ОБЗОР ПУБЛИКАЦИЙ ЗАРУБЕЖНОГО СЕГМЕНТА ПО БЕЗОПАСНОСТИ VOIP-СЕТЕЙ: ГЕНЕРАЦИЯ DOS-АТАК И ИХ ОБНАРУЖЕНИЕ
Аннотация и ключевые слова
Аннотация (русский):
Статья посвящена проблеме защиты VoIP-систем от Dos/DDos-атак, как одних из наиболее актуальных для области цифровой телекоммуникации. Произведен обзор существенного количества публикаций зарубежных ученых, посвященных методам, как создания данного рода атак, так и противодействия им. Предложена систематизация результатов исследования в виде сравнительной таблицы по 10 следующим критериям: год публикации, этап жизненного цикла атаки, ее тип, метод защиты, степень реализации, ее работоспособность, расход сетевого ресурса, практическая применимость, результативность метода, применение машинного обучения. Сделаны основополагающие выводы по каждому из критериев, дана краткая характеристика проведенного исследования, а также пути его продолжения.

Ключевые слова:
VoIP, сравнительный анализ, отказ в обслуживании, DoS, атака, безопасность
Список литературы

1. Ehlert S., Geneiatakis D., Magedanz T. Survey of network security systems to counter SIP-based denial-of-service attacks // Computers & Security. 2010. Vol. 29. Iss. 2. P. 225–243. DOI:https://doi.org/10.1016/j.cose.2009.09.004.

2. Liu Z., Yin X., Lee H. An Efficient Defense Scheme against SIP DoS Attack in SDN Using Cloud SFW // Ninth Asia Joint Conference on Information Security. Wuhan, China, 2014. P. 52–55. DOI:https://doi.org/10.1109/AsiaJCIS.2014.12.

3. Ferdous R., Cigno R.L., Zorat A. On the Use of SVMs to Detect Anomalies in a Stream of SIP Messages // 11th International Conference on Machine Learning and Applications. Boca Raton, FL, USA, 2012. P. 592–597. DOI:https://doi.org/10.1109/ICMLA.2012.109.

4. Safoine R., Mounir S., Farchi A. Comparative study on DOS attacks Detection Techniques in SIP-based VOIP networks // 6th International Conference on Multimedia Computing and Systems (ICMCS). Rabat, Morocco, 2018. P. 1–5. DOI:https://doi.org/10.1109/ICMCS.2018.8525878.

5. Xiao-Yu Wan, Zhang Li, Zi-Fu Fan. A SIP DoS flooding attack defense mechanism based on priority class queue // IEEE International Conference on Wireless Communications, Networking and Information Security. Beijing, China, 2010. P. 428–431. DOI:https://doi.org/10.1109/WCINS.2010.5541813.

6. Fan Z., Wan X. The design and realization of SIP DOS attack detection plugin based on balanced message number principle // IEEE International Conference on Communications Technology and Applications. Beijing, China, 2009. P. 780–784. DOI:https://doi.org/10.1109/ICCOMTA.2009.5349092.

7. Pourmohseni S., Asgharian H., Akbari A. Detecting authentication misuse attacks against SIP entities // 10th International ISC Conference on Information Security and Cryptology (ISCISC). Yazd, Iran, 2013. P. 1–5. DOI:https://doi.org/10.1109/ISCISC.2013.6767324.

8. Zhou C.V., Leckie C., Ramamohanarao K. Protecting SIP server from CPU-based DoS attacks using history-based IP filtering // IEEE Communications Letters. 2009. Vol. 13. № 10. P. 800–802. DOI:https://doi.org/10.1109/LCOMM.2009.090840.

9. Zhe C., Rong D. The Formal Analyse of DoS Attack to SIP Based on the SIP Extended Finite State Machines // International Conference on Computational Intelligence and Software Engineering. Wuhan, China, 2010. P. 1–4. DOI:https://doi.org/10.1109/CISE.2010.5676902.

10. Akbar A., Basha S.M., Sattar S.A. Leveraging the SIP load balancer to detect and mitigate DDos attacks // International Conference on Green Computing and Internet of Things (ICGCIoT). Greater Noida, India, 2015. P. 1204–1208. DOI:https://doi.org/10.1109/ICGCIoT.2015.7380646.

11. Chen Z., Wen W., Yu D. Detecting SIP flooding attacks on IP Multimedia Subsystem (IMS) // International Conference on Computing, Networking and Communications (ICNC. Maui, HI, USA, 2012. P. 154–158. DOI:https://doi.org/10.1109/ICCNC.2012.6167401.

12. Fan Z.F., Yang J.R., Wan X.Y. A SIP DoS Flooding Attack Defense Mechanism Based on Custom Weighted Fair Queue Scheduling // International Conference on Multimedia Technology. Ningbo, China, 2010. P. 1–4. DOI:https://doi.org/10.1109/ICMULT.2010.5630386.

13. Chen E.Y., Itoh M. A whitelist approach to protect SIP servers from flooding attacks // IEEE International Workshop Technical Committee on Communications Quality and Reliability (CQR 2010). Vancouver, BC, Canada, 2010. P. 1–6. DOI:https://doi.org/10.1109/CQR.2010.5619917.

14. Tas I.M., Unsalver B.G. Baktir S. A Novel SIP Based Distributed Reflection Denial-of-Service Attack and an Effective Defense Mechanism // IEEE Access. 2020. Vol. 8. P. 112574–112584. DOI:https://doi.org/10.1109/ACCESS.2020.3001688.

15. Deng X., Shore M. Advanced Flooding Attack on a SIP Server // International Conference on Availability, Reliability and Security. Fukuoka, Japan, 2009. P. 647–651. DOI:https://doi.org/10.1109/ARES.2009.15.

16. Armoogum S., Mohamudally N. Survey of practical security frameworks for defending SIP based VoIP systems against DoS/DDoS attacks // IST-Africa Conference Proceedings, Pointe aux Piments. Mauritius, 2014. P. 1–11. DOI:https://doi.org/10.1109/ISTAFRICA.2014.6880664.

17. Bansal A., Pais A.R. Mitigation of Flooding Based Denial of Service Attack against Session Initiation Protocol Based VoIP System // IEEE International Conference on Computational Intelligence & Communication Technology. Ghaziabad, India, 2015. P. 391–396. DOI:https://doi.org/10.1109/CICT.2015.66.

18. Chen E.Y. Detecting DoS attacks on SIP systems // 1st IEEE Workshop on VoIP Management and Security. Vancouver, BC, Canada, 2006. P. 53–58. DOI:https://doi.org/10.1109/VOIPMS.2006.1638123.

19. Moh'd A., Tawalbeh L., Sowe A. A novel method to guarantee QoS during DoS attacks for IPTV using SIP // Second International Conference on the Applications of Digital Information and Web Technologies. London, UK, 2009. P. 838–842. DOI:https://doi.org/10.1109/ICADIWT.2009.5273867.

20. Kurt B., Yıldız Ç., Ceritli T.Y., Sankur B., Cemgil A.T. A Bayesian change point model for detecting SIP-based DDoS attacks // Digital Signal Processing. 2018. Vol. 77. P. 48–62. DOI:https://doi.org/10.1016/j.dsp.2017.10.009.

21. Liu L. Uncovering SIP Vulnerabilities to DoS Attacks Using Coloured Petri Nets // 2011IEEE 10th International Conference on Trust, Security and Privacy in Computing and Communications. Changsha, China, 2011. P. 29–36. DOI:https://doi.org/10.1109/TrustCom.2011.8.

22. Stanek J., Kencl L. SIP Protector: Defense architecture mitigating DDoS flood attacks against SIP servers // IEEE International Conference on Communications (ICC). Ottawa, ON, Canada, 2012. P. 6733–6738. DOI:https://doi.org/10.1109/ICC.2012.6364674.

23. Hosseinpour M., Hosseini Seno S.A., Yaghmaee Moghaddam M.H., Khosravi Roshkhari H. An anomaly based VoIP DoS attack detection and prevention method using fuzzy logic // 8th International Symposium on Telecommunications (IST). Tehran, Iran, 2016. P. 713–718. DOI:https://doi.org/10.1109/ISTEL.2016.7881916.

24. Febro A., Xiao H., Spring J. Distributed SIP DDoS Defense with P4 // IEEE Wireless Communications and Networking Conference (WCNC). Marrakesh, Morocco, 2019. P. 1–8. DOI:https://doi.org/10.1109/WCNC.2019.8885926.

25. Zhang G., Fischer-Hübner S. Counteract DNS Attacks on SIP Proxies Using Bloom Filters // International Conference on Availability, Reliability and Security. Regensburg, Germany, 2013. P. 678–684. DOI:https://doi.org/10.1109/ARES.2013.89.

26. Cadet F., Fokum D.T. Coping with denial-of-service attacks on the IP telephony system // SoutheastCon 2016. Norfolk, VA, USA, 2016. P. 1–7. DOI:https://doi.org/10.1109/SECON.2016.7506691.

27. Tang J., Cheng Y. Quick Detection of Stealthy SIP Flooding Attacks in VoIP Networks // IEEE International Conference on Communications (ICC). Kyoto, Japan, 2011. P. 1–5. DOI:https://doi.org/10.1109/icc.2011.5963248.

28. Tang J., Hao Y., Cheng Y., Zhou C. Detection of Resource-Drained Attacks on SIP-Based Wireless VoIP Networks // IEEE Global Telecommunications Conference GLOBECOM 2010. Miami, FL, USA, 2010. P. 1–5. DOI:https://doi.org/10.1109/GLOCOM.2010.5684028.

29. Tang J., Cheng Y., Zhou C. Sketch-Based SIP Flooding Detection Using Hellinger Distance // GLOBECOM 2009 – 2009 IEEE Global Telecommunications Conference. Honolulu, HI, USA, 2009. P. 1–6. DOI:https://doi.org/10.1109/GLOCOM.2009.5426267.

30. Raza M.A., Khan A.-u.-R., Raza M. A restrictive model (RM) for detection and prevention of INVITE flooding attack // 3rd IEEE International Conference on Computer, Control and Communication (IC4), Karachi, Pakistan, 2013. P. 1–6. DOI:https://doi.org/10.1109/IC4.2013.6653766.

31. Макарова А.К., Поляничева А.В., Саматова К.А. Анализ уязвимостей оборудования передачи голосового трафика // Актуальные проблемы инфотелекоммуникаций в науке и образовании (АПИНО 2022): XI Междунар. науч.-техн. и науч.-метод. конф. СПб.: С.-Петерб. гос. ун-т телекоммуникаций им. проф. М.А. Бонч-Бруевича, 2022. Т. 1. С. 665–669. EDN JRKJAR.

32. Израилов К.Е., Макарова А.К., Шестаков А.В. Обобщенная модель защиты от кибератак на VOIP // Вопросы кибербезопасности. 2023. № 2 (54). С. 109–121. DOI:https://doi.org/10.21681/2311-3456-2023-2-109-121.

33. Израилов К.Е. Модель прогнозирования угроз телекоммуникационной системы на базе искусственной нейронной сети // Вестник ИНЖЭКОНа. Сер.: Технические науки. 2012. № 8 (59). С. 150–153. EDN PJGOAF.

34. Основные принципы проектирования архитектуры современных систем защиты / М.В. Буйневич [и др.] // Национальная безопасность и стратегическое планирование. 2020. № 3 (31). С. 51–58. DOI:https://doi.org/10.37468/2307-1400-2020-3-51-58.

Войти или Создать
* Забыли пароль?