ESOBSTEB SIP- DDoS Defense Tool: An Aggressive Defense Framework for Detecting and Countering Flood based SIP-App (D)DoS Attacks on the Internet


Authors : Madaki, S. D; Odachi Gabriel C; Joshua Joshua Tom; Ezekwe Chinwe G

Volume/Issue : Volume 8 - 2023, Issue 1 - January

Google Scholar : https://bit.ly/3TmGbDi

Scribd : https://shorturl.at/bhjmr

DOI : https://doi.org/10.5281/zenodo.8021857

Abstract : ESOBSTEB SIP- DDoS defense tool is an internet attack based defense tool that has four components, the acronym “ESOBSTEB” came from the four components which are: enhanced SIP proxy server and an enhanced application layer stateless firewall, outer attack blocking (OB) component, service traceback architecture (STBA) and entropy based (EB) component. The increasing usage of SIP servers for multimedia transmissions has resulted in a high and frequent experience of Distributed Denial of Service (DDoS) attacks. The drive to curb the menace caused by Distributed denial of service (DDoS) attack which are threats resulting in huge damages on legitimate Internet usage and civil security in the last decade has been the objective of most network security researchers from academia, industry and also governmental organizations. This research study intend to fix this gap by first identifying and detecting the Flood based SIP-App (D)DoS attacks and create a defense mechanisms against them using the four components. The enhanced SIP proxy server updates the firewall with the IP addresses of legitimate users and alerts the firewall when a legitimate user IP address expires and should be removed from the list. The second component of the framework that will be deployed at the edge router compares and examines the IP source of the incoming request according to its blacklist database table and blocks or forwards it to the next part of the framework. The third part of the framework validates whether the incoming request is launched by a human (real web browser) or by an automated tool (bots) and it traces back the incoming request in order to find out the true IP attacking source. The forth part of the framework detects anomalies in SIP network traffic and to differentiate whether it is high rate DDoS (HR-DDoS) attacks or flash crowd (FC) attacks. In case EB classifies that the incoming SIP network traffic is high rate SIP DoS/DDoS (HR-DDoS) attacks, it blocks it immediately. Whereas if EB classifies that the incoming SIP network traffic is flash crowd (FC) attacks, it decreases the maximum connection's timeout value and decreases the maximum allowed request per this timeout, until these two values reach zero. Once the values of the timeout and the maximum allowed requests reach zero, EB component disables KeepAlive feature of SIP connection. The framework will be simulated with practical experiments of AntiDDoS_Shield system on NS2 simulation environment.

Keywords : ESOBSTEB SIP- DDoS Defense Tool, Enhanced SIP Proxy Server, Outer Attack Blocking (OB) Component, Service Traceback Architecture (STBA) and Entropy based (EB) Component

ESOBSTEB SIP- DDoS defense tool is an internet attack based defense tool that has four components, the acronym “ESOBSTEB” came from the four components which are: enhanced SIP proxy server and an enhanced application layer stateless firewall, outer attack blocking (OB) component, service traceback architecture (STBA) and entropy based (EB) component. The increasing usage of SIP servers for multimedia transmissions has resulted in a high and frequent experience of Distributed Denial of Service (DDoS) attacks. The drive to curb the menace caused by Distributed denial of service (DDoS) attack which are threats resulting in huge damages on legitimate Internet usage and civil security in the last decade has been the objective of most network security researchers from academia, industry and also governmental organizations. This research study intend to fix this gap by first identifying and detecting the Flood based SIP-App (D)DoS attacks and create a defense mechanisms against them using the four components. The enhanced SIP proxy server updates the firewall with the IP addresses of legitimate users and alerts the firewall when a legitimate user IP address expires and should be removed from the list. The second component of the framework that will be deployed at the edge router compares and examines the IP source of the incoming request according to its blacklist database table and blocks or forwards it to the next part of the framework. The third part of the framework validates whether the incoming request is launched by a human (real web browser) or by an automated tool (bots) and it traces back the incoming request in order to find out the true IP attacking source. The forth part of the framework detects anomalies in SIP network traffic and to differentiate whether it is high rate DDoS (HR-DDoS) attacks or flash crowd (FC) attacks. In case EB classifies that the incoming SIP network traffic is high rate SIP DoS/DDoS (HR-DDoS) attacks, it blocks it immediately. Whereas if EB classifies that the incoming SIP network traffic is flash crowd (FC) attacks, it decreases the maximum connection's timeout value and decreases the maximum allowed request per this timeout, until these two values reach zero. Once the values of the timeout and the maximum allowed requests reach zero, EB component disables KeepAlive feature of SIP connection. The framework will be simulated with practical experiments of AntiDDoS_Shield system on NS2 simulation environment.

Keywords : ESOBSTEB SIP- DDoS Defense Tool, Enhanced SIP Proxy Server, Outer Attack Blocking (OB) Component, Service Traceback Architecture (STBA) and Entropy based (EB) Component

Never miss an update from Papermashup

Get notified about the latest tutorials and downloads.

Subscribe by Email

Get alerts directly into your inbox after each post and stay updated.
Subscribe
OR

Subscribe by RSS

Add our RSS to your feedreader to get regular updates from us.
Subscribe