Intrusion detection in Voice-over-IP environments

SciDive & SpaceDive: Intrusion Detection in Voice-over-IP Environments

Started: 2003 Ended: 2009

Contributors: Yu-Sung Wu, Vinita Apte, Ratsameetip Wita, Saurabh Bagchi (Purdue)

Navjot Singh, Sachin Garg, Tim Tsai (Avaya)

Voice over IP (VoIP) systems have gained traction as the technology for transmitting voice traffic over IP networks. However, they are being subjected to different kinds of intrusions, some of which are specific to such systems, and some of which follow a general pattern of attacks against an IP infrastructure. VoIP systems posed several new challenges to IDS designers. First, these systems employ multiple protocols for call management and data delivery. Second, the systems are distributed in nature and employ distributed clients, servers, and proxies. Third, the attacks against such systems span a large class, from denial of service to billing fraud. Finally, the systems are heterogeneous and typically under several different administrative domains, e.g., the proxy server may be provided by the service provider and the client managed by the home organization.

We developed for the first time an IDS specialized to VoIP systems. The first part of our work in this domain consisted of a simple single-component intrusion detection system called SciDive. In the second part, we extended the design of SciDive and built a distributed and correlation-based intrusion detection system called SpaceDive. Finally, we designed a real-time spam detection software for VoIP calls.

Our work was funded by Avaya and it was technically adopted within Avaya in its product offerings. We had two patent filings jointly with Avaya.

References

[1] Yu-Sung Wu, Vinita Apte, Saurabh Bagchi, Sachin Garg, and Navjot Singh, “Intrusion Detection in Voice-over-IP Environments,” Springer International Journal of Information Security (IJIS), Volume 8 , Issue 3, pp. 153-172, June 2009.

[2] Yu-Sung Wu, Saurabh Bagchi, Navjot Singh and Ratsameetip Wita, “Spam Detection in Voice-Over-IP Calls through Semi-Supervised Clustering,” At the 39th Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN), Lisbon, Portugal, pp. 307-316, June 29-July 2, 2009.

[3] Vinita Apte, Yu-Sung Wu, Saurabh Bagchi, Sachin Garg, and Navjot Singh, “SpaceDive: A Distributed Intrusion Detection System for Voice-over-IP Environments,” Appeared at the IEEE International Conference on Dependable Systems and Networks (DSN) as a Fast Abstracts paper, 2 pages, June 25-28, 2006, Philadelphia, USA.

[4] Saurabh Bagchi, Yu-Sung Wu (Purdue U., USA), Sachin Garg, Navjot Singh, and Tim Tsai (Avaya Labs, USA) “SCIDIVE: A Stateful and Cross Protocol Intrusion Detection Architecture for Voice-over-IP Environments,” In Proceedings of the IEEE Dependable Systems and Networks Conference (DSN), pp. 401-410, June 28-July 1, 2004, Florence, Italy.