Search results
(1 - 1 of 1)
- Title
- REAL-TIME INTRUSION DETECTION FOR VOIP OVER WIRELESS NETWORKS
- Creator
- Tang, Jin
- Date
- 2012-07-16, 2012-07
- Description
-
Voice over IP (VoIP) has emerged as a prevailing application in recent years. At the same time, with the increasing coverage of the IEEE 802...
Show moreVoice over IP (VoIP) has emerged as a prevailing application in recent years. At the same time, with the increasing coverage of the IEEE 802.11 based wireless networks, VoIP over wireless networks is drawing extensive attention in both academia and industry. Due to the openness and distributed nature of the protocols involved in VoIP over wireless, such as the session initiation protocol (SIP) and the IEEE 802.11 standard, it becomes easy for malicious users in the network to achieve their own gain or disrupt the service by deviating from the normal protocol behaviors. The main objective of this research is to develop real-time intrusion detection techniques that can quickly track down the malicious behaviors which manipulate the vulnerabilities from either VoIP or 802.11 protocols. Further, we will achieve the objective without requiring modification to the relevant standard protocols, and develop analytical tools to guide the detection system design for guaranteed performance. Specifically, for the malicious selfish misbehavior utilizing vulnerabilities of the 802.11 protocol, we design a real-time detector, termed as the fair share detector (FS detector), which exploits the non-parametric cumulative sum (CUSUM) test to quickly find a selfish malicious node without any a priori knowledge of the statistics of the selfish misbehavior. And while most of the existing schemes for selfish misbehavior detection depend on heuristic parameter configuration and experimental performance evaluation, we develop a Markov chain based analytical model to systematically study the FS detector. Based on the analytical model, we can quantitatively compute the system configuration parameters for guaranteed performance. Further, to achieve better detection performance, we enhance the FS detector to develop an adaptive detector with the Markov decision process (MDP). Then based on a reward function defined by us, we are able to determine an optimal decision policy to maximize the overall system benefit through a linear programming formulation. The optimal policy also indicates the operation of the adaptive detector, which yields better performance in both false positive rate and detection delay. For attacks on the SIP layer, we first focus on the well-known flooding attack and develop an online scheme to detect and subsequently prevent the attack, by integrating a novel three-dimensional sketch design with the Hellinger distance detection technique. Also, we address the stealthy attack, where intelligent attackers can afford long time to attack the system, and only incur minor changes to the system within each sampling period. To identify such attacks in the early stage for a timely response, we propose a detection scheme based on the signal processing technique wavelet, which is able to quickly expose the changes induced by the attacks. Moreover, we identify a new type of malformed message attack that can manipulate both the “Session-Expires” header in the SIP message and openness of wireless protocols to severely drain the network resources. We develop a detection method based on the Anderson-Darling test to deal with such attacks. In the future work, we will continue with the CUSUM-based framework for selfish misbehavior detection over practical multi-hop wireless networks with guaranteed performance. It is expected that we can generate distributed CUSUM-based detection mechanisms for the multi-hop networks, analytical tools for the distributed detection system, and configuration parameter selection methods for guaranteed detection performance. Moreover, as attackers can employ the openness of the 802.11 protocols to generate more severe and harder-to-detect attacks to the SIP based VoIP system, to further enhance the detection performance, we plan to develop cross-layer intrusion detection techniques for the system.
Ph.D. in Computer Engineering, July 2012
Show less