Voice over IP (VoIP) systems are gaining in popularity as the technology for transmitting voice traffic over IP networks. As the popularity of VoIP systems increases and VoIP services become commercial, the systems are likely to be subjected to different kinds of intrusions, some of which are specific to such systems, and some of which are shared with general-purpose data networks. There have been enormous strides made in the field of inrusion detection systems (IDS) for general-purpose data networks. However, intrusion detection systems and intrusion prevention systems (IPS) for VoIP systems have lagged far behind. VoIP systems pose several new challenges to IDS and IPS designers. First, these systems employ multiple protocols for call management and data delivery. Within each class, there may be multiple protocols co-existing in the system. Second, the systems are distributed in nature and employ distributed clients, servers, and proxies thereby increasing the access points for an adversary. Third, VoIP traffic is delay sensitive and therefore launching a denial of service is easier than in conventional networks—for example, increase the latency or the jitter of the packets. Finally, the systems are heterogeneous and typically under several different administrative domains, e.g., the proxy server may be provided by the service provider and the client managed by the home organization.
We have been developing a system for intrusion detection and intrusion prevention customized to VoIP systems, called SpaceDive. The system comprises multiple components, which are distributed among the end clients and the servers. SpaceDive provides fast matching of network packets at a host against a rulebase specified in a novel language, coordination among multiple components to detect attacks that manifest themselves at multiple points of the network, and mechanism for aborting an attack based on initial symptoms. At the next level of sophistication, SpaceDive is customized to learn to detect previously unknown attacks. It uses machine learning clustering to detect spam VoIP calls and build profiles of legitimate behavior.
The requirements driving the design of SpaceDive are outlined below.
Our current work is focusing on the following directions.
Current Students: Yu-Sung Wu (PhD), Ratsameetip Wita (Exchange student)
Collaborators: Navjot Singh (Avaya)
Past Students: Vinita Apte (MS)
Papers: See here.