A Protocol Specification-Based Intrusion Detection System for VoIP and Its Evaluation

Thyda PHIT  Koki ABE  

IEICE TRANSACTIONS on Communications   Vol.E91-B   No.12   pp.3956-3965
Publication Date: 2008/12/01
Online ISSN: 1745-1345
DOI: 10.1093/ietcom/e91-b.12.3956
Print ISSN: 0916-8516
Type of Manuscript: PAPER
Category: Internet
IDS,  VoIP,  SIP,  RTP,  protocol specification,  state machine,  OPNET,  

Full Text: PDF(651.1KB)>>
Buy this Article

We propose an architecture of Intrusion Detection System (IDS) for VoIP using a protocol specification-based detection method to monitor the network traffics and alert administrator for further analysis of and response to suspicious activities. The protocol behaviors and their interactions are described by state machines. Traffic that behaves differently from the standard specifications are considered to be suspicious. The IDS has been implemented and simulated using OPNET Modeler, and verified to detect attacks. It was found that our system can detect typical attacks within a reasonable amount of delay time.