RTP-miner: a real-time security framework for RTP fuzzing attacks - Citegraph

Paper Info

Title
RTP-miner: a real-time security framework for RTP fuzzing attacks

Abstract
Real-time Transport Protocol (RTP) is a widely adopted standard for transmission of multimedia traffic in Internet telephony (commonly known as VoIP). Therefore, it is a hot potential target for imposters who can launch different types of Denial of Service (DoS) attacks to disrupt communication; resulting in not only substantive revenue loss to VoIP operators but also undermining the reliability of VoIP infrastructure. The major contribution of this paper is an online framework -- RTP-Miner -- that detects RTP fuzzing attacks in realtime; as a result, it is not possible to deny access to legitimate users. RTP-Miner can detect both header and payload fuzzing attacks. Fuzzing in the header of RTP packets is detected by combining well known distance measures with a decision tree based classifier. In comparison, payload fuzzing is detected through a novel Markov state space model at the receiver. We evaluate RTP-Miner on a realworld RTP traffic dataset. The results show that RTP-Miner detects fuzzing in RTP header with more than 98% accuracy and less than 0.1% false alarm rate even when only 3% fuzzing is introduced. For the same fuzzing rate, it detects payload fuzzing -- a significantly more challenging problem -- with more than 80% accuracy and less than 2% false alarm rate. RTP-Miner has low memory and processing overheads that makes it well suited for deployment in real world VoIP infrastructure.

Year	DOI	Venue
2010	10.1145/1806565.1806587	NOSSDAV
Keywords	Field	DocType
realworld rtp traffic dataset,fuzzing rate,real-time security framework,rtp header,false alarm rate,payload fuzzing,voip infrastructure,rtp packet,payload fuzzing attack,detects rtp fuzzing attack,voip operator,stochastic models,voip,dos attack,state space model,machine learning,real time,stochastic model,internet telephony,decision tree,denial of service	Fuzz testing,Denial-of-service attack,Computer science,Network packet,Computer network,Real-time computing,Header,Constant false alarm rate,Real-time Transport Protocol,Payload,Voice over IP	Conference
Citations	PageRank	References
2	0.41	12
Authors
2

Authors (2 rows)

Cited by (2 rows)

References (12 rows)

Name	Order	Citations	PageRank
M. Ali Akbar	1	29	1.92
Muddassar Farooq	2	1221	83.47

1