Presentation is loading. Please wait.

Presentation is loading. Please wait.

TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State.

Published byBeverly McKenzie Modified over 8 years ago

Similar presentations

Presentation on theme: "TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State."— Presentation transcript:

1 TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State University of New York Institute of Technology

2 Introduction to Paper  SIP based VOIP Traffic Behavior at levels like  SIP server entity  SIP server host  Individual user levels  Security of VOIP – Attacks & vulnerability  Paper claims : Little research As of now  1 st attempt to understand SIP traffic behavior for Attack Detection

3 Outline  SIP Overview  Identifying SIP servers  Profiling SIP sever & User Behaviors  Characteristics of Behavior  Applications  Conclusion

4 SIP Based VoIP Service SIP servers and clients  SIP REGISTER  Call Proxy  Request-Response  Method field  FROM and TO fields

5 Identifying IP Address  Observation of SIP servers  Large No. of SIP messages  Large No. of distinct FROM and TO fields

6 Profiling SIP Server Behaviors Multilevel Profiling Three Levels:  Server host level: maintain only aggregate features and metrics by examining only the message types into and out of a SIP server  Server entity level: separate the role of a SIP server into register and call proxy  User level: attribute the SIP messages to individual users and maintain statistic and features to characterized individual user behaviors

7 Server Host Level Characterization  Count the number of request and response messages received and sent by each SIP server over a given period of time T  Count the number of unique users seen in the FROM and TO fields of SIP request messages, and compute an aggregate user activity diversity from the distribution of data over T

8 Overall Server Level Characteristics No. of message typesUser activities diversity (Metric)

9 Registrar Behavior Characteristics Period of registration updates Requests inter-arrival times

10 Call Proxy/User Call Behavior Characteristics Calls made vs. receivedCall types

11 Applications

12 Conclusion  VOIP traffic consists of stable characteristics  Well captured by statistics & features of profile we use  Profiling – to help identify the attack detection

13 ? Thank You Any Questions Undergrad ???

Download ppt "TEL500-Voice Communications SIP-based VoIP Traffic Behavior Profiling and Its Application Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication State."

Similar presentations

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt

Communication Service Identifier Requirements on SIP draft-loreto-3gpp-ics-requirements.txt
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)

Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Authentication Applications The Kerberos Protocol Standard

Authentication Applications The Kerberos Protocol Standard
Session Initiation Protocol (SIP) Aarti Gupta. Agenda Why do we need SIP ? The protocol Instant Messaging using SIP Internet Telephony with SIP Additional.

Session Initiation Protocol (SIP) Aarti Gupta. Agenda Why do we need SIP ? The protocol Instant Messaging using SIP Internet Telephony with SIP Additional.
CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.

CSE300-1 Profs. Steven A. Demurjian Q. Jin, J. Nam, Z. Qian and C. Phillips Computer Science & Engineering Department 191 Auditorium Road, Box U-155 The.
A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.

A Survey of Botnet Size Measurement PRESENTED: KAI-HSIANG YANG ( 楊凱翔 ) DATE: 2013/11/04 1/24.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
NETW-250 Troubleshooting Last Update 2014.02.19 1.0.1 Copyright 2012-2014 Kenneth M. Chipps Ph.D. www.chipps.com 1.

NETW-250 Troubleshooting Last Update Copyright Kenneth M. Chipps Ph.D. 1.
STUN Date: 2011-05-25 Speaker: Hui-Hsiung Chung 1.

STUN Date: Speaker: Hui-Hsiung Chung 1.
Honeypots Presented by Javier Garcia April 21, 2010.

Honeypots Presented by Javier Garcia April 21, 2010.
How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.

How Much Anonymity does Network Latency Leak? Paper by: Nicholas Hopper, Eugene Vasserman, Eric Chan-Tin Presented by: Dan Czerniewski October 3, 2011.
TEL500-Voice Communications Session initiation protocol improvement using inter- asterisk exchange Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication.

TEL500-Voice Communications Session initiation protocol improvement using inter- asterisk exchange Devesh Mendiratta & Sameer Deshmukh MS-Telecommunication.
1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.

1 © NOKIA NSIS MIPv6 FW/ November 8 th 2004 Mobile IPv6 - NSIS Interaction for Firewall traversal draft-thiruvengadam-nsis-mip6-fw-01 S. Thiruvengadam.
Detecting Spoofing and Anomalous Traffic in Wireless Networks via Forge-Resistant Relationships Qing Li and Wade Trappe IEEE Transactions on Information.

Detecting Spoofing and Anomalous Traffic in Wireless Networks via Forge-Resistant Relationships Qing Li and Wade Trappe IEEE Transactions on Information.
Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.

Wide-scale Botnet Detection and Characterization Anestis Karasaridis, Brian Rexroad, David Hoeflin.
Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.

Vault: A Secure Binding Service Guor-Huar Lu, Changho Choi, Zhi-Li Zhang University of Minnesota.
EECS 598-2 Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.

EECS Presentation Web Tap: Intelligent Intrusion Detection Kevin Borders.
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,

Fast Detection of Denial-of-Service Attacks on IP Telephony Hemant Sengar, Duminda Wijesekera and Sushil Jajodia Center for Secure Information Systems,
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Similar presentations

Ads by Google