A Comprehensive Review of Intrusion Detection and Prevention Systems against Single Flood Attacks in SIP-Based Systems

Full Text (PDF, 618KB), PP.13-25

Views: 0 Downloads: 0

Author(s)

Sheeba. Armoogum 1,* Nawaz. Mohamudally 1

1. University of Mauritius / Faculty of Information, Communication and Digital Technologies, Reduit, Mauritius

2. University of Technology Mauritius / School of Innovative Technologies and Engineering, La Tour Koenig, Mauritius

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2021.06.02

Received: 20 Apr. 2021 / Revised: 21 May 2021 / Accepted: 28 Jun. 2021 / Published: 8 Dec. 2021

Index Terms

Voice over Internet Protocol (VoIP), Denial of Service (DoS), Flood Attacks, Session Initial Protocol (SIP), Intrusion Detection and Prevention System (IDPS), Deep Analysis, Deep Learning, Genetic Algorithm

Abstract

Voice over Internet Protocol (VoIP) is a recent voice communication technology and due to its variety of calling capabilities, the system is expected to fuel the market value even further in the next five years. However, there are serious concerns since VoIP systems are frequently been attacked. According to recent security alliance reports, malicious activities have increased largely during the current pandemic against VoIP and other vulnerable networks. This hence implies that existing models are not sufficiently reliable since most of them do not have a hundred percent detection rate. In this paper, a review of our most recent Intrusion Detection & Prevention Systems (IDPS) developed is proposed together with a comparative analysis. The final work consisted of ten models which addressed flood intentional attacks to mitigate VoIP attacks. The methodological approaches of the studies included the quantitative and scientific paradigms, for which several instruments (comparative analysis and experiments) were used. Six prevention models were developed using three sorting methods combined with either a modified galloping algorithm or an extended quadratic algorithm. The seventh IDPS was designed by improving an existing genetic algorithm (e-GAP) and the eighth model is a novel deep learning method known as the Closest Adjacent Neighbour (CAN). Finally, for a better comparative analysis of AI-based algorithms, a Deep Analysis of the Intruder Tracing (DAIT) model using a bottom-up approach was developed to address the issues of processing time, effectiveness, and efficiency which were challenges when addressing very large datasets of incoming messages. This novel method prevented intruders to access a system without authorization and avoided any anomaly filtering at the firewall with a minimum processing time. Results revealed that the DAIT and the e-GAP models are very efficient and gave better results when benchmarking with models. These two models obtained an F-score of 98.83%, a detection rate of 100%, a false rate of 0%, an accuracy of 98.7%, and finally a processing time per message of 0.092 ms and 0.094 ms respectively. When comparing with previous models in the literature from which it is specified that detection rates obtained are 95.5% and false-positive alarm of around 1.8%, except for one recent machine learning-based model having a detection rate of 100% and a processing time of 0.53 ms, the DAIT and the e-GAP models give better results.

Cite This Paper

Sheeba. Armoogum, Nawaz. Mohamudally, "A Comprehensive Review of Intrusion Detection and Prevention Systems against Single Flood Attacks in SIP-Based Systems", International Journal of Computer Network and Information Security(IJCNIS), Vol.13, No.6, pp.13-25, 2021. DOI: 10.5815/ijcnis.2021.06.02

Reference

[1] Global Insights, “Insights to Innovation”, Available: https://www.gminsights.com/industry-analysis/voice-over-internet-protocol-voip-market. [Accessed 25 May 2021], 2021.

[2] A. Chauhan, N. Mahajan, H. Kumar S. Kaushal, “Analysis of DDoS Attacks in Heterogeneous VoIP Networks: A Survey”, International Journal of Innovative Technology and Exploring Engineering, Vol. 8, No. 6, pp 242-246, 2019.

[3] S. Ehlert, G. Zhang, D. Geneiatakis, G. Kambourakis, T. Dagiuklas, “Two Layer Denial of Service prevention on SIP VoIP infrastructure”, Journal of Computers Communications, Elsevier, Vol. 31, pp 2443–2456, 2008.

[4] M. A. Azad, R. Morla, K. Salah, “Systems and methods for SPIT detection in VoIP: Survey and future directions”, Journal of Computers & Security, Elsevier, Vol. 77, pp. 1-20, 2018.

[5] N. Waleed, H. Yasser, E. Wail, A. Tamer, F. Hossam, “Efficient Detection of Attacks in SIP Based VoIP Networks Using Linear L1-SVM Classifier”, International Journal of Computers Communications & Control, Vol. 14, Np. 4, pp 518–529, 2019.

[6] CiscoReport, “Cisco Annual Internet Report, 2018–2023 - Global Internet adoption and devices and Connections”, [Accessed 27 May 2021], 2021.

[7] M. R. A. Ahmed, F. M. A. Ali, “Enhancing Hybrid Intrusion Detection and Prevention System for Flooding Attacks Using Decision Tree”, In: International Conference on Computer, Control, Electrical, and Electronics Engineering, 2019.

[8] Y. Chen, “Detecting DoS attacks on SIP systems. In the IEEE Workshop on VoIP Management and Security”, 2006.

[9] W. Li, W. Guo, X. Luo, X. Li, “On Sliding Window Based Change Point Detection for Hybrid SIP DoS Attack”, In IEEE Asia-Pacific Services Computing Conference, 2010.

[10] X. Wan, Z. Li , Z. Fan, “A SIP DoS flooding attack defense mechanism based on priority class queue”, In the IEEE International Conference on Wireless Communications, Networking and Information Security, 2010.

[11] B. Dhak, S. Lade, “An Evolutionary Approach to Intrusion Detection System using Genetic Algorithm”, International Journal of Emerging Technology and Advanced Engineering, Vol. 2, No. 12, pp 632-36, 2012.

[12] W. Ahmad, D. Singh, “VoIP Security: A Model Proposed to Mitigate DDoS Attacks on SIP Based VoIP Network”, A Multi-Disciplinary Research Book, pp 37-48, 2018.

[13] M. A. Ali, M. Farooq, “Application of Evolutionary Algorithms in Detection of SIP-based Flooding Attacks”, In the Annual Conference on Genetic and evolutionary computation, ACM, pp 1419–1426, 2009.

[14] J. Tang, Y. Cheng, H. Yong, “Detection and prevention of SIP flooding attacks in voice over IP networks”, Proceedings of IEEE INFOCOM, pp 1161-1169, 2012.

[15] S. Armoogum, N. Mohamudally, “Sorted Galloping Prevention Mechanisms against Denial of Service Attacks in SIP-based Systems”, In Proceedings of the 5th International Conference on Advanced Computing and Intelligent Engineering. Springer Nature, Elsevier Scopus, 2020, ISSN: 2194-5357, DOI: 10.1007/978-981-33-4299-6.

[16] S. Armoogum, N. Mohamudally, “Prevention of fraudulent activities against SIP-based flooding attacks using extended sorted quadratic algorithms”, In Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications. Association for Computing Machinery (ACM), Elsevier Scopus, 2020, Article 25, 1–7. DOI: https://doi.org/10.1145/3415088.3415113.

[17] S. Armoogum, N. Mohamudally, “An Extended Genetic Algorithm based Prevention System against DoS/DDoS Flood attacks in VoIP Systems”, In Proceedings of the 5th International Conference on Advanced Computing and Intelligent Engineering. Springer Nature, Elsevier Scopus, 2020, (ISSN: 2194-5357), DOI: 10.1007/978-981-33-4299-6.

[18] Encyclopaedia-Britannica, “Survival of the fittest,” [Online]. Available: https://www.britannica.com/science/survival-of-the-fittest. [Accessed 21 May 2021], 2021.

[19] S. Armoogum, N. Mohamudally, “Closest Adjacent Neighbour: a novel deep learning intruder detection technique in VoIP networks” In Proceedings of the 2nd International Conference on Intelligent and Innovative Computing Applications. Association for Computing Machinery (ACM), Elsevier Scopus, 2021, Article 41, 1–7. DOI: https://doi.org/10.1145/3415088.3415129.

[20] S. Armoogum, N. Mohamudally, “A Novel Prevention Technique using Deep Analysis Intruder Tracing with a Bottom-up Approach against Flood Attacks in SIP-based Systems”, Submitted in Information and Computer Security, 2021.

[21] I. Sharafaldin, A. Gharib, A. H. Lashkari, A. Ghornani, “Towards a Reliable Intrusion Detection Benchmark Dataset”, Journal of Software Networking, pp 177-200, 2017.

[22] Bad Packets, “Meaningful Intelligence for an Evolving Cybersecurity Landscape”, Retrieved May 27, 2021, from https://badpackets.net/, 2021.