.
NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.

NETWORK SECURITY INTRUSION DETECTION SYSTEMS (IDS) KANDIAH.M Clarkson University, Potsdam, New York.
Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.

Snort - an network intrusion prevention and detection system Student: Yue Jiang Professor: Dr. Bojan Cukic CS665 class presentation.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.

Unsupervised Intrusion Detection Using Clustering Approach Muhammet Kabukçu Sefa Kılıç Ferhat Kutlu Teoman Toraman 1/29.
Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.

Review for Exam 4 School of Business Eastern Illinois University © Abdou Illia, Fall 2006.
1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

1 VOIP Network Threats Let the subscribers beware Gerard Wilkes October 24, 2006.

Similar presentations

Ads by Google