A Privacy-Preserving Entropy-Driven Framework for Tracing DoS Attacks in VoIP

TSIATSIKAS, Zisis; GENEIATAKIS, Dimitrios; KAMBOURAKIS, Georgios; KEROMYTIS, Angelos

doi:10.1109/ARES.2013.30

Network audit trails, especially those composed of application layer data, can be a valuable source of information regarding the investigation of attack incidents. Nevertheless, the analysis of log files of large volume is usually both complex (slow) and privacy-neglecting. Especially, when it comes to VoIP, the literature on how audit trails can be exploited to identify attacks remains scarce. This paper provides an entropy-driven, privacy preserving, and practical framework for detecting resource consumption attacks in VoIP ecosystems. We extensively evaluate our framework under various attack scenarios involving single and multiple assailants. The results obtained show that the proposed scheme is capable of identifying malicious traffic with a false positive alarm rate up to 3.5%.

TSIATSIKAS Zisis; GENEIATAKIS Dimitrios; KAMBOURAKIS Georgios; KEROMYTIS Angelos;

2013-11-28

IEEE

JRC83997

978-0-7695-5008-4/13,

http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=6657244&tag=1, https://publications.jrc.ec.europa.eu/repository/handle/JRC83997,

10.1109/ARES.2013.30,

Language	Citation

Name	Country	City	Type

Datasets

ID	Title	Public URL

Dataset collections

ID	Acronym	Title	Public URL

Scripts / source codes

Description	Public URL

Additional supporting files

File name	Description	File type

Items published in the JRC Publications Repository are protected by copyright, with all rights reserved, unless otherwise indicated. Additional information: https://ec.europa.eu/info/legal-notice_en#copyright-notice