1. Field
The present invention relates to computers and computer networks. More particularly, the present invention relates to Voice over IP (VoIP) traffic behavior profiling method.
2. Description of Related Art
Voice over IP (VoIP) allows users to make phone calls over the Internet, or any other IP network, using the packet switched network as a transmission medium rather than the traditional circuit transmissions of the Public Switched Telephone Network (PSTN). VoIP has come a long way since its first rudimentary applications provided erratic yet free phone calls over the unmanaged Internet. VoIP technology has reached a point of being comparable in terms of grade voice quality with traditional PSTN yet consuming only a fraction of the bandwidth required by TDM networks. The maturity of VoIP standards and quality of service (QoS) on IP networks opens up new possibilities for carrier applications. Consolidation of voice and data on one network maximizes network efficiency, streamlines the network architecture, reduce capital and operational costs, and opens up new service opportunities. At the same time, VoIP enables new multimedia service opportunities, such as Web-enabled multimedia conferencing, unified messaging, etc, while being much cheaper.
VoIP offers compelling advantages but it also presents a security paradox. The very openness and ubiquity that make IP networks such powerful infrastructures also make them a liability. Risks include Denial of Service (DoS), Service Theft, Unauthorized Call Monitoring, Call Routing Manipulation, Identity Theft and Impersonation, among others. Not only does VoIP inherit all data security risks, but it introduces new vehicles for threats related to the plethora of new emerging VoIP protocols that have yet to undergo detailed security analysis and scrutiny. But just how serious are the threats posed to VoIP? Recently, there have been a string of attacks against either the VoIP infrastructure or end users. In one such incident, early June of 2006, two men were arrested for fraudulently routing approximately $500,000 worth of calls illegally over the VoIP network belonging to Net2Phone, a Newark, N.J., VoIP provider. Fifteen Internet phone companies were reported as the victims of this attack. More recently, ISS posted a report about a Denial-of-Service vulnerability in the IAX2 implementation of Asterisk, an open source software PBX. This vulnerability relates to the amount of time that a pending (but not yet authenticated) call is allowed to exist in memory on the server. New terms start to be coined over time just for VoIP attacks; “Vishing”, is now used for phishing attacks using VoIP technology, or “Spit”, now used for spam over VoIP. Hence it is imperative for Service Providers to widely deploy scalable monitoring systems with powerful tools across their entire infrastructures such as to robustly shield their VoIP infrastructure and protect their service. Passive packet monitoring and capturing devices may be deployed in the underlying network hosting VoIP services, for example to capture the standard layer-3 (IP) and layer-4 (TCP/UDP) header information in well known layered network data models.