Publication Details

Using Application-Aware Flow Monitoring for SIP Fraud Detection

BARTOŠ Václav. Using Application-Aware Flow Monitoring for SIP Fraud Detection. In: Intelligent Mechanisms for Network Configuration and Security,. Lecture Notes in Computer Science, vol. 9122. Ghent: Springer International Publishing, 2015, pp. 87-99. ISBN 978-3-319-20033-0.
Czech title
Použití aplikačního flow monitorování pro detekci podvodů přes SIP
Type
conference paper
Language
english
Authors
Bartoš Václav, Ing. (DCSY FIT BUT)
Keywords

flow monitoring, network security, VoIP, SIP, fraud

Abstract

Flow monitoring helps to discover many network security threats targeted to various applications or network protocols. In this paper, we show usage of the flow data for analysis of a Voice over IP (VoIP) traffic and a threat detection. A traditionally used flow record is insufficient for this purpose and therefore it was extended by application-layer information. In particular, we focus on the Session Initiation Protocol (SIP) and the type of a toll-fraud in which an attacker tries to exploit poor configuration of a private branch exchange (PBX). The attacker's motivation is to make unauthorized calls to PSTN numbers that are usually charged at high rates and owned by the attacker. As a result, a successful attack can cause a significant financial loss to the owner of PBX. We propose a method for stream-wise and near real-time analysis of the SIP traffic and detection of the described threat. The method was implemented as a module of the Nemea system and deployed on a backbone network. It was evaluated using simulated as well as real attacks.

Published
2015
Pages
87-99
Proceedings
Intelligent Mechanisms for Network Configuration and Security,
Series
Lecture Notes in Computer Science
Volume
9122
Conference
9th International Conference on Autonomous Infrastructure, Management and Security, University of Ghent, BE
ISBN
978-3-319-20033-0
Publisher
Springer International Publishing
Place
Ghent, BE
DOI
UT WoS
000363692200010
EID Scopus
BibTeX
@INPROCEEDINGS{FITPUB10810,
   author = "V\'{a}clav Barto\v{s}",
   title = "Using Application-Aware Flow Monitoring for SIP Fraud Detection",
   pages = "87--99",
   booktitle = "Intelligent Mechanisms for Network Configuration and Security,",
   series = "Lecture Notes in Computer Science",
   volume = 9122,
   year = 2015,
   location = "Ghent, BE",
   publisher = "Springer International Publishing",
   ISBN = "978-3-319-20033-0",
   doi = "10.1007/978-3-319-20034-7\_10",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/10810"
}
Back to top