Change-Point Detection for Voice over IP Denial of Service Attacks

Conference: KiVS 2007 - Kommunikation in Verteilten Systemen - 15. ITG/GI-Fachtagung
02/26/2007 - 03/02/2007 at Bern, Schweiz

Proceedings: KiVS 2007

Pages: 7Language: englishTyp: PDF

Personal VDE Members are entitled to a 10% discount on this title

Rebahi, Yacine (Fraunhofer Institut, Kaiserin Augusta Allee 31, 10589 Berlin, Germany)
Sisalem, Dorgham (Tekelec, Borsigturm 11, 13507 Berlin, Germany)

This paper describes the use of the nonparametric Cumulative Sums (CUSUM) algorithm for detecting flooding attacks against SIP infrastructures. The efficiency of this detection mechanism is validated using trace-driven simulations. Using an appropriate function, the nonparametric CUSUM equations are transformed to some parametric CUSUM equations for a Poisson model. This allowed us to verify the accuracy of the results provided by the experiments.