Modelling based approach for reconstructing evidence of VoIP malicious attacks

Abstract

Voice over Internet Protocol (VoIP) is a
new communication technology that uses
internet protocol in providing phone
services. VoIP provides various forms of
benefits such as low monthly fee and
cheaper rate in terms of long distance and
international calls. However, VoIP is
accompanied with novel security threats.
Criminals often take advantages of such
security threats and commit illicit activities.
These activities require digital forensic
experts to acquire, analyses, reconstruct and
provide digital evidence. Meanwhile, there
are various methodologies and models
proposed in detecting, analysing and
providing digital evidence in VoIP forensic.
However, at the time of writing this paper,
there is no model formalized for the
reconstruction of VoIP malicious attacks.
Reconstruction of attack scenario is an
important technique in exposing the
unknown criminal acts. Hence, this paper
will strive in addressing that gap. We
propose a model for reconstructing VoIP
malicious attacks. To achieve that, a formal
logic approach called Secure Temporal
Logic of Action(S-TLA+
) was adopted in
rebuilding the attack scenario. The expected
result of this model is to generate additional
related evidences and their consistency with
the existing evidences can be determined by
means of S-TLA+ model checker.