Development of a Distributed VoIP Honeypot System with Advanced Malicious Traffic Detection
The number of active users using Voice over IP (VoIP) services has an increasing tendency. With an expanding number of users, there is also a rapid increase in the number of hackers interested in attacking the VoIP communication system. This paper aims at detecting malicious SIP traffic and also deals with the security of the VoIP architecture issue. It is not a trivial matter to secure the VoIP system because exploiting the vulnerabilities of IP based telecommunication systems have increased. It is crucial to develop a tool that would be able to detect these attacks, analyse collected data, monitor attackers progress and to prepare an effective way of how to defend against VoIP attackers. That was the primary motivation why we have decided to develop our honeypot solution which can detect attacks on VoIP infrastructure, and it is adapted to the new security threats and which is designed according to the needs of the telecommunications market. Our VoIP honeypot is implemented purely in JAVA programming language and is capable of capturing and processing various types of attacks. The whole project is based on a Linux distribution, ready for the easiest deployment because it is prepared as a virtual machine image.
KeywordsVoIP Honeypot Flood DoS Spit Attacks
This work was supported by the VSB-Technical University of Ostrava, Czech Republic - Networks and Telecommunications Technologies for Smart Cities under SGS Grant SP2018/59.
- 1.Behan, L., Kapicak, L., Jalowiczor, J.: Development and implementation of VoIP honeypots with wide range of analysis. In: Proceedings of SPIE 10630, Cyber Sensing 2018, vol. 106300S, 3 May 2018. https://doi.org/10.1117/12.2304602
- 2.Voznak, M., Kapicak, L., Zdralek, J., Nevlud, P., Plucar, J.: Multimedia services in asterisk based on voiceXML. Int. J. Math. Models Methods Appl. Sci. 5(5), 857–865 (2011)Google Scholar
- 3.Voznak, M., Rezac, F.: Threats to voice over IP communications systems. WSEAS Trans. Comput. 9(11), 1348–1358 (2010)Google Scholar
- 4.Nevlud, P., Bures, M., Kapicak, L., Zdralek, J.: Anomaly-based network intrusion detection methods. Adv. Electr. Electron. Eng. 11(6), 468–474 (2013)Google Scholar
- 6.Rezac, F., Voznak, M., Tomala, K., Rozhon, J., Vychodil, J.: Security analysis system to detect threats on a SIP VoIP infrasctructure elements. Adv. Electr. Electron. Eng. 9(5), 225–232 (2011)Google Scholar
- 7.Safarik, J., Partila, P., Rezac, F., Macura, L., Voznak, M.: Automatic classification of attacks on IP telephony. Adv. Electr. Electron. Eng. 11(6), 481–486 (2013)Google Scholar
- 8.Voznak, M., Safarik, J., Rezac, F.: Threat prevention and intrusion detection in VoIP infrastructures. Int. J. Math. Comput. Simul. 7(1), 69–76 (2013)Google Scholar
- 9.Voznak, M., Rozhon, J.: SIP infrastructure performance testing. In: 9th WSEAS International Conference on Telecommunications and Informatics, TELE-INFO 2010 , pp. 153–158 (2010)Google Scholar
- 10.Rozhon, J., Voznak, M.: SIP registration burst load test. In: Communications in Computer and Information Science, vol. 189. CCIS(PART 2), pp. 329–336 (2011)Google Scholar
- 11.Vennila, G., Manikandan, M., Suresh, M.: Detection and prevention of spam over internet telephony in voice over internet protocol networks using Markov chain with incremental SVM. Int. J. Commun. Syst. 30(11) (2017)Google Scholar
- 12.Voznak, M., Rezac, F.: The implementation of SPAM over Internet telephony and a defence against this attack. In: TSP 2009: 32nd International Conference on Telecommunications and Signal Processing, pp. 200–203 (2009)Google Scholar
- 13.Open-source project. Mentat - distributed modular Security Information and Event Management System. Cesnet, 25 August 2017. https://mentat.cesnet.cz/en/index. Accessed 17 Mar 2018