Czech language  English language

Publikace a výzkumné zprávy - detail dokumentu

Jan Stanek, Luk Kencl
SIP Protector: Defense Architecture Mitigating DDoS Flood Attacks Against SIP Servers
IEEE International Conference on Communications (ICC)
First IEEE International Workshop on Security and Forensics in Communication Systems (SFCS)
June 10-15, 2012 | Ottawa, Canada

As Voice-over-IP becomes a commonly used technology, the need to keep it secure and reliable has grown. Session Initiation Protocol (SIP) is most often used to deploy VoIP and therefore SIP servers, the base components of SIP, are the most obvious targets of potential attacks. It has been demonstrated, that SIP servers are highly prone to DDoS flood attacks, yet no generally accepted defense solution mitigating these attacks is available. We propose a novel defense architecture against SIP DDoS floods, based upon a redirection mechanism and a combination of source and destination traffic filtering, exploiting the combined advantage of all the three techniques. We show that the proposed solution effectively mitigates various types of SIP DDoS flood attacks, discuss its strengths and weaknesses and propose its potential usability for other protocols. We also provide results of performance evaluation of the defense solution deployed in a SIP testbed.

This work was kindly supported by CESNET z.s.p.o.,


R&D Centre (RDC) for Mobile Applications
Katedra telekomunikacní techniky
Fakulta elektrotechnická
ČVUT v Praze
Technická 2, 166 27 Praha 6
Česká republika

Tel.: (+420) 224 355 991
Fax.: (+420) 233 335 999