Monitoring SIP Traffic Using Support Vector Machines
Author URLs
Document Type
Article
Publication Date
2008
Subject: LCSH
Intrusion detection systems (Computer security), Anomaly detection (Computer security)
Disciplines
Computer Engineering | Computer Sciences | Electrical and Computer Engineering
Abstract
We propose a novel online monitoring approach to distinguish between attacks and normal activity in SIP-based Voice over IP environments. We demonstrate the efficiency of the approach even when only limited data sets are used in learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and uses Support Vector Machines for classification. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy of detecting SPIT and flooding attacks and promising performance for an online deployment are measured.
DOI
10.1007/978-3-540-87403-4_17
Repository Citation
Nassar, Mohamed; State, Radu; and Festor, Olivier, "Monitoring SIP Traffic Using Support Vector Machines" (2008). Electrical & Computer Engineering and Computer Science Faculty Publications. 105.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/105
Publisher Citation
Nassar M., State R., Festor O. (2008) Monitoring SIP Traffic Using Support Vector Machines. In: Lippmann R., Kirda E., Trachtenberg A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_17
Comments
Article is part of the conference proceeding, RAID: International Workshop on Recent Advances in Intrusion Detection. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings.