A method for disguising malformed SIP messages to evade SIP IDS

Malformed SIP attacks are threatening the security of VoIP system, such as IP Multimedia Subsystem, which uses SIP (Session Initiation Protocol) as its core protocol. Though IDSs (Intrusion Detection System) supporting malformed SIP detection had been produced, it was not clear to what extent they can detect disguised malformed SIP messages. This paper analyzes the condition of SIP IDS evasion and proposes a method for disguising malformed SIP messages. Based on the disguising method, a testing system is built for evaluation the capability of SIP IDS on evasion defending. The result of the experiments show that the proposed method can improve the evasion rate of malformed SIP messages considerably, which means the defending capability of SIP IDSs should be improved to prevent them from evasion. © 2013 ACADEMY PUBLISHER.