SFADS: A SIP flooding attack detection scheme with the internal and external detection features in IMS networks

Qibo Sun, Shangguang Wang, Ning Lu, Kok Seng Wong, Myung Ho Kim

Research output: Contribution to journalArticle


IP Multimedia Subsystem (IMS) is a standardized Next Generation Networking (NGN) architecture. It takes Session Initiation Protocol (SIP) as the core signaling protocol of IMS and NGN. With IMS networks widespread deployment, SIP flooding attacks are becoming into a major threat to IMS network. However, the existing SIP flooding attack detection schemes are inefficient for detecting lowrate SIP flooding attacks and are lacking in poor recovery for detecting high-rate SIP flooding attacks. In this paper, we propose a novel SIP flooding attack detection scheme with the internal and external detection features in IMS networks, called SFADS (SIP flooding attack detection scheme). In SFADS, based on the analysis of SIP flooding attacks, we first extract the abrupt change of SIP session request as the external detection feature, and the abnormal abrupt change of difference between the sequence of legitimate SIP session establishment and the SIP session request messages as the internal detection feature. Then we use the improved cumulative sum control chart algorithm to analyze the two detection features. Finally, we take the analysis data as inputs and adopt Fuzzy Logic to detect SIP flooding attacks. To investigate the detection performance of the proposed SFADS, we conduct simulations with the prototype implement in an IMS network testbed. Simulation results show the performance of the proposed SFADS is better than that of other schemes.

Original languageEnglish
Pages (from-to)1327-1338
Number of pages12
JournalJournal of Internet Technology
Issue number7
Publication statusPublished - Jan 1 2016



  • Cumulative sum control chart
  • Detection feature
  • Fuzzy logic
  • IMS network
  • SIP flooding attacks

ASJC Scopus subject areas

  • Software
  • Computer Networks and Communications

Cite this