Scientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia» Scientific and analytical journal «Vestnik Saint-Petersburg university of State fire service of EMERCOM of Russia» Научно-аналитический журнал "Вестник Санкт-Петербургского университета ГПС МЧС России" 2218-130X 85400 10.61260/2218-130X-2024-2-105-125 ИНФОРМАТИКА, ВЫЧИСЛИТЕЛЬНАЯ ТЕХНИКА И УПРАВЛЕНИЕ INFORMATICS, COMPUTER ENGINEERING AND CONTROL ИНФОРМАТИКА, ВЫЧИСЛИТЕЛЬНАЯ ТЕХНИКА И УПРАВЛЕНИЕ THE REVIEW OF FOREIGN SEGMENT PUBLICATIONS ON VOIP NETWORK SECURITY: GENERATION OF DOS ATTACKS AND THEIR DETECTION ОБЗОР ПУБЛИКАЦИЙ ЗАРУБЕЖНОГО СЕГМЕНТА ПО БЕЗОПАСНОСТИ VOIP-СЕТЕЙ: ГЕНЕРАЦИЯ DOS-АТАК И ИХ ОБНАРУЖЕНИЕ https://orcid.org/0000-0001-7745-3364 Макарова Александра Константиновна Makarova Alexandra K. alex-ecureuil@mail.ru https://orcid.org/0000-0003-1283-9180 Поляничева Анна Валерьевна Polyanicheva Anna V. polyanicheva.av@sut.ru https://orcid.org/0000-0002-0778-3218 Матвеев Александр Владимирович Matveev Alexandr V. fcvega_10@mail.ru

кандидат технических наук;

candidate of technical sciences;

 Санкт-Петербургский государственный университет телекоммуникаций им. проф. М.А. Бонч-Бруевича Санкт-Петербург Россия Saint-Petersburg state university of telecommunications named after professor M.A. Bonch-Bruevich Saint-Petersburg Russian Federation Санкт-Петербургский государственный университет телекоммуникаций им. проф. М.А. Бонч-Бруевича Санкт-Петербург Россия Saint-Petersburg state university of telecommunications named after professor M.A. Bonch-Bruevich Saint-Petersburg Russian Federation Санкт-Петербургский университет ГПС МЧС России Санкт-Петербург Россия Saint-Petersburg university of State fire service of EMERCOM of Russia Saint-Petersburg Russian Federation 14 07 2024 14 07 2024 2024 2 105 125 23 05 2024 10 06 2024 https://journals.igps.ru/en/nauka/article/85400/view

Статья посвящена проблеме защиты VoIP-систем от Dos/DDos-атак, как одних из наиболее актуальных для области цифровой телекоммуникации. Произведен обзор существенного количества публикаций зарубежных ученых, посвященных методам, как создания данного рода атак, так и противодействия им. Предложена систематизация результатов исследования в виде сравнительной таблицы по 10 следующим критериям: год публикации, этап жизненного цикла атаки, ее тип, метод защиты, степень реализации, ее работоспособность, расход сетевого ресурса, практическая применимость, результативность метода, применение машинного обучения. Сделаны основополагающие выводы по каждому из критериев, дана краткая характеристика проведенного исследования, а также пути его продолжения.

The paper is devoted to the problem of protecting VoIP systems from DoS/DDoS attacks, as one of the most relevant for the field of digital telecommunications. A review of a significant number of publications by foreign scientists devoted to methods of creating this type of attack, as well as countering them, was carried out. A systematization of the review results is proposed in the form of a comparative table according to the following 10 criteria: year of publication, stage of the life cycle of the attack, its type, protection method, degree of implementation, its resource intensity, practical applicability, effectiveness of the method, application of machine learning. Fundamental conclusions were drawn for each of the criteria, a brief description of the research was given, as well as ways to continue it.

 VoIP сравнительный анализ отказ в обслуживании DoS атака безопасность VoIP benchmarking denial of service DoS attack security

Ehlert S., Geneiatakis D., Magedanz T. Survey of network security systems to counter SIP-based denial-of-service attacks // Computers & Security. 2010. Vol. 29. Iss. 2. P. 225–243. DOI: 10.1016/j.cose.2009.09.004. Ehlert S., Geneiatakis D., Magedanz T. Survey of network security systems to counter SIP-based denial-of-service attacks // Computers & Security. 2010. Vol. 29. Iss. 2. P. 225–243. DOI: 10.1016/j.cose.2009.09.004. Liu Z., Yin X., Lee H. An Efficient Defense Scheme against SIP DoS Attack in SDN Using Cloud SFW // Ninth Asia Joint Conference on Information Security. Wuhan, China, 2014. P. 52–55. DOI: 10.1109/AsiaJCIS.2014.12. Liu Z., Yin X., Lee H. An Efficient Defense Scheme against SIP DoS Attack in SDN Using Cloud SFW // Ninth Asia Joint Conference on Information Security. Wuhan, China, 2014. P. 52–55. DOI: 10.1109/AsiaJCIS.2014.12. Ferdous R., Cigno R.L., Zorat A. On the Use of SVMs to Detect Anomalies in a Stream of SIP Messages // 11th International Conference on Machine Learning and Applications. Boca Raton, FL, USA, 2012. P. 592–597. DOI: 10.1109/ICMLA.2012.109. Ferdous R., Cigno R.L., Zorat A. On the Use of SVMs to Detect Anomalies in a Stream of SIP Messages // 11th International Conference on Machine Learning and Applications. Boca Raton, FL, USA, 2012. P. 592–597. DOI: 10.1109/ICMLA.2012.109. Safoine R., Mounir S., Farchi A. Comparative study on DOS attacks Detection Techniques in SIP-based VOIP networks // 6th International Conference on Multimedia Computing and Systems (ICMCS). Rabat, Morocco, 2018. P. 1–5. DOI: 10.1109/ICMCS.2018.8525878. Safoine R., Mounir S., Farchi A. Comparative study on DOS attacks Detection Techniques in SIP-based VOIP networks // 6th International Conference on Multimedia Computing and Systems (ICMCS). Rabat, Morocco, 2018. P. 1–5. DOI: 10.1109/ICMCS.2018.8525878. Xiao-Yu Wan, Zhang Li, Zi-Fu Fan. A SIP DoS flooding attack defense mechanism based on priority class queue // IEEE International Conference on Wireless Communications, Networking and Information Security. Beijing, China, 2010. P. 428–431. DOI: 10.1109/WCINS.2010.5541813. Xiao-Yu Wan, Zhang Li, Zi-Fu Fan. A SIP DoS flooding attack defense mechanism based on priority class queue // IEEE International Conference on Wireless Communications, Networking and Information Security. Beijing, China, 2010. P. 428–431. DOI: 10.1109/WCINS.2010.5541813. Fan Z., Wan X. The design and realization of SIP DOS attack detection plugin based on balanced message number principle // IEEE International Conference on Communications Technology and Applications. Beijing, China, 2009. P. 780–784. DOI: 10.1109/ICCOMTA.2009.5349092. Fan Z., Wan X. The design and realization of SIP DOS attack detection plugin based on balanced message number principle // IEEE International Conference on Communications Technology and Applications. Beijing, China, 2009. P. 780–784. DOI: 10.1109/ICCOMTA.2009.5349092. Pourmohseni S., Asgharian H., Akbari A. Detecting authentication misuse attacks against SIP entities // 10th International ISC Conference on Information Security and Cryptology (ISCISC). Yazd, Iran, 2013. P. 1–5. DOI: 10.1109/ISCISC.2013.6767324. Pourmohseni S., Asgharian H., Akbari A. Detecting authentication misuse attacks against SIP entities // 10th International ISC Conference on Information Security and Cryptology (ISCISC). Yazd, Iran, 2013. P. 1–5. DOI: 10.1109/ISCISC.2013.6767324. Zhou C.V., Leckie C., Ramamohanarao K. Protecting SIP server from CPU-based DoS attacks using history-based IP filtering // IEEE Communications Letters. 2009. Vol. 13. № 10. P. 800–802. DOI: 10.1109/LCOMM.2009.090840. Zhou C.V., Leckie C., Ramamohanarao K. Protecting SIP server from CPU-based DoS attacks using history-based IP filtering // IEEE Communications Letters. 2009. Vol. 13. № 10. P. 800–802. DOI: 10.1109/LCOMM.2009.090840. Zhe C., Rong D. The Formal Analyse of DoS Attack to SIP Based on the SIP Extended Finite State Machines // International Conference on Computational Intelligence and Software Engineering. Wuhan, China, 2010. P. 1–4. DOI: 10.1109/CISE.2010.5676902. Zhe C., Rong D. The Formal Analyse of DoS Attack to SIP Based on the SIP Extended Finite State Machines // International Conference on Computational Intelligence and Software Engineering. Wuhan, China, 2010. P. 1–4. DOI: 10.1109/CISE.2010.5676902. Akbar A., Basha S.M., Sattar S.A. Leveraging the SIP load balancer to detect and mitigate DDos attacks // International Conference on Green Computing and Internet of Things (ICGCIoT). Greater Noida, India, 2015. P. 1204–1208. DOI: 10.1109/ICGCIoT.2015.7380646. Akbar A., Basha S.M., Sattar S.A. Leveraging the SIP load balancer to detect and mitigate DDos attacks // International Conference on Green Computing and Internet of Things (ICGCIoT). Greater Noida, India, 2015. P. 1204–1208. DOI: 10.1109/ICGCIoT.2015.7380646. Chen Z., Wen W., Yu D. Detecting SIP flooding attacks on IP Multimedia Subsystem (IMS) // International Conference on Computing, Networking and Communications (ICNC. Maui, HI, USA, 2012. P. 154–158. DOI: 10.1109/ICCNC.2012.6167401. Chen Z., Wen W., Yu D. Detecting SIP flooding attacks on IP Multimedia Subsystem (IMS) // International Conference on Computing, Networking and Communications (ICNC. Maui, HI, USA, 2012. P. 154–158. DOI: 10.1109/ICCNC.2012.6167401. Fan Z.F., Yang J.R., Wan X.Y. A SIP DoS Flooding Attack Defense Mechanism Based on Custom Weighted Fair Queue Scheduling // International Conference on Multimedia Technology. Ningbo, China, 2010. P. 1–4. DOI: 10.1109/ICMULT.2010.5630386. Fan Z.F., Yang J.R., Wan X.Y. A SIP DoS Flooding Attack Defense Mechanism Based on Custom Weighted Fair Queue Scheduling // International Conference on Multimedia Technology. Ningbo, China, 2010. P. 1–4. DOI: 10.1109/ICMULT.2010.5630386. Chen E.Y., Itoh M. A whitelist approach to protect SIP servers from flooding attacks // IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR 2010). Vancouver, BC, Canada, 2010. P. 1–6. DOI: 10.1109/CQR.2010.5619917. Chen E.Y., Itoh M. A whitelist approach to protect SIP servers from flooding attacks // IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR 2010). Vancouver, BC, Canada, 2010. P. 1–6. DOI: 10.1109/CQR.2010.5619917. Tas I.M., Unsalver B.G. Baktir S. A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism // IEEE Access. 2020. Vol. 8. P. 112574–112584. DOI: 10.1109/ACCESS.2020.3001688. Tas I.M., Unsalver B.G. Baktir S. A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism // IEEE Access. 2020. Vol. 8. P. 112574–112584. DOI: 10.1109/ACCESS.2020.3001688. Deng X., Shore M. Advanced Flooding Attack on a SIP Server // International Conference on Availability, Reliability and Security. Fukuoka, Japan, 2009. P. 647–651. DOI: 10.1109/ARES.2009.15. Deng X., Shore M. Advanced Flooding Attack on a SIP Server // International Conference on Availability, Reliability and Security. Fukuoka, Japan, 2009. P. 647–651. DOI: 10.1109/ARES.2009.15. Armoogum S., Mohamudally N. Survey of practical security frameworks for defending SIP based VoIP systems against DoS/DDoS attacks // IST-Africa Conference Proceedings, Pointe aux Piments. Mauritius, 2014. P. 1–11. DOI: 10.1109/ISTAFRICA.2014.6880664. Armoogum S., Mohamudally N. Survey of practical security frameworks for defending SIP based VoIP systems against DoS/DDoS attacks // IST-Africa Conference Proceedings, Pointe aux Piments. Mauritius, 2014. P. 1–11. DOI: 10.1109/ISTAFRICA.2014.6880664. Bansal A., Pais A.R. Mitigation of Flooding Based Denial of Service Attack against Session Initiation Protocol Based VoIP System // IEEE International Conference on Computational Intelligence & Communication Technology. Ghaziabad, India, 2015. P. 391–396. DOI: 10.1109/CICT.2015.66. Bansal A., Pais A.R. Mitigation of Flooding Based Denial of Service Attack against Session Initiation Protocol Based VoIP System // IEEE International Conference on Computational Intelligence & Communication Technology. Ghaziabad, India, 2015. P. 391–396. DOI: 10.1109/CICT.2015.66. Chen E.Y. Detecting DoS attacks on SIP systems // 1st IEEE Workshop on VoIP Management and Security. Vancouver, BC, Canada, 2006. P. 53–58. DOI: 10.1109/VOIPMS.2006.1638123. Chen E.Y. Detecting DoS attacks on SIP systems // 1st IEEE Workshop on VoIP Management and Security. Vancouver, BC, Canada, 2006. P. 53–58. DOI: 10.1109/VOIPMS.2006.1638123. Moh'd A., Tawalbeh L., Sowe A. A novel method to guarantee QoS during DoS attacks for IPTV using SIP // Second International Conference on the Applications of Digital Information and Web Technologies. London, UK, 2009. P. 838–842. DOI: 10.1109/ICADIWT.2009.5273867. Moh'd A., Tawalbeh L., Sowe A. A novel method to guarantee QoS during DoS attacks for IPTV using SIP // Second International Conference on the Applications of Digital Information and Web Technologies. London, UK, 2009. P. 838–842. DOI: 10.1109/ICADIWT.2009.5273867. Kurt B., Yıldız Ç., Ceritli T.Y., Sankur B., Cemgil A.T. A Bayesian change point model for detecting SIP-based DDoS attacks // Digital Signal Processing. 2018. Vol. 77. P. 48–62. DOI: 10.1016/j.dsp.2017.10.009. Kurt B., Yıldız Ç., Ceritli T.Y., Sankur B., Cemgil A.T. A Bayesian change point model for detecting SIP-based DDoS attacks // Digital Signal Processing. 2018. Vol. 77. P. 48–62. DOI: 10.1016/j.dsp.2017.10.009. Liu L. Uncovering SIP Vulnerabilities to DoS Attacks Using Coloured Petri Nets // 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. Changsha, China, 2011. P. 29–36. DOI: 10.1109/TrustCom.2011.8. Liu L. Uncovering SIP Vulnerabilities to DoS Attacks Using Coloured Petri Nets // 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. Changsha, China, 2011. P. 29–36. DOI: 10.1109/TrustCom.2011.8. Stanek J., Kencl L. SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers // IEEE International Conference on Communications (ICC). Ottawa, ON, Canada, 2012. P. 6733–6738. DOI: 10.1109/ICC.2012.6364674. Stanek J., Kencl L. SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers // IEEE International Conference on Communications (ICC). Ottawa, ON, Canada, 2012. P. 6733–6738. DOI: 10.1109/ICC.2012.6364674. Hosseinpour M., Hosseini Seno S.A., Yaghmaee Moghaddam M.H., Khosravi Roshkhari H. An anomaly based VoIP DoS attack detection and prevention method using fuzzy logic // 8th International Symposium on Telecommunications (IST). Tehran, Iran, 2016. P. 713–718. DOI: 10.1109/ISTEL.2016.7881916. Hosseinpour M., Hosseini Seno S.A., Yaghmaee Moghaddam M.H., Khosravi Roshkhari H. An anomaly based VoIP DoS attack detection and prevention method using fuzzy logic // 8th International Symposium on Telecommunications (IST). Tehran, Iran, 2016. P. 713–718. DOI: 10.1109/ISTEL.2016.7881916. Febro A., Xiao H., Spring J. Distributed SIP DDoS Defense with P4 // IEEE Wireless Communications and Networking Conference (WCNC). Marrakesh, Morocco, 2019. P. 1–8. DOI: 10.1109/WCNC.2019.8885926. Febro A., Xiao H., Spring J. Distributed SIP DDoS Defense with P4 // IEEE Wireless Communications and Networking Conference (WCNC). Marrakesh, Morocco, 2019. P. 1–8. DOI: 10.1109/WCNC.2019.8885926. Zhang G., Fischer-Hübner S. Counteract DNS Attacks on SIP Proxies Using Bloom Filters // International Conference on Availability, Reliability and Security. Regensburg, Germany, 2013. P. 678–684. DOI: 10.1109/ARES.2013.89. Zhang G., Fischer-Hübner S. Counteract DNS Attacks on SIP Proxies Using Bloom Filters // International Conference on Availability, Reliability and Security. Regensburg, Germany, 2013. P. 678–684. DOI: 10.1109/ARES.2013.89. Cadet F., Fokum D.T. Coping with denial-of-service attacks on the IP telephony system // SoutheastCon 2016. Norfolk, VA, USA, 2016. P. 1–7. DOI: 10.1109/SECON.2016.7506691. Cadet F., Fokum D.T. Coping with denial-of-service attacks on the IP telephony system // SoutheastCon 2016. Norfolk, VA, USA, 2016. P. 1–7. DOI: 10.1109/SECON.2016.7506691. Tang J., Cheng Y. Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks // IEEE International Conference on Communications (ICC). Kyoto, Japan, 2011. P. 1–5. DOI: 10.1109/icc.2011.5963248. Tang J., Cheng Y. Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks // IEEE International Conference on Communications (ICC). Kyoto, Japan, 2011. P. 1–5. DOI: 10.1109/icc.2011.5963248. Tang J., Hao Y., Cheng Y., Zhou C. Detection of Resource-Drained Attacks on SIP-Based Wireless VoIP Networks // IEEE Global Telecommunications Conference GLOBECOM 2010. Miami, FL, USA, 2010. P. 1–5. DOI: 10.1109/GLOCOM.2010.5684028. Tang J., Hao Y., Cheng Y., Zhou C. Detection of Resource-Drained Attacks on SIP-Based Wireless VoIP Networks // IEEE Global Telecommunications Conference GLOBECOM 2010. Miami, FL, USA, 2010. P. 1–5. DOI: 10.1109/GLOCOM.2010.5684028. Tang J., Cheng Y., Zhou C. Sketch-Based SIP Flooding Detection Using Hellinger Distance // GLOBECOM 2009 – 2009 IEEE Global Telecommunications Conference. Honolulu, HI, USA, 2009. P. 1–6. DOI: 10.1109/GLOCOM.2009.5426267. Tang J., Cheng Y., Zhou C. Sketch-Based SIP Flooding Detection Using Hellinger Distance // GLOBECOM 2009 – 2009 IEEE Global Telecommunications Conference. Honolulu, HI, USA, 2009. P. 1–6. DOI: 10.1109/GLOCOM.2009.5426267. Raza M.A., Khan A.-u.-R., Raza M. A restrictive model (RM) for detection and prevention of INVITE flooding attack // 3rd IEEE International Conference on Computer, Control and Communication (IC4), Karachi, Pakistan, 2013. P. 1–6. DOI: 10.1109/IC4.2013.6653766. Raza M.A., Khan A.-u.-R., Raza M. A restrictive model (RM) for detection and prevention of INVITE flooding attack // 3rd IEEE International Conference on Computer, Control and Communication (IC4), Karachi, Pakistan, 2013. P. 1–6. DOI: 10.1109/IC4.2013.6653766. Макарова А.К., Поляничева А.В., Саматова К.А. Анализ уязвимостей оборудования передачи голосового трафика // Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2022): XI Междунар. науч.-техн. и науч.-метод. конф. СПб.: С.-Петерб. гос. ун-т телекоммуникаций им. проф. М.А. Бонч-Бруевича, 2022. Т. 1. С. 665–669. EDN JRKJAR. Makarova A.K., Polyanicheva A.V., Samatova K.A. Analiz uyazvimostej oborudovaniya peredachi golosovogo trafika // Aktual'nye problemy infotelekommunikacij v nauke i obrazovanii (APINO 2022): XI Mezhdunar. nauch.-tekhn. i nauch.-metod. konf. SPb.: S.-Peterb. gos. un-t telekommunikacij im. prof. M.A. Bonch-Bruevicha, 2022. T. 1. S. 665–669. EDN JRKJAR. Израилов К.Е., Макарова А.К., Шестаков А.В. Обобщенная модель защиты от кибератак на VOIP // Вопросы кибербезопасности. 2023. № 2 (54). С. 109–121. DOI: 10.21681/2311-3456-2023-2-109-121. Izrailov K.E., Makarova A.K., SHestakov A.V. Obobshchennaya model' zashchity ot kiberatak na VOIP // Voprosy kiberbezopasnosti. 2023. № 2 (54). S. 109–121. DOI: 10.21681/2311-3456-2023-2-109-121. Израилов К.Е. Модель прогнозирования угроз телекоммуникационной системы на базе искусственной нейронной сети // Вестник ИНЖЭКОНа. Сер.: Технические науки. 2012. № 8 (59). С. 150–153. EDN PJGOAF. Izrailov K.E. Model' prognozirovaniya ugroz telekommunikacionnoj sistemy na baze iskusstvennoj nejronnoj seti // Vestnik INZHEKONa. Ser.: Tekhnicheskie nauki. 2012. № 8 (59). S. 150–153. EDN PJGOAF. Основные принципы проектирования архитектуры современных систем защиты / М.В. Буйневич [и др.] // Национальная безопасность и стратегическое планирование. 2020. № 3 (31). С. 51–58. DOI: 10.37468/2307-1400-2020-3-51-58. Osnovnye principy proektirovaniya arhitektury sovremennyh sistem zashchity / M.V. Bujnevich [i dr.] // Nacional'naya bezopasnost' i strategicheskoe planirovanie. 2020. № 3 (31). S. 51–58. DOI: 10.37468/2307-1400-2020-3-51-58.