University of Hertfordshire

By the same authors

Telephony Denial of Service Defense at Data Plane (TDoSD@DP)

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Documents

View graph of relations
Original languageEnglish
Title of host publicationIEEE/IFIP Network Operations and Management Symposium
Subtitle of host publicationCognitive Management in a Cyber World, NOMS 2018
PublisherIEEE
Pages1-6
Number of pages6
ISBN (Electronic)9781538634165
DOIs
Publication statusPublished - 6 Jul 2018
EventThe First IEEE Workshop on Programmable Data Plane (PDP) in the IEEE/IFIP Network Operations and Management Symposium 2018: IEEE -
Duration: 23 Apr 2018 → …

Conference

ConferenceThe First IEEE Workshop on Programmable Data Plane (PDP) in the IEEE/IFIP Network Operations and Management Symposium 2018
Period23/04/18 → …

Abstract

The Session Initiation Protocol (SIP) is an
application-layer control protocol used to establish and terminate
calls that are deployed globally. A flood of SIP INVITE packets
sent by an attacker causes a Telephony Denial of Service
(TDoS) incident, during which legitimate users are unable to use
telephony services. Legacy TDoS defense is typically implemented
as network appliances and not sufficiently deployed to enable
early detection. To make TDoS defense more widely deployed
and yet affordable, this paper presents TDoSD@DP where TDoS
detection and mitigation is programmed at the data plane so
that it can be enabled on every switch port and therefore serves
as distributed SIP sensors. With this approach, the damage is
isolated at a particular switch and bandwidth saved by not
sending attack packets further upstream. Experiments have been
performed to track the SIP state machine and to limit the number
of active SIP session per port. The results show that TDoSD@DP
was able to detect and mitigate ongoing INVITE flood attack,
protecting the SIP server, and limiting the damage to a local
switch. Bringing the TDoS defense function to the data plane
provides a novel data plane application that operates at the SIP
protocol and a novel approach for TDoS defense implementation.

ID: 13580006