Exploiting SIP for botnet communication
作者: Andreas Berger , Mohamed Hefeeda
DOI: 10.1109/NPSEC.2009.5342244
关键词:
摘要: The Session Initiation Protocol (SIP) implements methods for generic service discovery and versatile messaging. It is, therefore, expected to be a key component in many telecommunication Internet services. For example, the 3GPP IP Multimedia Subsystem relies heavily on SIP. Given its critical role, ensuring security of SIP is clearly crucial task. In this paper, we analyze protocol show that it can easily exploited mount effective large-scale botnets. We do by scrutinizing details how offers variety ways conceal botnet traffic within legitimate-looking traffic. Using our analysis, implement bot present experimental results from real testbed network. addition, employ statistics collected large provider discuss implications both design detection. Finally, software tool (called autosip) generate synthetic resembles actual with different controllable characteristics. proposed quite useful researchers working area who may not have access dumps providers.
sci-hub.se 参考文章(13)
David Dagon, Cliff Changchun Zou, Wenke Lee, Modeling Botnet Propagation Using Time Zones. network and distributed system security symposium. ,(2006)
Gonzalo Camarillo, Miguel A. García-Martín, The 3G IP Multimedia Subsystem: Merging the Internet and the Cellular Worlds John Wiley & Sons, Ltd. ,(2008) , 10.1002/047087158X
Guofei Gu, Wenke Lee, Junjie Zhang, BotSniffer: Detecting Botnet Command and Control Channels in Network Traffic network and distributed system security symposium. ,(2008)
Roberto Perdisci, Guofei Gu, Wenke Lee, Junjie Zhang, BotMiner: clustering analysis of network traffic for protocol- and structure-independent botnet detection usenix security symposium. pp. 139- 154 ,(2008)
W. Timothy Strayer, David Lapsely, Robert Walsh, Carl Livadas, Botnet Detection Based on Network Behavior Botnet Detection. pp. 1- 24 ,(2008) , 10.1007/978-0-387-68768-1_1
Yinglian Xie, Qifa Ke, Eliot Gillum, Yuan Yu, Yan Chen, Fang Yu, Yao Zhao, BotGraph: large scale spamming botnet detection networked systems design and implementation. pp. 321- 334 ,(2009)
Felix Freiling, Ernst Biersack, Moritz Steiner, Frederic Dahl, Thorsten Holz, Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats. pp. 9- ,(2008)
Petar Maymounkov, David Mazières, Kademlia: A Peer-to-Peer Information System Based on the XOR Metric international workshop on peer to peer systems. pp. 53- 65 ,(2002) , 10.1007/3-540-45748-8_5
Jonathan D. Rosenberg, A Presence Event Package for the Session Initiation Protocol (SIP) RFC. ,vol. 3856, pp. 1- 27 ,(2004)
Ben Campbell, Jonathan Rosenberg, Henning Schulzrinne, C. Huitema, David Gurle, None, Session Initiation Protocol (SIP) Extension for Instant Messaging RFC. ,vol. 3428, pp. 1- 18 ,(2002)