Abstract:
The Session Initiation Protocol (SIP) is the communication protocol of the future. Used for
Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol
Television (IPTV), SIP's concepts are based on mature and open standards and it is usage is
increasing rapidly. However, with its acceptance as a mainstream communication platform,
security concerns become ever more important for users and service providers.
Usage of SIP for communication is currently spreading into the last mile of mobile and fixed
line carriers making then very much vulnerable to the protocols ofthe internet domain.
The posed threat can be understood by the increasing number of calls being initiated from
the internet to mobile and fixed line devices. At the crust, in order to manage the threats
coming in from the internet, operators usually go for tighter Security in the Session Boarder
Gateway (SBC), the interface between internet and the operator's domain.
Furthermore, rogue attempts to infiltrate the Operator's domain is now becoming a common
occurrence and leading to losses beyond billions of dollars of revenue. Irony is that
Operator's sometimes does not understand the scale of the exploitation until much later in the
billing cycle.
This thesis identifies the probable modes of attacks including DoS and DDoS, and provides a
strategy and an implementation plan to identify these threats via pattern matching and
heuristic logic which is built on leaning algorithms. Target is to introduce a solution capable
of learning and identifying patterns which leads to DoS, DDoS attacks and eliminate the
rogue communication threads from ever entering the realms of the operator.
With this solution, general VOIP communications with Operators shall be more robust
against DoS and Distributed DoS attacks and many other threats looming at the N-SBS level
of an NGN network.
