For Full-Text PDF, please login, if you are a member of IEICE,|
or go to Pay Per View on menu list, if you are a nonmember of IEICE.
A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation
Thyda PHIT Koki ABE
IEICE TRANSACTIONS on Communications
Publication Date: 2008/12/01
Online ISSN: 1745-1345
Print ISSN: 0916-8516
Type of Manuscript: PAPER
IDS, VoIP, SIP, RTP, protocol specification, state machine, OPNET,
Full Text: PDF(651.1KB)>>
We propose an architecture of Intrusion Detection System (IDS) for VoIP using a protocol specification-based detection method to monitor the network traffics and alert administrator for further analysis of and response to suspicious activities. The protocol behaviors and their interactions are described by state machines. Traffic that behaves differently from the standard specifications are considered to be suspicious. The IDS has been implemented and simulated using OPNET Modeler, and verified to detect attacks. It was found that our system can detect typical attacks within a reasonable amount of delay time.