Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.
-
Upload
chrystal-jenkins -
Category
Documents
-
view
221 -
download
1
Transcript of Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.
![Page 1: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/1.jpg)
Design and implementation of SIP-aware DDoS attack detection system
By: Arif Iqbal
![Page 2: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/2.jpg)
Distributed Denial of Service
![Page 3: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/3.jpg)
Types of DDoS Attacks
Physical Layer
Internet Layer
Transport Layer
Data Link Layer
Network Centric Attack
Application Layer
Application Layer Attack
Application Layer
Transport Layer
Internet Layer
Physical Layer
Data Link Layer
![Page 4: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/4.jpg)
Why DDoS Attack
. Very Easy to Launch
. No Special Resources Required
. No special Skills are required
. Target are open on internet -> TO receive all request.
![Page 5: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/5.jpg)
Attack Detection System
. SIP application traffic statistics
. SIP DDoS attack detection threshold Stored. Applying knowledge base rules to each user agent. Monitoring activities of -> User -> Call -> Server
![Page 6: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/6.jpg)
User behavior Analysis
. REGISTER Message Transmit Period
. Number of INVITE Message
. From/ To/ Call-ID Ratio Analysis
. Top N traffic User Analysis
![Page 7: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/7.jpg)
Call Behavior Analysis
. Call-ID/SSRC Ratio Analysis
. Req/Res Ratio Analysis
. Method per Transmission Rate Analysis. IP/URI Ratio Analysis within REGISTER Message. RTP Seq. No Randomness per SSRC
![Page 8: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/8.jpg)
Server/network Status Analysis
• SIP/RTP Traffic Volume Transition Analysis
• Status code Ration Analysis per server
• QoS Change Analysis
![Page 9: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/9.jpg)
Test Environment
![Page 10: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/10.jpg)
Critique and Criticism
![Page 11: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/11.jpg)
Critique and Criticism
. Transport Layer Security-> UDP flood -> TCP state exhaustion attacks-> SYN floods. IP Layer Security-> Spoofed Internet Protocol(IP) packet floods-> ICMP flood attacks. . Data Link Layer Security-> Fragmentation Attack
![Page 12: Design and implementation of SIP-aware DDoS attack detection system By: Arif Iqbal.](https://reader036.fdocuments.in/reader036/viewer/2022062722/56649f315503460f94c4be72/html5/thumbnails/12.jpg)
Thanks
Any Question