Collaborative scheme for VoIP traceback

While voice over IP (VoIP) services have brought many desirable communication features to the general public, they have also become a medium through which criminals communicate and conduct illegal activities e.g., fraud and blackmail without being intercepted by law enforcement agencies (LEAs). Previous research on IP traceback focused on tracking IP addresses on the network layer. The mechanisms developed thus far, however, require an inefficient and sometimes infeasibly large amount of router and network support.In this paper, we propose a collaborative forensics mechanism that cooperates with related network operators (NWO) and service providers (SvP) in tracing back VoIP calls without depending on routers throughout the full trace path. We discuss the various kinds of attacks of VoIP services and the characteristics of VoIP service requests as they pertain to those attacks. Additionally, we propose a procedure for identifying forged header field values (HFVs) on SIP requests, and introduce the concept of active forensics. This can lead to a reduction in the probability of important information being deleted by the time collaborative forensics is initiated, and thus assist law enforcement agencies in intercepting criminals. We also describe extended applications for traceback for attacks resulting in Distributed Denial of Service and those involving mobile phones.