Distributed intrusion detection scheme for next generation networks

IP Multimedia Subsystem (IMS) is a next generation network that provides the hypermedia services as data, voice and video to users. Due to high level requirements for IMS services, new kinds of network attacks are endlessly emerging. Thus, it is of paramount importance to protect the networks from attacks. Consequently, the Intrusion Detection Systems (IDS) are quickly becoming a popular requirement in building a network security infrastructure. Securing service and signalization is a vital feature in the IMS network. Signaling is generally based on Session Initiation Protocol (SIP) which offers numerous challenges regarding security which causes issues in IMS network. This work presents a study of SIP protocol and discovers the critical security vulnerabilities in the course of registration phase. We focused on DDoS attacks on IMS server using SIP particularly with REGISTER message and proposed a scheme based on multi agent systems for intrusion detection which takes the advantage of the distributed paradigm to implement an efficient distributed system, as well as the integration of existing techniques, i.e., the well-known IDS SNORT.