Next Generation Networks (NGN) provide multimedia services to a large set of users by maintaining concurrent sessions for multimedia services using IP multimedia sub-system (IMS). SIP protocol are used for building, keeping and detaching session with clients. The main problem is that intruders can launch SIP flooding attacks that cause a bottleneck at IMS entities. In this paper, we have presented a Dual Server based Intrusion Detection and Prevention System (DS-IDPS) to guard against INVITE flooding attack. We have proposed two-level security for VoLTE environment by involving two servers titled helper and main servers to handle spoofing and attack detection respectively. We have defined three thresholds at main server by utilizing CUSUM algorithm to generate alarms by detecting intrusion. By attaching DS-IDPS at the middle of client and server, our system filters every request. We have developed a test bed using OpenIMS to develop IMS entities and launch attacks by malicious nodes and detect the intrusion in the system. It reduces CPU load and memory stack from P--CSCF. Results prove that DS-IDPS produces lesser false alarms and detect more number of malicious or bogus requests. Our proposed approach dominates as compared to preliminaries in terms of memory utilization, response time, malicious requests recognition ratios and CPU load consumption.
Read full abstract