Detect and Prevent SIP Flooding Attacks in VoLTE by Utilizing a Two-Tier PFilter Design

Na RUAN  Mingli WU  Shiheng MA  Haojin ZHU  Weijia JIA  Songyang WU  

IEICE TRANSACTIONS on Information and Systems   Vol.E100-D   No.10   pp.2287-2294
Publication Date: 2017/10/01
Online ISSN: 1745-1361
DOI: 10.1587/transinf.2016INP0023
Type of Manuscript: Special Section PAPER (Special Section on Security, Privacy and Anonymity in Computation, Communication and Storage Systems)
Category: Operating system and network Security
SIP flooding attack,  PFilter,  count,  filter,  

Full Text: PDF(757KB)>>
Buy this Article

As a new generation voice service, Voice over LTE (VoLTE) has attracted worldwide attentions in both the academia and industry. Different from the traditional voice call based on circuit-switched (CS), VoLTE evolves into the packet-switched (PS) field, which has long been open to the public. Though designed rigorously, similar to VoIP services, VoLTE also suffers from SIP (Session Initiation Protocal) flooding attacks. Due to the high performance requirement, the SIP flooding attacks in VoLTE is more difficult to defend than that in traditional VoIP service. In this paper, enlightened by Counting Bloom Filter (CBF), we design a versatile CBF-like structure, PFilter, to detect the flooding anomalies. Compared with previous relevant works, our scheme gains advantages in many aspects including detection of low-rate flooding attack and stealthy flooding attack. Moreover, not only can our scheme detect the attacks with high accuracy, but also find out the attackers to ensure normal operation of VoLTE by eliminating their negative effects. Extensive experiments are performed to well evaluate the performance of the proposed scheme.