TY - JOUR
T1 - A comprehensive study of flooding attack consequences and countermeasures in Session Initiation Protocol (SIP)
AU - Hussain, Intesab
AU - Djahel, Soufiene
AU - Zhang, Zonghua
AU - Naït-Abdesselam, Farid
N1 - Funding Information:
Supported, in part, by Science Foundation Ireland grant 10/CE/I1855 and by Science Foundation Ireland grant 13/RC/2094.
Publisher Copyright:
© 2015 John Wiley & Sons, Ltd.
PY - 2015/12/1
Y1 - 2015/12/1
N2 - Session Initiation Protocol (SIP) is widely used as a signaling protocol to support voice and video communication in addition to other multimedia applications. However, it is vulnerable to several types of attacks because of its open nature and lack of a clear defense line against the increasing spectrum of security threats. Among these threats, flooding attack, known by its destructive impact, targets both of SIP User Agent Server (UAS) and User Agent Client (UAC), leading to a denial of service in Voice over IP applications. In particular, INVITE message is considered as one of the major root causes of flooding attacks in SIP. This is due to the fact that an attacker may send numerous INVITE requests without waiting for responses from the UAS or the proxy in order to exhaust their respective resources. Most of the devised solutions to cope with the flooding attack are either difficult to deploy in practice or require significant changes in the SIP servers implementation. Apart from these challenges, flooding attacks are much more diverse in nature, which makes the task of defeating them a real challenge. In this survey, we present a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences. We also classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets. Moreover, we conduct a thorough investigation of the main strengths and weaknesses of these solutions and deeply analyze the underlying assumptions of each of them for better understanding of their limitations. Finally, we provide some recommendations for enhancing the effectiveness of the surveyed solutions and address some open challenges.
AB - Session Initiation Protocol (SIP) is widely used as a signaling protocol to support voice and video communication in addition to other multimedia applications. However, it is vulnerable to several types of attacks because of its open nature and lack of a clear defense line against the increasing spectrum of security threats. Among these threats, flooding attack, known by its destructive impact, targets both of SIP User Agent Server (UAS) and User Agent Client (UAC), leading to a denial of service in Voice over IP applications. In particular, INVITE message is considered as one of the major root causes of flooding attacks in SIP. This is due to the fact that an attacker may send numerous INVITE requests without waiting for responses from the UAS or the proxy in order to exhaust their respective resources. Most of the devised solutions to cope with the flooding attack are either difficult to deploy in practice or require significant changes in the SIP servers implementation. Apart from these challenges, flooding attacks are much more diverse in nature, which makes the task of defeating them a real challenge. In this survey, we present a comprehensive study of flooding attack against SIP, by addressing its different variants and analyzing its consequences. We also classify the existing solutions according to the different flooding behaviors they are dealing with, their types, and targets. Moreover, we conduct a thorough investigation of the main strengths and weaknesses of these solutions and deeply analyze the underlying assumptions of each of them for better understanding of their limitations. Finally, we provide some recommendations for enhancing the effectiveness of the surveyed solutions and address some open challenges.
KW - DoS
KW - Intrusion detection
KW - Network security
KW - SIP
KW - SIP security
KW - VoIP
UR - http://www.scopus.com/inward/record.url?scp=84959370200&partnerID=8YFLogxK
U2 - 10.1002/sec.1328
DO - 10.1002/sec.1328
M3 - Review article
AN - SCOPUS:84959370200
VL - 8
SP - 4436
EP - 4451
JO - Security and Communication Networks
JF - Security and Communication Networks
SN - 1939-0114
IS - 18
ER -