Architecture for Trapping Toll Fraud Attacks Using a VoIP Honeynet Approach

  • Markus Gruber
  • Christian Schanes
  • Florian Fankhauser
  • Martin Moutran
  • Thomas Grechenig
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7873)


Voice over IP systems are more and more replacing Public Switched Telephone Network infrastructures. The number of voice telephony installations and the number of Session Initiation Protocol users is constantly increasing. Attacks against Voice over IP systems are becoming more imaginative and many attacks can cause financial damage, e.g., attackers gain money or create costs for the victim. Therefore, the dependency on available and secure Voice over IP systems to conduct secure business is given. We provide an environment to uncover real-world toll fraud attacks by collecting data using a Voice over IP honeynet solution.


Internet Protocol Internet Protocol Address Public Switch Telephone Network Internet Protocol Packet Voice Pattern 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Al-Allouni, H., Rohiem, A.E., Hashem, M., El-moghazy, A., Ahmed, A.E.-A.: Voip denial of service attacks classification and implementation. In: National Radio Science Conference (NRSC), pp. 1–12 (2009)Google Scholar
  2. 2.
    Blake, E.A.: Network security: Voip security on data network–a guide. In: InfoSecCD 2007: Proceedings of the 4th Annual Conference on Information Security Curriculum Development, pp. 1–7. ACM, New York (2007)Google Scholar
  3. 3.
    Butcher, D., Li, X., Guo, J.: Security challenge and defense in voip infrastructures. IEEE Transactions on Systems, Man, and Cybernetics, Part C: Applications and Reviews 37(6), 1152–1162 (2007)CrossRefGoogle Scholar
  4. 4.
    Dainotti, A., King, A., Claffy, K., Papale, F., Pescapè, A.: Analysis of a ”/0” stealth scan from a botnet. In: Proceedings of the 2012 ACM Conference on Internet Measurement Conference, IMC 2012, pp. 1–14. ACM, New York (2012)CrossRefGoogle Scholar
  5. 5.
    Endler, D., Collier, M.: Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions. McGraw-Hill, Inc., New York (2007)Google Scholar
  6. 6.
    Gauci, S.: Distributed sip scanning during halloween weekend, (last accessed: January 12, 2013)
  7. 7.
    Gruber, M., Fankhauser, F., Taber, S., Schanes, C., Grechenig, T.: Trapping and analyzing malicious voip traffic using a honeynet approach. In: The 6th International Conference on Internet Technology and Secured Transactions (ICITST), pp. 442–447 (December 2011)Google Scholar
  8. 8.
    Hofbauer, S., Beckers, K., Quirchmayr, G., Sorge, C.: A lightweight privacy preserving approach for analyzing communication records to prevent voip attacks using toll fraud as an example. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 992–997 (June 2012)Google Scholar
  9. 9.
    Hoffstadt, D., Marold, A., Rathgeb, E.: Analysis of sip-based threats using a voip honeynet system. In: 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom), pp. 541–548 (June 2012)Google Scholar
  10. 10.
    Nassar, M., State, R., Festor, O.: Voip malware: Attack tool & attack scenarios. In: IEEE International Conference on Communications, ICC 2009, pp. 1–6 (June 2009)Google Scholar
  11. 11.
    Ruiz-Agundez, I., Penya, Y.K., Bringas, P.G.: Fraud detection for voice over IP services on next-generation networks. In: Samarati, P., Tunstall, M., Posegga, J., Markantonakis, K., Sauveron, D. (eds.) WISTP 2010. LNCS, vol. 6033, pp. 199–212. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  12. 12.
    SANS Internet Storm Center. Port details — sans internet storm center, (last accessed: January 12, 2013)
  13. 13.
    Spitzner, L.: The honeynet project: trapping the hackers. IEEE Security & Privacy Magazine 1(2), 15–23 (2003)CrossRefGoogle Scholar
  14. 14.
    Valli, C., Al-Lawati, M.: Developing robust voip router honeypots using device fingerprints. In: 1st International Cyber Resilience Conference (August 2010)Google Scholar
  15. 15.
    VoIP Security Alliance. Voipsa, voip security and privacy threat taxonomy, (last accessed: January 12, 2013)

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Markus Gruber
    • 1
  • Christian Schanes
    • 1
  • Florian Fankhauser
    • 1
  • Martin Moutran
    • 1
  • Thomas Grechenig
    • 1
  1. 1.Research Group for Industrial SoftwareVienna University of TechnologyViennaAustria

Personalised recommendations