3,828 research outputs found
Intrusion detection mechanisms for VoIP applications
VoIP applications are emerging today as an important component in business
and communication industry. In this paper, we address the intrusion detection
and prevention in VoIP networks and describe how a conceptual solution based on
the Bayes inference approach can be used to reinforce the existent security
mechanisms. Our approach is based on network monitoring and analyzing of the
VoIP-specific traffic. We give a detailed example on attack detection using the
SIP signaling protocol
Preventing Distributed Denial-of-Service Attacks on the IMS Emergency Services Support through Adaptive Firewall Pinholing
Emergency services are vital services that Next Generation Networks (NGNs)
have to provide. As the IP Multimedia Subsystem (IMS) is in the heart of NGNs,
3GPP has carried the burden of specifying a standardized IMS-based emergency
services framework. Unfortunately, like any other IP-based standards, the
IMS-based emergency service framework is prone to Distributed Denial of Service
(DDoS) attacks. We propose in this work, a simple but efficient solution that
can prevent certain types of such attacks by creating firewall pinholes that
regular clients will surely be able to pass in contrast to the attackers
clients. Our solution was implemented, tested in an appropriate testbed, and
its efficiency was proven.Comment: 17 Pages, IJNGN Journa
Telephony Denial of Service Defense at Data Plane (TDoSD@DP)
The Session Initiation Protocol (SIP) is an application-layer control protocol used to establish and terminate calls that are deployed globally. A flood of SIP INVITE packets sent by an attacker causes a Telephony Denial of Service (TDoS) incident, during which legitimate users are unable to use telephony services. Legacy TDoS defense is typically implemented as network appliances and not sufficiently deployed to enable early detection. To make TDoS defense more widely deployed and yet affordable, this paper presents TDoSD@DP where TDoS detection and mitigation is programmed at the data plane so that it can be enabled on every switch port and therefore serves as distributed SIP sensors. With this approach, the damage is isolated at a particular switch and bandwidth saved by not sending attack packets further upstream. Experiments have been performed to track the SIP state machine and to limit the number of active SIP session per port. The results show that TDoSD@DP was able to detect and mitigate ongoing INVITE flood attack, protecting the SIP server, and limiting the damage to a local switch. Bringing the TDoS defense function to the data plane provides a novel data plane application that operates at the SIP protocol and a novel approach for TDoS defense implementation.Final Accepted Versio
Signalling in voice over IP Networks
Voice signalling protocols have evolved, keeping with the prevalent move from circuit to packet switched networks. Standardization bodies have provided solutions for carrying voice traffic over packet networks while the main manufacturers are already providing products in workgroup, enterprise, or operator portfolio. This trend will accrue in next years due to the evolution of UMTS mobile networks to an “all-IP” environment. In this paper we present the various architectures that are proposed for signalling in VoIP, mainly: H.323, SIP and MGCP. We also include a brief summary about signalling in classical telephone networks and, at the end, we give some ideas about the proposed “all-IP” architectures in UMTS 3G mobile networks.Publicad
Web Conferencing Traffic - An Analysis using DimDim as Example
In this paper, we present an evaluation of the Ethernet traffic for host and
attendees of the popular opensource web conferencing system DimDim. While
traditional Internet-centric approaches such as the MBONE have been used over
the past decades, current trends for web-based conference systems make
exclusive use of application-layer multicast. To allow for network dimensioning
and QoS provisioning, an understanding of the underlying traffic
characteristics is required. We find in our exemplary evaluations that the host
of a web conference session produces a large amount of Ethernet traffic,
largely due to the required control of the conference session, that is
heavily-tailed distributed and exhibits additionally long-range dependence. For
different groups of activities within a web conference session, we find
distinctive characteristics of the generated traffic
A Survey on Handover Management in Mobility Architectures
This work presents a comprehensive and structured taxonomy of available
techniques for managing the handover process in mobility architectures.
Representative works from the existing literature have been divided into
appropriate categories, based on their ability to support horizontal handovers,
vertical handovers and multihoming. We describe approaches designed to work on
the current Internet (i.e. IPv4-based networks), as well as those that have
been devised for the "future" Internet (e.g. IPv6-based networks and
extensions). Quantitative measures and qualitative indicators are also
presented and used to evaluate and compare the examined approaches. This
critical review provides some valuable guidelines and suggestions for designing
and developing mobility architectures, including some practical expedients
(e.g. those required in the current Internet environment), aimed to cope with
the presence of NAT/firewalls and to provide support to legacy systems and
several communication protocols working at the application layer
- …