Optimization of an Algorithm for Detection of SIP Based Flooding Attacks on IMS System

Abstract

Session Initiation Protocol (SIP) is a signaling protocol for Internet conferencing, telephony, presence, events noti cation, and instant messaging. SIP is an application-layer protocol and operates on the TCP/IP stack, which means that it inherits all associated IP vul- nerabilities. It has, therefore, possibility that SIP systems e.g. IMS, can be damaged by Flooding-based Denial of Service(DoS) attack. Previous mechanisms for detecting a ood attack generally check the number of incoming packets and notify a system administrator that the system is under attack if too many messages are incoming. Although being rela- tively accurate and low-cost, they cannot help relying on decision of security experts, which is labor-intensive and human-mediated. Our research is to develop a defense mechanism which analyzes a flooding attack and takes countermeasures automatically, without being human-involved. It can minimize the amount of damage by reducing the time of analysis and countermeasure by automation.