Authors :
Madaki, S. D; Odachi Gabriel C; Joshua Joshua Tom; Ezekwe Chinwe G
Volume/Issue :
Volume 8 - 2023, Issue 1 - January
Google Scholar :
https://bit.ly/3TmGbDi
Scribd :
https://shorturl.at/bhjmr
DOI :
https://doi.org/10.5281/zenodo.8021857
Abstract :
ESOBSTEB SIP- DDoS defense tool is an
internet attack based defense tool that has four
components, the acronym “ESOBSTEB” came from the
four components which are: enhanced SIP proxy server
and an enhanced application layer stateless firewall,
outer attack blocking (OB) component, service traceback
architecture (STBA) and entropy based (EB)
component. The increasing usage of SIP servers for
multimedia transmissions has resulted in a high and
frequent experience of Distributed Denial of Service
(DDoS) attacks. The drive to curb the menace caused by
Distributed denial of service (DDoS) attack which are
threats resulting in huge damages on legitimate Internet
usage and civil security in the last decade has been the
objective of most network security researchers from
academia, industry and also governmental organizations.
This research study intend to fix this gap by first
identifying and detecting the Flood based SIP-App
(D)DoS attacks and create a defense mechanisms against
them using the four components. The enhanced SIP
proxy server updates the firewall with the IP addresses
of legitimate users and alerts the firewall when a
legitimate user IP address expires and should be
removed from the list. The second component of the
framework that will be deployed at the edge router
compares and examines the IP source of the incoming
request according to its blacklist database table and
blocks or forwards it to the next part of the framework.
The third part of the framework validates whether the
incoming request is launched by a human (real web
browser) or by an automated tool (bots) and it traces
back the incoming request in order to find out the true
IP attacking source. The forth part of the framework
detects anomalies in SIP network traffic and to
differentiate whether it is high rate DDoS (HR-DDoS)
attacks or flash crowd (FC) attacks. In case EB classifies
that the incoming SIP network traffic is high rate SIP
DoS/DDoS (HR-DDoS) attacks, it blocks it immediately.
Whereas if EB classifies that the incoming SIP network
traffic is flash crowd (FC) attacks, it decreases the
maximum connection's timeout value and decreases the
maximum allowed request per this timeout, until these
two values reach zero. Once the values of the timeout
and the maximum allowed requests reach zero, EB
component disables KeepAlive feature of SIP connection.
The framework will be simulated with practical
experiments of AntiDDoS_Shield system on NS2
simulation environment.
Keywords :
ESOBSTEB SIP- DDoS Defense Tool, Enhanced SIP Proxy Server, Outer Attack Blocking (OB) Component, Service Traceback Architecture (STBA) and Entropy based (EB) Component
ESOBSTEB SIP- DDoS defense tool is an
internet attack based defense tool that has four
components, the acronym “ESOBSTEB” came from the
four components which are: enhanced SIP proxy server
and an enhanced application layer stateless firewall,
outer attack blocking (OB) component, service traceback
architecture (STBA) and entropy based (EB)
component. The increasing usage of SIP servers for
multimedia transmissions has resulted in a high and
frequent experience of Distributed Denial of Service
(DDoS) attacks. The drive to curb the menace caused by
Distributed denial of service (DDoS) attack which are
threats resulting in huge damages on legitimate Internet
usage and civil security in the last decade has been the
objective of most network security researchers from
academia, industry and also governmental organizations.
This research study intend to fix this gap by first
identifying and detecting the Flood based SIP-App
(D)DoS attacks and create a defense mechanisms against
them using the four components. The enhanced SIP
proxy server updates the firewall with the IP addresses
of legitimate users and alerts the firewall when a
legitimate user IP address expires and should be
removed from the list. The second component of the
framework that will be deployed at the edge router
compares and examines the IP source of the incoming
request according to its blacklist database table and
blocks or forwards it to the next part of the framework.
The third part of the framework validates whether the
incoming request is launched by a human (real web
browser) or by an automated tool (bots) and it traces
back the incoming request in order to find out the true
IP attacking source. The forth part of the framework
detects anomalies in SIP network traffic and to
differentiate whether it is high rate DDoS (HR-DDoS)
attacks or flash crowd (FC) attacks. In case EB classifies
that the incoming SIP network traffic is high rate SIP
DoS/DDoS (HR-DDoS) attacks, it blocks it immediately.
Whereas if EB classifies that the incoming SIP network
traffic is flash crowd (FC) attacks, it decreases the
maximum connection's timeout value and decreases the
maximum allowed request per this timeout, until these
two values reach zero. Once the values of the timeout
and the maximum allowed requests reach zero, EB
component disables KeepAlive feature of SIP connection.
The framework will be simulated with practical
experiments of AntiDDoS_Shield system on NS2
simulation environment.
Keywords :
ESOBSTEB SIP- DDoS Defense Tool, Enhanced SIP Proxy Server, Outer Attack Blocking (OB) Component, Service Traceback Architecture (STBA) and Entropy based (EB) Component