Publication detail

Using Application-Aware Flow Monitoring for SIP Fraud Detection

BARTOŠ, V.

Original Title

Using Application-Aware Flow Monitoring for SIP Fraud Detection

English Title

Using Application-Aware Flow Monitoring for SIP Fraud Detection

Type

conference paper

Language

en

Original Abstract

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker's motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.

English abstract

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker's motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.

Keywords

flow monitoring, network security, VoIP, SIP, fraud

RIV year

2015

Released

22.06.2015

Publisher

Springer International Publishing

Location

Ghent

ISBN

978-3-319-20033-0

Book

Intelligent Mechanisms for Network Configuration and Security,

Edition

Lecture Notes in Computer Science

Edition number

NEUVEDEN

Pages from

87

Pages to

99

Pages count

13

Documents

BibTex


@inproceedings{BUT119817,
  author="Václav {Bartoš}",
  title="Using Application-Aware Flow Monitoring for SIP Fraud Detection",
  annote="Flow monitoring helps to discover many network security threats targeted to
various applications or network protocols. In this paper, we show usage of the
flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection.
A traditionally used flow record is insufficient for this purpose and therefore
it was extended by application-layer information. In particular, we focus on the
Session Initiation Protocol (SIP) and the type of a toll-fraud in which an
attacker tries to exploit poor configuration of a private branch exchange (PBX).
The attacker's motivation is to make unauthorized calls to PSTN numbers that are
usually charged at high rates and owned by the attacker. As a result,
a successful attack can cause a significant financial loss to the owner of PBX.
We propose a method for stream-wise and near real-time analysis of the SIP
traffic and detection of the described threat. The method was implemented as
a module of the Nemea system and deployed on a backbone network. It was evaluated
using simulated as well as real attacks.",
  address="Springer International Publishing",
  booktitle="Intelligent Mechanisms for Network Configuration and Security,",
  chapter="119817",
  doi="10.1007/978-3-319-20034-7_10",
  edition="Lecture Notes in Computer Science",
  howpublished="print",
  institution="Springer International Publishing",
  year="2015",
  month="june",
  pages="87--99",
  publisher="Springer International Publishing",
  type="conference paper"
}