Developing a strategy and an open module for N-SBC to eliminate DDOS attacks from sip based NGN IP interconnections

Abstract

The Session Initiation Protocol (SIP) is the communication protocol of the future. Used for Voice-over-IP (VoIP), Internet Multimedia Subsystem (IMS) and Internet Protocol Television (IPTV), SIP's concepts are based on mature and open standards and it is usage is increasing rapidly. However, with its acceptance as a mainstream communication platform, security concerns become ever more important for users and service providers. Usage of SIP for communication is currently spreading into the last mile of mobile and fixed line carriers making then very much vulnerable to the protocols ofthe internet domain. The posed threat can be understood by the increasing number of calls being initiated from the internet to mobile and fixed line devices. At the crust, in order to manage the threats coming in from the internet, operators usually go for tighter Security in the Session Boarder Gateway (SBC), the interface between internet and the operator's domain. Furthermore, rogue attempts to infiltrate the Operator's domain is now becoming a common occurrence and leading to losses beyond billions of dollars of revenue. Irony is that Operator's sometimes does not understand the scale of the exploitation until much later in the billing cycle. This thesis identifies the probable modes of attacks including DoS and DDoS, and provides a strategy and an implementation plan to identify these threats via pattern matching and heuristic logic which is built on leaning algorithms. Target is to introduce a solution capable of learning and identifying patterns which leads to DoS, DDoS attacks and eliminate the rogue communication threads from ever entering the realms of the operator. With this solution, general VOIP communications with Operators shall be more robust against DoS and Distributed DoS attacks and many other threats looming at the N-SBS level of an NGN network.