Using Application-Aware Flow Monitoring for SIP Fraud Detection - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2015

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Tomas Cejka
  • Fonction : Auteur
  • PersonId : 995399
Vaclav Bartos
  • Fonction : Auteur
  • PersonId : 995400
Lukas Truxa
  • Fonction : Auteur
Hana Kubatova
  • Fonction : Auteur
  • PersonId : 995401

Résumé

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker’s motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.
Fichier principal
Vignette du fichier
978-3-319-20034-7_10_Chapter.pdf (818.37 Ko) Télécharger le fichier
Origine : Fichiers produits par l'(les) auteur(s)
Loading...

Dates et versions

hal-01410154 , version 1 (06-12-2016)

Licence

Paternité

Identifiants

Citer

Tomas Cejka, Vaclav Bartos, Lukas Truxa, Hana Kubatova. Using Application-Aware Flow Monitoring for SIP Fraud Detection. 9th Autonomous Infrastructure, Management, and Security (AIMS), Jun 2015, Ghent, Belgium. pp.87-99, ⟨10.1007/978-3-319-20034-7_10⟩. ⟨hal-01410154⟩
117 Consultations
569 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More