Title

Monitoring SIP Traffic Using Support Vector Machines

Document Type

Article

Publication Date

2008

Subject: LCSH

Intrusion detection systems (Computer security), Anomaly detection (Computer security)

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering

Abstract

We propose a novel online monitoring approach to distinguish between attacks and normal activity in SIP-based Voice over IP environments. We demonstrate the efficiency of the approach even when only limited data sets are used in learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and uses Support Vector Machines for classification. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy of detecting SPIT and flooding attacks and promising performance for an online deployment are measured.

Comments

Article is part of the conference proceeding, RAID: International Workshop on Recent Advances in Intrusion Detection. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings.

DOI

10.1007/978-3-540-87403-4_17

Publisher Citation

Nassar M., State R., Festor O. (2008) Monitoring SIP Traffic Using Support Vector Machines. In: Lippmann R., Kirda E., Trachtenberg A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-87403-4_17

Check your library

Share

COinS