Date Added: Jan 2011
This paper presents the design and analysis of a multilayer protection scheme against Denial-of-Service (DoS) attacks in IP telephony enabled enterprise networks. While there are many types of DoS attacks, the authors focus on flood-based attacks using application layer and transport layer signaling messages in IP telephony. They design sensors to detect and control these types of attacks and consider different location of these sensors in the enterprise network. The algorithm for detecting these attacks is based on the well established non-parametric cumulative sum method. The response to the attack uses standard protocol features of IP telephony to control the number of incoming application and transport layer setup requests. They consider different recovery algorithms and compare their performance using the emulation toolkit.