Analyzing results of tests of the functioning new generation network for vulnerability to DoS attacks

The tests aimed at obtaining the data to assess the stability of the next generation network (NGN) to certain types of denial of service (DoS) attacks, as well as the data needed to develop measures to counter such attacks are described. The experiment has been conducted for a test part of the operating NGN and the results obtained are of great practical value. The NGNfeatures are briefly analyzed from the data security standpoint, and the specificity of DoS attacks on a NGN, which is the consequence of these features, is considered. The conditions necessary for the implementation of early detection of attacks on a NGN are determined. The classification of DoS attacks is given. The schemes and scenarios of tests are proposed, in which different types of DoS attacks are simulated on one of the NGN elements. Consequences of such attacks for the network are analyzed briefly. The cumulative sum (CUSUM) algorithm is considered as one of the possible algorithms for early detection of a DoS attack, and an example of application of this algorithm for detecting a DoS attack is given.

References

[1] Sisalem D., Floroiu J., Kuthan J., Abend U., Schulzrinne H. SIP security. Chichester, John Wiley & Sons, 2009. 350 p. doi: 10.1002/9780470516997

[2] Jiang Y, Zheng K., Yang Y., Luo S., Zhao J. Evaluation model for DoS attack effect in softswitch network. Proc. Int. Conf. Commun. Intell. Inf. Secur. (ICCIIS), 2010, pp. 88-91. doi: 10.1109/ICCIIS.2010.30

[3] Gol’dshteyn A.B., Gol’dshteyn B.S. Softswitch. St. Petersburg, BKhV-Peterburg Publ., 2006. 368 p. (in Russ.).

[4] Shcherbakov V.B., Ermakov S.A. Bezopasnost’ besprovodnykh setey: standart IEEE 802.11 [Wireless security: standard IEEE 802.11]. Moscow, RadioSoft Publ., 2010. 255 p.

[5] Ehlert S., Geneiatakis D., Magedanz T. Survey of network security systems to counter SIP-based denial-of-service attacks. Comput. Secur., 2009, vol. 29, no. 2, pp. 225243.

[6] Rosenberg J., Schulzrinne H., Camarillo G., Johnston A., Peterson J., Sparks R., Handley M., Schooler E. SIP: Session Initiation Protocol, RFC 3261, 2002. Available at: http://www.ietf.org/rfc/rfc3261.txt (Accessed 14 July 2013).

[7] SIPp website. Available at: http://sipp.sourceforge.net/ (Accessed 14 July 2013).

[8] Page E.S. Continuous inspection schemes. Biometrika, 1954, vol. 4, nos. 1-2, pp. 100-115. doi:10.1093/biomet/41.1-2.100

[9] Basseville M., Nikiforov I.V. Detection of abrupt changes: theory and application. Prentice-Hall Inc., Englewood Cliffs, 1993. 469 p.

[10] Kim H., Rozovskii B., Tartakovsky A. A nonparametric multichart cusum test for rapid intrusion detection. Int. J. Comput. Inf. Sci., 2004, vol. 2, no. 3, pp. 149-158.

[11] Chen Z., Wen W.,Yu D. Detecting SIP flooding attacks on IP multimedia subsystem (IMS). Proc. Int. Conf. Comput. Networking Commun. (ICNC), 2012, pp. 154-158. doi: 10.1109/ICCNC.2012.6167401

[12] Li W., Guo W., Luo X., Li X. On sliding window based change point detection for hybrid SIP DoS attack. Proc. IEEE Asia-Pac. Serv. Comput. Conf., 2010, pp. 425432. doi: 10.1109/APSCC.2010.84