Full Text Available
Note: Clicking the button above will open the full text document at the original institutional repository in a new window.
A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments
Includes abstract.
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Thesis |
| Language: | English |
| Published: |
Department of Electrical Engineering
2014
|
| Subjects: | |
| Tags: |
No Tags, Be the first to tag this record!
|
| _version_ | 1867613171154419712 |
|---|---|
| access_status_str | Open Access |
| author | Barry, Bazara I A |
| author2 | Chan, H Anthony |
| author_browse | Barry, Bazara I A Chan, H Anthony |
| author_facet | Chan, H Anthony Barry, Bazara I A |
| author_sort | Barry, Bazara I A |
| collection | Thesis |
| description | Includes abstract. |
| format | Thesis |
| id | oai:open.uct.ac.za:11427/5241 |
| institution | University of Cape Town (South Africa) |
| language | eng |
| last_indexed | 2026-06-10T12:31:53.390Z |
| license_str | Not specified — see source repository |
| provenance_str_mv | Harvested via OAI-PMH from UCTD — University of Cape Town Open Access Repository |
| publishDate | 2014 |
| publishDateRange | 2014 |
| publishDateSort | 2014 |
| publisher | Department of Electrical Engineering |
| publisherStr | Department of Electrical Engineering |
| record_format | dspace |
| source_str | UCTD — University of Cape Town Open Access Repository |
| spelling | oai:open.uct.ac.za:11427/5241 A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments Barry, Bazara I A Chan, H Anthony Electrical Engineering Includes abstract. Includes bibliographical references (leaves 134-140). Voice and data have been traditionally carried on different types of networks based on different technologies, namely, circuit switching and packet switching respectively. Convergence in networks enables carrying voice, video, and other data on the same packet-switched infrastructure, and provides various services related to these kinds of data in a unified way. Voice over Internet Protocol (VoIP) stands out as the standard that benefits from convergence by carrying voice calls over the packet-switched infrastructure of the Internet. Although sharing the same physical infrastructure with data networks makes convergence attractive in terms of cost and management, it also makes VoIP environments inherit all the security weaknesses of Internet Protocol (IP). In addition, VoIP networks come with their own set of security concerns. Voice traffic on converged networks is packet-switched and vulnerable to interception with the same techniques used to sniff other traffic on a Local Area Network (LAN) or Wide Area Network (WAN). Denial of Service attacks (DoS) are among the most critical threats to VoIP due to the disruption of service and loss of revenue they cause. VoIP systems are supposed to provide the same level of security provided by traditional Public Switched Telephone Networks (PSTNs), although more functionality and intelligence are distributed to the endpoints, and more protocols are involved to provide better service. A new design taking into consideration all the above factors with better techniques in Intrusion Detection are therefore needed. This thesis describes the design and implementation of a host-based Intrusion Detection System (IDS) that targets VoIP environments. Our intrusion detection system combines two types of modules for better detection capabilities, namely, a specification-based and a signaturebased module. Our specification-based module takes the specifications of VoIP applications and protocols as the detection baseline. Any deviation from the protocol’s proper behavior described by its specifications is considered anomaly. The Communicating Extended Finite State Machines model (CEFSMs) is used to trace the behavior of the protocols involved in VoIP, and to help exchange detection results among protocols in a stateful and cross-protocol manner. The signature-based module is built in part upon State Transition Analysis Techniques which are used to model and detect computer penetrations. Both detection modules allow for protocol-syntax and protocol-semantics awareness. Our intrusion detection uses the aforementioned techniques to cover the threats propagated via low-level protocols such as IP, ICMP, UDP, and TCP. 2014-07-31T11:00:07Z 2014-07-31T11:00:07Z 2008 Doctoral Thesis Doctoral PhD http://hdl.handle.net/11427/5241 eng application/pdf Department of Electrical Engineering Faculty of Engineering and the Built Environment University of Cape Town |
| spellingShingle | Electrical Engineering Barry, Bazara I A A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| thesis_degree_str | Doctoral |
| title | A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| title_full | A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| title_fullStr | A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| title_full_unstemmed | A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| title_short | A hybrid and cross-protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in Voice over IP environments |
| title_sort | hybrid and cross protocol architecture with semantics and syntax awareness to improve intrusion detection efficiency in voice over ip environments |
| topic | Electrical Engineering |
| url | http://hdl.handle.net/11427/5241 |
| work_keys_str_mv | AT barrybazaraia ahybridandcrossprotocolarchitecturewithsemanticsandsyntaxawarenesstoimproveintrusiondetectionefficiencyinvoiceoveripenvironments AT barrybazaraia hybridandcrossprotocolarchitecturewithsemanticsandsyntaxawarenesstoimproveintrusiondetectionefficiencyinvoiceoveripenvironments |