Development of a Distributed VoIP Honeypot System with Advanced Malicious Traffic Detection

  • Ladislav BehanEmail author
  • Lukas Sevcik
  • Miroslav Voznak
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 554)


The number of active users using Voice over IP (VoIP) services has an increasing tendency. With an expanding number of users, there is also a rapid increase in the number of hackers interested in attacking the VoIP communication system. This paper aims at detecting malicious SIP traffic and also deals with the security of the VoIP architecture issue. It is not a trivial matter to secure the VoIP system because exploiting the vulnerabilities of IP based telecommunication systems have increased. It is crucial to develop a tool that would be able to detect these attacks, analyse collected data, monitor attackers progress and to prepare an effective way of how to defend against VoIP attackers. That was the primary motivation why we have decided to develop our honeypot solution which can detect attacks on VoIP infrastructure, and it is adapted to the new security threats and which is designed according to the needs of the telecommunications market. Our VoIP honeypot is implemented purely in JAVA programming language and is capable of capturing and processing various types of attacks. The whole project is based on a Linux distribution, ready for the easiest deployment because it is prepared as a virtual machine image.


VoIP Honeypot Flood DoS Spit Attacks 



This work was supported by the VSB-Technical University of Ostrava, Czech Republic - Networks and Telecommunications Technologies for Smart Cities under SGS Grant SP2018/59.


  1. 1.
    Behan, L., Kapicak, L., Jalowiczor, J.: Development and implementation of VoIP honeypots with wide range of analysis. In: Proceedings of SPIE 10630, Cyber Sensing 2018, vol. 106300S, 3 May 2018.
  2. 2.
    Voznak, M., Kapicak, L., Zdralek, J., Nevlud, P., Plucar, J.: Multimedia services in asterisk based on voiceXML. Int. J. Math. Models Methods Appl. Sci. 5(5), 857–865 (2011)Google Scholar
  3. 3.
    Voznak, M., Rezac, F.: Threats to voice over IP communications systems. WSEAS Trans. Comput. 9(11), 1348–1358 (2010)Google Scholar
  4. 4.
    Nevlud, P., Bures, M., Kapicak, L., Zdralek, J.: Anomaly-based network intrusion detection methods. Adv. Electr. Electron. Eng. 11(6), 468–474 (2013)Google Scholar
  5. 5.
    Sisalem, D., Floroiu, J., Kuthan, J., Abend, U., Schulzrinne, H.: SIP Security. Wiley Blackwell, Hoboken (2009)CrossRefGoogle Scholar
  6. 6.
    Rezac, F., Voznak, M., Tomala, K., Rozhon, J., Vychodil, J.: Security analysis system to detect threats on a SIP VoIP infrasctructure elements. Adv. Electr. Electron. Eng. 9(5), 225–232 (2011)Google Scholar
  7. 7.
    Safarik, J., Partila, P., Rezac, F., Macura, L., Voznak, M.: Automatic classification of attacks on IP telephony. Adv. Electr. Electron. Eng. 11(6), 481–486 (2013)Google Scholar
  8. 8.
    Voznak, M., Safarik, J., Rezac, F.: Threat prevention and intrusion detection in VoIP infrastructures. Int. J. Math. Comput. Simul. 7(1), 69–76 (2013)Google Scholar
  9. 9.
    Voznak, M., Rozhon, J.: SIP infrastructure performance testing. In: 9th WSEAS International Conference on Telecommunications and Informatics, TELE-INFO 2010 , pp. 153–158 (2010)Google Scholar
  10. 10.
    Rozhon, J., Voznak, M.: SIP registration burst load test. In: Communications in Computer and Information Science, vol. 189. CCIS(PART 2), pp. 329–336 (2011)Google Scholar
  11. 11.
    Vennila, G., Manikandan, M., Suresh, M.: Detection and prevention of spam over internet telephony in voice over internet protocol networks using Markov chain with incremental SVM. Int. J. Commun. Syst. 30(11) (2017)Google Scholar
  12. 12.
    Voznak, M., Rezac, F.: The implementation of SPAM over Internet telephony and a defence against this attack. In: TSP 2009: 32nd International Conference on Telecommunications and Signal Processing, pp. 200–203 (2009)Google Scholar
  13. 13.
    Open-source project. Mentat - distributed modular Security Information and Event Management System. Cesnet, 25 August 2017. Accessed 17 Mar 2018

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.Faculty of Electrical Engineering and Computer ScienceVSB-Technical University of OstravaOstravaCzech Republic

Personalised recommendations