@misc{9253,
  keywords = {Conference},
  author = {Adnan Aziz and Dirk Hoffstadt and Thomas Dreibholz and Erwin Rathgeb},
  title = {A Distributed Infrastructure to Analyse SIP Attacks in the Internet},
  abstract = {VoIP systems, based on the Session Initiation Protocol\~(SIP), are becoming more and more widespread in the Internet. However, this creates security issues and opens up new opportunities for misuse and fraud. The most widespread threat are multi-stage attacks to commit Toll Fraud. To devise effective countermeasures, it is crucial to know how attacks on these systems are performed in reality. In this paper, we introduce a novel distributed monitoring system with Sensor nodes located in Norway, Germany and China that allow to detect SIP-based attacks from the Internet. Based on experiences from experiments spanning several years, we propose a new setup which allows simple and straightforward addition of new remote observation points. We have deployed this setup in the NorNet testbed and highlight its advantages compared to a previous setup with physically distributed Sensors. We also present results from a 45 day field test with 13 observation points. These results confirm the advantages of a widely distributed monitoring setup and give some new insights into the behavior of the attackers.},
  year = {2014},
  journal = {Proceedings of the IFIP Networking Conference (Networking 2014)},
  month = {June},
  publisher = {IFIP},
}