Intrusion detection mechanisms for VoIP applications

VoIP applications are emerging today as an important component in business and communication industry. In this paper, we address the intrusion detection and prevention in VoIP networks and describe how a conceptual solution based on the Bayes inference approach can be used to reinforce the existent security mechanisms. Our approach is based on network monitoring and analyzing of the VoIP-specific traffic. We give a detailed example on attack detection using the SIP signaling protocol

Performance analysis of mobile networks under signalling storms

There are numerous security challenges in cellular mobile networks, many of which originate from the Internet world. One of these challenges is to answer the problem with increasing rate of signalling messages produced by smart devices. In particular, many services in the Internet are provided through mobile applications in an unobstructed manner, such that users get an always connected feeling. These services, which usually come from instant messaging, advertising and social networking areas, impose significant signalling loads on mobile networks by frequent exchange of control data in the background. Such services and applications could be built intentionally or unintentionally, and result in denial of service attacks known as signalling attacks or storms. Negative consequences, among others, include degradations of mobile network’s services, partial or complete net- work failures, increased battery consumption for infected mobile terminals. This thesis examines the influence of signalling storms on different mobile technologies, and proposes defensive mechanisms. More specifically, using stochastic modelling techniques, this thesis first presents a model of the vulnerability in a single 3G UMTS mobile terminal, and studies the influence of the system’s internal parameters on stability under a signalling storm. Further on, it presents a queueing network model of the radio access part of 3G UMTS and examines the effect of the radio resource control (RRC) inactivity timers. In presence of an attack, the proposed dynamic setting of the timers manage to lower the signalling load in the network and to increase the threshold above which a network failure could happen. Further on, the network model is upgraded into a more generic and detailed model, represent different generations of mobile technologies. It is than used to compare technologies with dedicated and shared organisation of resource allocation, referred to as traditional and contemporary networks, using performance metrics such as: signalling and communication delay, blocking probability, signalling load on the network’s nodes, bandwidth holding time, etc. Finally, based on the carried analysis, two mechanisms are proposed for detection of storms in real time, based on counting of same-type bandwidth allocations, and usage of allocated bandwidth. The mechanisms are evaluated using discrete event simulation in 3G UMTS, and experiments are done combining the detectors with a simple attack mitigation approach.Open Acces

Application Layer Feedback-based SIP Server Overload Control

A SIP server may be overloaded by emergency-induced call volume, "American Idol" style flash crowd effects or denial of service attacks. The SIP server overload problem is interesting especially because the costs of serving or rejecting a SIP session can be similar. For this reason, the built-in SIP overload control mechanism based on generating rejection messages cannot prevent the server from entering congestion collapse under heavy load. The SIP overload problem calls for a pushback control solution in which the potentially overloaded receiving server may notify its upstream sending servers to have them send only the amount of load within the receiving server's processing capacity. The pushback framework can be achieved by either a rate-based feedback or a window-based feedback. The centerpiece of the feedback mechanism is the algorithm used to generate load regulation information. We propose three new window-based feedback algorithms and evaluate them together with two existing rate-based feedback algorithms. We compare the different algorithms in terms of the number of tuning parameters and performance under both steady and variable load. Furthermore, we identify two categories of fairness requirements for SIP overload control, namely, user-centric and provider-centric fairness. With the introduction of a new double-feed SIP overload control architecture, we show how the algorithms meet those fairness criteria

NetServ: Reviving Active Networks

In 1996, Tennenhouse and Wetherall proposed active networks, where users can inject code modules into network nodes. The proposal sparked intense debate and follow-on research, but ultimately failed to win over the networking community. Fifteen years later, the problems that motivated the active networks proposal persist. We call for a revival of active networks. We present NetServ, a fully integrated active network system that provides all the necessary functionality to be deployable, addressing the core problems that prevented the practical success of earlier approaches. We make the following contributions. We present a hybrid approach to active networking, which combines the best qualities from the two extreme approaches — integrated and discrete. We built a working system that strikes the right balance between security and performance by leveraging current technologies. We suggest an economic model based on NetServ between content providers and ISPs. We built four applications to illustrate the model

Skype-Hunter: A real-time system for the detection and classification of Skype traffic

n/

Digital television applications

Studying development of interactive services for digital television is a leading edge area of work as there is minimal research or precedent to guide their design. Published research is limited and therefore this thesis aims at establishing a set of computing methods using Java and XML technology for future set-top box interactive services. The main issues include middleware architecture, a Java user interface for digital television, content representation and return channel communications. The middleware architecture used was made up of an Application Manager, Application Programming Interface (API), a Java Virtual Machine, etc., which were arranged in a layered model to ensure the interoperability. The application manager was designed to control the lifecycle of Xlets; manage set-top box resources and remote control keys and to adapt the graphical device environment. The architecture of both application manager and Xlet forms the basic framework for running multiple interactive services simultaneously in future set-top box designs. User interface development is more complex for this type of platform (when compared to that for a desktop computer) as many constraints are set on the look and feel (e.g., TV-like and limited buttons). Various aspects of Java user interfaces were studied and my research in this area focused on creating a remote control event model and lightweight drawing components using the Java Abstract Window Toolkit (AWT) and Java Media Framework (JMF) together with Extensible Markup Language (XML). Applications were designed aimed at studying the data structure and efficiency of the XML language to define interactive content. Content parsing was designed as a lightweight software module based around two parsers (i.e., SAX parsing and DOM parsing). The still content (i.e., text, images, and graphics) and dynamic content (i.e., hyperlinked text, animations, and forms) can then be modeled and processed efficiently. This thesis also studies interactivity methods using Java APIs via a return channel. Various communication models are also discussed that meet the interactivity requirements for different interactive services. They include URL, Socket, Datagram, and SOAP models which applications can choose to use in order to establish a connection with the service or broadcaster in order to transfer data. This thesis is presented in two parts: The first section gives a general summary of the research and acts as a complement to the second section, which contains a series of related publications.reviewe

NetServ Framework Design and Implementation 1.0

Eyeball ISPs today are under-utilizing an important asset: edge routers. We present NetServ, a programmable node architecture aimed at turning edge routers into distributed service hosting platforms. This allows ISPs to allocate router resources to content publishers and application service pro\-vi\-ders motivated to deploy content and services at the network edge. This model provides important benefits over currently available solutions like CDN. Content and services can be brought closer to end users by dynamically installing and removing custom modules as needed throughout the network. Unlike previous programmable router proposals which focused on customizing features of a router, NetServ focuses on deploying content and services. All our design decisions reflect this change in focus. We set three main design goals: a wide-area deployment, a multi-user execution environment, and a clear economic benefit. We built a prototype using Linux, NSIS signaling, and the Java OSGi framework. We also implemented four prototype applications: ActiveCDN provides publisher-specific content distribution and processing; KeepAlive Responder and Media Relay reduce the infrastructure needs of telephony providers; and Overload Control makes it possible to deploy more flexible algorithms to handle excessive traffic