Labeled VoIP Data-Set for Intrusion Detection Evaluation

Document Type


Publication Date


Subject: LCSH

Intrusion detection systems (Computer security), Session Initiation Protocol (Computer network protocol), Internet Relay Chat, Multimedia communications, TCP/IP (Computer network protocol)


Computer Engineering | Computer Sciences | Electrical and Computer Engineering


VoIP has become a major application of multimedia communications over IP. Many initiatives around the world focus on the detection of attacks against VoIP services and infrastructures. Because of the lack of a common labeled data-set similarly to what is available in TCP/IP network-based intrusion detection, their results can not be compared. VoIP providers are not able to contribute their data because of user privacy agreements. In this paper, we propose a framework for customizing and generating VoIP traffic within controlled environments. We provide a labeled data-set generated in two types of SIP networks. Our data-set is composed of signaling and other protocol traces, call detail records and server logs. By this contribution we aim to enable the works on VoIP anomaly and intrusion detection to become comparable through its application to common datasets.


Article is part of Networked Services and Applications - Engineering, Control and Management, 16th EUNICE/IFIP WG 6.6 Workshop, EUNICE 2010, Trondheim, Norway, June 28-30, 2010. Proceedings.



Publisher Citation

Nassar M., State R., Festor O. (2010) Labeled VoIP Data-Set for Intrusion Detection Evaluation. In: Aagesen F.A., Knapskog S.J. (eds) Networked Services and Applications - Engineering, Control and Management. EUNICE 2010. Lecture Notes in Computer Science, vol 6164. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13971-0_10

Check your library