An Anomaly Based VoIP DoS Attack Detection and Prevention Method Using Fuzzy Logic

Today, Voice over IP (VoIP), also known as Internet telephony, has received lots of attention because of its efficiency and flexibility. Meanwhile, features such as being in text form, has made the Session Initiation Protocol (SIP) as a predominant signaling protocol in VoIP services. However, because of simplicity and openness to public internet, this protocol is exposed to number of threats. One of the most important threats against SIP-VoIP services, is Denial of Service (DoS) attack. In this paper, by the help of normal SIP traffic, an anomaly based method for detecting this kind of attacks due to different type of SIP signaling packets, is presented. A Finite State Machine (FSM) is used for extracting SIP traffic parameters and specifications in normal conditions. Then fuzzy logic is used for detecting attacks using extracted parameters. The proposed method, is fully implemented and tested with the help of Spirent test device. Implementation results showed that this method could detects and prevents DoS attacks with high probability and without causing overhead on the SIP server.