A Comprehensive Review of Intrusion Detection and Prevention Systems against Single Flood Attacks in SIP-Based Systems

Abstract

Voice over Internet Protocol (VoIP) is a recent voice communication technology and due to its variety of calling capabilities, the system is expected to fuel the market value even further in the next five years. However, there are serious concerns since VoIP systems are frequently been attacked. According to recent security alliance reports, malicious activities have increased largely during the current pandemic against VoIP and other vulnerable networks. This hence implies that existing models are not sufficiently reliable since most of them do not have a hundred percent detection rate. In this paper, a review of our most recent Intrusion Detection & Prevention Systems (IDPS) developed is proposed together with a comparative analysis. The final work consisted of ten models which addressed flood intentional attacks to mitigate VoIP attacks. The methodological approaches of the studies included the quantitative and scientific paradigms, for which several instruments (comparative analysis and experiments) were used. Six prevention models were developed using three sorting methods combined with either a modified galloping algorithm or an extended quadratic algorithm. The seventh IDPS was designed by improving an existing genetic algorithm (e-GAP) and the eighth model is a novel deep learning method known as the Closest Adjacent Neighbour (CAN). Finally, for a better comparative analysis of AI-based algorithms, a Deep Analysis of the Intruder Tracing (DAIT) model using a bottom-up approach was developed to address the issues of processing time, effectiveness, and efficiency which were challenges when addressing very large datasets of incoming messages. This novel method prevented intruders to access a system without authorization and avoided any anomaly filtering at the firewall with a minimum processing time. Results revealed that the DAIT and the e-GAP models are very efficient and gave better results when benchmarking with models. These two models obtained an F-score of 98.83%, a detection rate of 100%, a false rate of 0%, an accuracy of 98.7%, and finally a processing time per message of 0.092 ms and 0.094 ms respectively. When comparing with previous models in the literature from which it is specified that detection rates obtained are 95.5% and false-positive alarm of around 1.8%, except for one recent machine learning-based model having a detection rate of 100% and a processing time of 0.53 ms, the DAIT and the e-GAP models give better results.