Monitoring SIP Traffic Using Support Vector Machines

Document Type


Publication Date


Subject: LCSH

Intrusion detection systems (Computer security), Anomaly detection (Computer security)


Computer Engineering | Computer Sciences | Electrical and Computer Engineering


We propose a novel online monitoring approach to distinguish between attacks and normal activity in SIP-based Voice over IP environments. We demonstrate the efficiency of the approach even when only limited data sets are used in learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and uses Support Vector Machines for classification. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy of detecting SPIT and flooding attacks and promising performance for an online deployment are measured.


Article is part of the conference proceeding, RAID: International Workshop on Recent Advances in Intrusion Detection. Recent Advances in Intrusion Detection, 11th International Symposium, RAID 2008, Cambridge, MA, USA, September 15-17, 2008. Proceedings.



Publisher Citation

Nassar M., State R., Festor O. (2008) Monitoring SIP Traffic Using Support Vector Machines. In: Lippmann R., Kirda E., Trachtenberg A. (eds) Recent Advances in Intrusion Detection. RAID 2008. Lecture Notes in Computer Science, vol 5230. Springer, Berlin, Heidelberg.

Check your library