BLAZE: A MOBILE AGENT PARADIGM FOR VOIP INTRUSION DETECTION SYSTEMS

Kapil Singh, Son Vuong

2004

Abstract

IP telephony—also known as Voice over IP or VoIP—is becoming a key driver in the evolution of voice communications. VoIP technology is useful not only for phones but also as a broad application platform enabling voice interactions on devices such as PCs, mobile handhelds, and many other application devices where voice communication is an important feature. As the popularity of the VoIP systems increases, they are fast becoming a subject of a variety of intrusions. Some of these attacks are specific to VoIP systems, while others are general attacks on network traffic. In this paper, we propose an intrusion detection system framework for VoIP applications, called BLAZE. BLAZE has the capability to detect a variety of already known attacks, including Denial-of-Service attacks and media stream attacks and is novel enough to detect new attacks. It uses the mobile agent framework for collection and correlation of events among various network elements. The biggest advantage of using mobile agents in this framework is that we are not required to develop any new protocol for the intrusion detection support. Also, the functionality to perform the required recovery can be dynamically added to the mobile agents without changing the underlying VoIP protocols. We also present the concept of developing user profiles based on the user’s call behaviour. These profiles form the baseline against which any future behaviour of the user can be mapped to detect any new attack.

References

  1. Vuong S., Bai Y., 2003. A Survey of VoIP Intrusions and Intrusion Detections. Technical Report, Department of Computer Science, the University of British Columbia.
  2. ITU-T, 1998. Packet-based multimedia communication systems. Recommendation H.323, February 1998.
  3. Handley M., 1999. SIP: Session Initiation Protocol. RFC 2543.
  4. Arango M., 1999. Media Gateway Control Protocol (MGCP) Version 1.0. RFC 2705.
  5. Cuervo F., 2000. Megaco Protocol Version 1.0. RFC 3015.
  6. Roesch M., 1999. Snort - Lightweight Intrusion Detection for Networks. In Proceedings of USENIX LISA'99.
  7. Farmer D., 2000. What are MACtimes? Dr. Dobb's Journal, October 2000.
  8. Orebaugh A., Morris G., Warnicke E., Ramirez G., 2004. Ethereal Packet Sniffing, Syngress Publishing.
  9. Denning D.E., 1987. An intrusion-detection model. In IEEE Transactions on Software Engineering, 13, pages 222-232.
  10. Smaha S.E., 1988. Haystack: An intrusion detection system. In Proceedings of the Fourth Computer Security Applications Conference, pp. 37-44.
  11. Lunt T.F., 1990. IDES: An intelligent system for detecting intruders. In Proceedings of the Symposium: Computer Security, Threat and Countermeasures.
  12. Frank J., 1994. Machine Learning and intrusion detection: Current and future directions. In Proceedings of the 17th National Computer Security Conference.
  13. Lane T., Brodley C.E., 1997. An Application of Machine Learning to Anomaly Detection. In Proceedings of the 20th NIST-NCSC National Information Systems Security Conference.
  14. Helmer G., Wong Johnny S.K., Honavar V., Miller L., Wang Y., 2000. Lightweight Agents for Intrusion Detection. Journal of Systems and Software, Volume 67, Issue 2, August 2004, pages 109-122.
Download


Paper Citation


in Harvard Style

Singh K. and Vuong S. (2004). BLAZE: A MOBILE AGENT PARADIGM FOR VOIP INTRUSION DETECTION SYSTEMS . In Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004) ISBN 972-8865-15-5, pages 238-245. DOI: 10.5220/0001406002380245


in Bibtex Style

@conference{svoipnet04,
author={Kapil Singh and Son Vuong},
title={BLAZE: A MOBILE AGENT PARADIGM FOR VOIP INTRUSION DETECTION SYSTEMS},
booktitle={Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004)},
year={2004},
pages={238-245},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0001406002380245},
isbn={972-8865-15-5},
}


in EndNote Style

TY - CONF
JO - Proceedings of the First International Conference on E-Business and Telecommunication Networks - Volume 1: SVoIPNet, (ICETE 2004)
TI - BLAZE: A MOBILE AGENT PARADIGM FOR VOIP INTRUSION DETECTION SYSTEMS
SN - 972-8865-15-5
AU - Singh K.
AU - Vuong S.
PY - 2004
SP - 238
EP - 245
DO - 10.5220/0001406002380245