Attack Modeling of SIP-Oriented SPIT

  • John Mallios
  • Stelios Dritsas
  • Bill Tsoumas
  • Dimitris Gritzalis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5141)


The use of IP networks for telephony applications (VoIP) is becoming increasingly popular, mainly due to its advantages in terms of communication and multimedia services. This fact may also shift several problems from the Internet context, such as spam, which - in the VoIP case - has been identified as SPIT. In this paper, we propose an abstract model for describing SPIT attack strategies by incorporating the underlying threats and vulnerabilities of the VoIP technology regarding SPIT phenomenon. Our model is mainly focused on the signaling part of VoIP sessions (i.e. the SIP protocol), and it is based on the representation of attacks through attack graphs and attack trees. We also demonstrate how this model could be used for the development of a set of reusable attack scenarios (patterns), with an eye towards the development of a SPIT Detection System.


SPIT VoIP Attack Modeling Attack Graphs Attack Trees 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Rosenberg, J., et al.: Session Initiation Protocol (SIP), RFC 3261 (June 2002)Google Scholar
  2. 2.
    Schulzrinne, H., Casner, S., Frederick, R., Jacobson, V.: RTP: A Transport Protocol for Real-Time Applications, RFC 1889, IETF (January 1996)Google Scholar
  3. 3.
    Rosenberg, J., Jennings, C.: The Session Initiation Protocol and Spam, draft-ietf-sipping-spam-03 (October 2006)Google Scholar
  4. 4.
    Marias, J., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: SIP vulnerabilities and anti-SPIT mechanisms assessment. In: Proc. of the 16th IEEE International Conference on Computer Communications and Networks (IC3N 2007). IEEE Press, Los Alamitos (2007)Google Scholar
  5. 5.
    Dritsas, S., Mallios, J., Theoharidou, M., Marias, G., Gritzalis, D.: Threat analysis of the Session Initiation Protocol regarding spam. In: Proc. of the 3rd IEEE International Workshop on Information Assurance (WIA 2007), pp. 426–433. IEEE Press, Los Alamitos (2007)Google Scholar
  6. 6.
    Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Proc. of Recent Advances in Intrusion Detection, pp. 127–144. Springer, Germany (2006)CrossRefGoogle Scholar
  7. 7.
    Jha, S., Sheyner, O., Wing, J.: Two Formal Analyses of Attack Graphs. In: Proc. of the 15th IEEE Computer Security Foundations Workshop, pp. 49–63. IEEE Press, Los Alamitos (2002)Google Scholar
  8. 8.
    Mauw, S., Oostdijk, M.: Foundations of attack trees. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 186–198. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  9. 9.
    Dantu, R., Loper, K., Kolan, P.: Risk Management Using Behavior Based Attack Graphs. In: Proc. of the IEEE International Conference on Information Technology (ITCC), pp. 445–450. IEEE Press, Las Vegas (2004)Google Scholar
  10. 10.
    Ning, P., Xu, D.: Learning attack strategies from intrusion alerts. In: Proc. of the 10th ACM Conference on Computer and Communication Security, pp. 200–209. ACM Press, New York (2003)CrossRefGoogle Scholar
  11. 11.
    Schneier, B.: Attack trees: Modeling security threats. Dr. Dobb’s Journal (December 1999)Google Scholar
  12. 12.
    Wang, L., Noel, S., Jajodia, S.: Minimum-Cost Network Hardening Using Attack Graphs. Computer Communications 29(18), 3812–3824 (2006)CrossRefGoogle Scholar
  13. 13.
    Opel, A.: Design and Implementation of a Support Tool for Attack Trees, Internship Thesis, Otto-von-Guericke University Magdeburg (March 2005)Google Scholar
  14. 14.
    Steffan, J., Schumacher, M.: Collaborative Attack Modeling. In: Proc. of the 2002 ACM Symposium on Applied Computing, pp. 253–259. ACM Press, New York (2002)CrossRefGoogle Scholar
  15. 15.
    Helmer, G., Wong, J., Slagell, M., Honavar, V., Miller, L.: A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System. In: Proc. of the ACM Symposium on Requirements Engineering for Information Security, USA (2001)Google Scholar
  16. 16.
    Kotapati, K., Liu, P., LaPorta, T.: CAT - A Practical Graph and SDL Based Toolkit for Vulnerability Assessment of 3G Networks. In: Proc. of the 21st IFIP International Information Security Conference (SEC 2006), May 2006, pp. 158–170. Springer, Sweden (2006)Google Scholar
  17. 17.
    Sheyner, O., Wing, J.: Tools for Generating and Analyzing Attack Graphs. In: Proc. of the Workshop on Formal Methods for Components and Objects. LNCS, pp. 344–371. Springer, The Neterlands (2004)CrossRefGoogle Scholar
  18. 18.
    Moore, A., Ellison, R., Linger, R.: Attack modeling for information security and survivabil, Software Engineering Institute Technical Report CMU/SEI-2001 (2001)Google Scholar
  19. 19.
    Vigna, G., Eckmann, S., Kemmerer, R.: Attack Languages. In: Proc. of the IEEE Information Survivability Workshop, pp. 163–166. IEEE Press, Los Alamitos (2000)Google Scholar
  20. 20.
    VOIPSA, VoIP Security and Privacy Threat Taxonomy (October 2005),
  21. 21.
    El Sawda, S., Urien, P.: SIP Security Attacks and Solutions: A state-of-the-art review. In: Proc. of IEEE International Conference on Information & Communication Technologies: From Theory to Applications (ICTTA 2006), Syria, April 2006, vol. 2, pp. 3187–3191 (2006)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • John Mallios
    • 1
  • Stelios Dritsas
    • 1
  • Bill Tsoumas
    • 1
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security and Critical Infrastructure Protection Research Group Dept. of InformaticsAthens University of Economics & Business (AUEB)AthensGreece

Personalised recommendations