While perusing some documents related to SIP and Denial of service, we ran across some useful articles, papers, and presentations. They are summarized below, in no particular order:
“Denial of Service Attacks and SIP Infrastructure” by Dorgham Sisalem, Jiri Kuthan, and Günter Schäfer provides a good overview of different DoS attacks against SIP and includes countermeasures. It can be found here.
In the paper “On the impacts of low rate DoS attacks on VoIP traffic” by A. Shevtekar, J. Stille and N. Ansari, the authors examine low rate DoS against VoIP and how these types of attacks can affect the QoS sensitive traffic to reduce the overall call quality. It can be found here.
“Fast Detection of Denial-of-Service Attacks on IP Telephony” by Hemant Sengar, Haining Wang, Duminda Wijesekera, and Sushil Jajodia describes “vFDS” which is an online statistical detection system that can be used to detect DoS attacks directed against VoIP. This article can be found here.
In "Detecting DoS Attacks on SIP Systems", author Eric Chen uses the VoIPSA VoIP Threat Taxonomy as a basis for developing a finite state machine that detects malformed SIP requests and request floods. This article can be found here.
Authors Konrad Rieck, Stefan Wahl, Pavel Laskov, Peter Domschitz, and Klaus-Robert Müller describe a system that identifies anomalous VoIP content by categorizing SIP messages in a feature space and determining deviations from "normal" behavior. The system, entitled "A Self-Learning System for Detection of Anomalous SIP Messages" adapts to network changes by automatically retraining itself. It is available here.
A conceptual solution based on the Bayes inference approach and how it can be used to reinforce existing security mechanisms, is described by authors Mohamed Nassar, Radu State, and Olivier Festor in "Intrusion detection mechanisms for VoIP applications" It is available here.
"A survey of VoIP DoS attacks and their solutions" by Julius Schwartzenberg discusses a number of DoS attacks in VoIP services and their possible solutions. It is available here.
In "SPACEDIVE: A DISTRIBUTED INTRUSION DETECTION SYSTEM FOR VOICE-OVER-IP ENVIRONMENTS", authors Vinita Apte, Yu-Sung Wu, Saurabh Bagchi, Sachin Garg, and Navjot Singh propose the design of an intrusion detection system targeted to VoIP systems, called SPACEDIVE. SPACEDIVE is structured to detect different classes of intrusions, including, masquerading, denial of service, and media stream-based attacks. It can be installed at multiple points – clients, servers, or proxies, and can operate with both classes of protocols that compose VoIP systems – call management protocols, e.g., the Session Initiation Protocol (SIP), and media delivery protocols, e.g., the Real Time Transport Protocol (RTP). It is available here.
There are undoubtedly more articles relating to both SIP and DoS out there and if anyone has any recommended reading, please feel free to share.