Voice over Internet Protocol (VoIP) and its underlying Session Initiation Protocol (SIP) are widely deployed technologies since they provide an efficient and fast means of both voice and data communication over a single network. However, in spite of their advantages, they also have their security threats due to the inherent vulnerabilities in the underlying Internet Protocol (IP) that can potentially be exploited by hackers. This study introduces a novel defense mechanism to effectively combat advanced attacks that exploit vulnerabilities identified in some less-known features of SIP. The SIP-DRDoS (SIP-based distributed reflection denial of service) attack, which can survive the existing security systems, is an advanced attack that can be performed on an SIP network through the multiplication of legitimate traffic. In this study, we propose a novel defense mechanism that consists of statistics, inspection, and action modules to mitigate the SIP-DRDoS attack. We implement the SIP-DRDoS attack by utilizing our SIP-based audit and attack software in our VoIP/SIP security lab environment that simulates an enterprise-grade SIP network. We then utilize our SIP-based defense tool to realize our novel defense mechanism against the SIP-DRDoS attack. Our experimental results prove that our defense approach can do a deep packet analysis for SIP traffic, detect SIP flood attacks, and mitigate them by dropping attack packets. While the SIP-DRDoS attack with around 1 Gbps of traffic dramatically escalates the CPU (central processing unit) usage of the SIP server by up to 74%, our defense mechanism effectively reduces it down to 17% within 6 min after the attack is initiated. Our approach represents a significant advancement over the existing defense mechanisms and demonstrates the potential to effectively protect VoIP systems against SIP-based DRDoS attacks.
Read full abstract