Abstract
The Session Initiation Protocol (SIP) is an
application-layer control protocol used to establish and terminate
calls that are deployed globally. A flood of SIP INVITE packets
sent by an attacker causes a Telephony Denial of Service
(TDoS) incident, during which legitimate users are unable to use
telephony services. Legacy TDoS defense is typically implemented
as network appliances and not sufficiently deployed to enable
early detection. To make TDoS defense more widely deployed
and yet affordable, this paper presents TDoSD@DP where TDoS
detection and mitigation is programmed at the data plane so
that it can be enabled on every switch port and therefore serves
as distributed SIP sensors. With this approach, the damage is
isolated at a particular switch and bandwidth saved by not
sending attack packets further upstream. Experiments have been
performed to track the SIP state machine and to limit the number
of active SIP session per port. The results show that TDoSD@DP
was able to detect and mitigate ongoing INVITE flood attack,
protecting the SIP server, and limiting the damage to a local
switch. Bringing the TDoS defense function to the data plane
provides a novel data plane application that operates at the SIP
protocol and a novel approach for TDoS defense implementation.
application-layer control protocol used to establish and terminate
calls that are deployed globally. A flood of SIP INVITE packets
sent by an attacker causes a Telephony Denial of Service
(TDoS) incident, during which legitimate users are unable to use
telephony services. Legacy TDoS defense is typically implemented
as network appliances and not sufficiently deployed to enable
early detection. To make TDoS defense more widely deployed
and yet affordable, this paper presents TDoSD@DP where TDoS
detection and mitigation is programmed at the data plane so
that it can be enabled on every switch port and therefore serves
as distributed SIP sensors. With this approach, the damage is
isolated at a particular switch and bandwidth saved by not
sending attack packets further upstream. Experiments have been
performed to track the SIP state machine and to limit the number
of active SIP session per port. The results show that TDoSD@DP
was able to detect and mitigate ongoing INVITE flood attack,
protecting the SIP server, and limiting the damage to a local
switch. Bringing the TDoS defense function to the data plane
provides a novel data plane application that operates at the SIP
protocol and a novel approach for TDoS defense implementation.
Original language | English |
---|---|
Title of host publication | IEEE/IFIP Network Operations and Management Symposium |
Subtitle of host publication | Cognitive Management in a Cyber World, NOMS 2018 |
Publisher | Institute of Electrical and Electronics Engineers (IEEE) |
Pages | 1-6 |
Number of pages | 6 |
ISBN (Electronic) | 9781538634165 |
DOIs | |
Publication status | Published - 6 Jul 2018 |
Event | The First IEEE Workshop on Programmable Data Plane (PDP) in the IEEE/IFIP Network Operations and Management Symposium 2018: IEEE - Duration: 23 Apr 2018 → … |
Conference
Conference | The First IEEE Workshop on Programmable Data Plane (PDP) in the IEEE/IFIP Network Operations and Management Symposium 2018 |
---|---|
Period | 23/04/18 → … |
Keywords
- Data plane
- DDoS
- DoS
- P4
- SDN
- SIP