Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic

摘要

Security issues like service misuse and fraud are emerging problems of SIP-based networks. To devise effective countermeasures it is important to know how these attacks are launched in reality. Multi-stage attacks to commit Toll Fraud are already known in principle. We have identified different variations in these attack patterns by analyzing over 25 GByte of SIP attack traffic collected in our SIP Honeynet over a period of three years i.e., from December 2009 to November 2012. Based on this analysis, we have developed a Generic Attack Replay tool (GART) which allows replaying samples of the major attack variants in arbitrary network setups. This tool can be used for evaluation of detection and mitigation components where realistic and reproducible attack traffic is needed. The tool described here and the sample database will be made available to interested groups.