• KSII Transactions on Internet and Information Systems
    Monthly Online Journal (eISSN: 1976-7277)

Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages

Vol. 3, No. 5, October 29, 2009
10.3837/tiis.2009.05.006, Download Paper (Free):

Abstract

Since SIP uses a text-based message format and is open to the public Internet, it provides a number of potential opportunities for Denial of Service (DoS) attacks in a similar manner to most Internet applications. In this paper, we propose an effective detection method for SIP flooding attacks in order to deal with the problems of conventional schemes. We derive the upper bound of the possible number of SIP messages, considering not only the network congestion status but also the different properties of individual SIP messages such as INVITE, BYE and CANCEL. The proposed method can be easily extended to detect flooding attacks by other SIP messages.


Statistics

Show / Hide Statistics

Statistics (Cumulative Counts from December 1st, 2015)
Multiple requests among the same browser session are counted as one view.
If you mouse over a chart, the values of data points will be shown.


Cite this article

[IEEE Style]
J. Ryu, B. Roh and K. i. Ryu, "Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages," KSII Transactions on Internet and Information Systems, vol. 3, no. 5, pp. 507-526, 2009. DOI: 10.3837/tiis.2009.05.006.

[ACM Style]
Jea-Tek Ryu, Byeong-Hee Roh, and K i-Yeol Ryu. 2009. Detection of SIP Flooding Attacks based on the Upper Bound of the Possible Number of SIP Messages. KSII Transactions on Internet and Information Systems, 3, 5, (2009), 507-526. DOI: 10.3837/tiis.2009.05.006.