The Community for Technology Leaders
Green Image
ABSTRACT
Voice over IP (VoIP) a.k.a. Internet telephony is gaining market share rapidly and now competes favorably as one of the visible applications of the Internet. Nevertheless, being an application running over the TCP/IP protocol suite, it is susceptible to flooding attacks. If flooded, being a time-sensitive service, VoIP voice quality may show noticeable degradation and even encounter sudden service disruptions. Because multiple protocols are involved in VoIP service, and most of them are susceptible to flooding, an effective solution must be able to detect and overcome hybrid floods. As a solution, we offer \emph{VoIP Flood Detection Systems (vFDS)}---an online, statistical anomaly detection framework that generates alerts based on abnormal variations in a selected hybrid collection of traffic flows. It does so by viewing collections of related packet streams as evolving probability distributions and measuring abnormal variations in their relationships using the \emph{Hellinger distance}---a measure of variability between two probability distributions. Experimental results show that vFDS is fast and accurate in detecting flooding attacks, without noticeably increasing call setup times or introducing jitter into the voice streams.
INDEX TERMS
Network-level security and protection, Communication/Networking and Information Technology
CITATION
Haining Wang, Duminda Wijesekera, Hemant Sengar, Sushil Jajodia, "Detecting VoIP Floods Using the Hellinger Distance", IEEE Transactions on Parallel & Distributed Systems, vol. 19, no. , pp. 794-805, June 2008, doi:10.1109/TPDS.2007.70786
100 ms
(Ver 3.3 (11022016))