As Voice over Internet Protocol (VoIP) or internet telephony became so popular, it has faced more security threats in comparison with traditional Public Switched Telephone Network (PSTN). Using IP-based infrastructures like public internet and signaling protocols such as Session Initiation Protocol (SIP), have been subjected this technology to various kinds of attacks. Denial of Service (DoS) attack, due to the flooding different kinds of SIP messages, is one of the most well-known type of these attacks. In this paper a new anomaly-based method for detecting and preventing different kinds of flooding attacks using SIP normal traffic modeling, is proposed. To reach this goal, SIP specifications are modeled and required parameters are extracted by the help of a FSM in order to use in fuzzy systems. Fuzzy systems results, put the proposed method in a predefined state. For prevention purposes, a filtering-based method using whitelist, is provided. Implementation results represent the fact that, the proposed method detects mentioned attacks more accurately in comparison with similar methods.

Keywords