First Nameizwa
Last NameAltaf
First Name 2Hira
Last Name 2Basharat
Supervisor NameDr. Humaira Ashraf
Universityinternational islamic university,Islamabad
KeywordsIDS, IMS , SIP
Publication Date27 August, 2017
DomainComputer Science / IT

Multi Agent Based Registration flooding Attack Detection and prevention in Volte

Abstract: In recent past years the internet usage became very popular among the mobile and internet users. As the clients are increasing day by day, it makes the network more vulnerable to the invaders and imposters. In IMS (IP multimedia Subsystem) sessions are create among the clients/users. To create and terminate these sessions SIP (Session Initiation Protocol) is used. SIP is a text based protocol, so all the communication among the clients is also text based, which is easily vulnerable to the attackers. Attackers acquire required information from SIP messages and using this information they launch attack on P-CSCF (Proxy Call Session Control Function) server. Attackers send floods of requests toward the P-CSCF server that create a bottleneck situation that make the server busy for legal user. To solve this problem multi agent based IDPS (Intrusion Detection and Prevention System) has been provided in this project to detect and prevent the registration flooding attacks on P-CSCF. Three separate engine ADE (Anomaly Detection Engine), MDE (Misuse Detection Engine) and CDE (Chi-square Detection Engine) are used to check the incoming requests; Alarm is generated in case of any suspicious requests detected by any engine. ADE, CDE and MDE work together to decrease the false alarm rate. In this project IDPS is placed between clients and Server, which will check every arriving and leaving request. It will prevent the attacker from initiation attacks on server and make the network more secure. IDPS also reduce the traffic towards the P-CSCF by blocking the attacker’s IP addresses.

Download Thesis