%0 Conference Proceedings
%T Hunting SIP Authentication Attacks Efficiently
%+ Czech Technical University in Prague (CTU)
%+ CESNET [Prague]
%A Jansky, Tomáš
%A Čejka, Tomáš
%A Bartoš, Václav
%Z Part 4: Short Papers: Security, Intrusion Detection, and Configuration
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 11th IFIP International Conference on Autonomous Infrastructure, Management and Security (AIMS)
%C Zurich, Switzerland
%Y Daphne Tuncer
%Y Robert Koch
%Y Rémi Badonnel
%Y Burkhard Stiller
%I Springer International Publishing
%3 Security of Networks and Services in an All-Connected World
%V LNCS-10356
%P 125-130
%8 2017-07-10
%D 2017
%R 10.1007/978-3-319-60774-0_9
%Z Computer Science [cs]
%Z Computer Science [cs]/Networking and Internet Architecture [cs.NI]Conference papers
%X Extended flow records with application layer (L7) information allow for detection of various types of malicious traffic. Voice over IP (VoIP) is an example of technology that works on L7 and many attacks against it cannot be reliably detected using just basic flow information. Session Initiation Protocol (SIP), which is commonly used for VoIP signalling, is a frequent target of many types of attacks. This paper proposes and evaluates a novel algorithm for near real time detection of username scanning and password guessing attacks on SIP servers. The detection is based on analysis of L7 extended flow records.
%G English
%Z TC 6
%Z WG 6.6
%2 https://inria.hal.science/hal-01806064/document
%2 https://inria.hal.science/hal-01806064/file/452969_1_En_9_Chapter.pdf
%L hal-01806064
%U https://inria.hal.science/hal-01806064
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-TC
%~ IFIP-TC6
%~ IFIP-AIMS
%~ IFIP-WG6-6
%~ IFIP-LNCS-10356