Application of Visual Analysis to Detect and Analyze Patterns in VoIP Attack Traffic - Citegraph

Paper Info

Title
Application of Visual Analysis to Detect and Analyze Patterns in VoIP Attack Traffic

Abstract
Voice over IP (VoIP) based on SIP is rapidly replacing classical telephony services as providers worldwide migrate their services to IP-based platforms. However, apart from the benefits for providers and customers, telephony is becoming "just another" Internet application which is vulnerable to multiple - both well known and novel - attack and misuse scenarios. We focus in this paper on the attempts to compromise SIP accounts in order to misuse them at the expense of the legitimate owner (Toll-Fraud). Such misuse occurs globally and massively and caused significant damage already. Our study is based on real SIP attack data collected over several years and our long standing expertise in analyzing this data by using standard methods. We show in this paper, that the visual analytics approach by using a node-link visualization diagram tool can provide new insights into attacker behavior, particularly with respect to distributed and coordinated attacks from different sources and specific properties of different popular attack tools. This analysis also revealed the usage of SIP INVITE packets for previously not known purposes in multi-stage attacks. Therefore, this approach provides a valuable and useful addition to the approaches used so far, which are based on statistical analysis or rule-based clustering.

Year	DOI	Venue
2018	10.1109/TrustCom/BigDataSE.2018.00048	2018 17th IEEE International Conference On Trust, Security And Privacy In Computing And Communications/ 12th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE)
Keywords	Field	DocType
VoIP, SIP, Attack traffic, Random User Agent, VaxSIP, SipCLI, Empty UA, Toll-Fraud, Data visualization, Exploratory data analysis, Gephi	Data visualization,Computer science,Computer security,Network packet,Computer network,Visual analytics,Telephony,Cluster analysis,Exploratory data analysis,Voice over IP,The Internet	Conference
ISSN	ISBN	Citations
2324-9013	978-1-5386-4389-1	0
PageRank	References	Authors
0.34	0	4

Authors (4 rows)

Cited by (0 rows)

References (0 rows)

Name	Order	Citations	PageRank
Ekaterina Volodina	1	0	0.34
Adnan Aziz	2	1778	149.76
Erwin P. Rathgeb	3	418	49.45
Tobias Hoßfeld	4	1734	136.57

1