A Framework for Monitoring SIP Enterprise Networks

Authors

Mohamed Nassar, University of New Haven, CT, USAFollow
Radu State, INRIA Research Center, Villers-les-Nancy, France
Olivier Festor, INRIA Research Center, NancyFollow

Author URLs

Dr. Mohamed Nassar's Faculty Profile.

Document Type

Article

Publication Date

9-2010

Subject: LCSH

Computer networks--Security measures, Internet telephony, Operating systems (Computers), Anomaly detection (Computer security)

Disciplines

Computer Engineering | Computer Sciences | Electrical and Computer Engineering

Abstract

In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification. Our approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.

Comments

Article published in the 2010 Fourth International Conference on Network and System Security.

University of New Haven community members can access the full-text here.

DOI

10.1109/NSS.2010.79

Repository Citation

Nassar, Mohamed; State, Radu; and Festor, Olivier, "A Framework for Monitoring SIP Enterprise Networks" (2010). Electrical & Computer Engineering and Computer Science Faculty Publications. 128.
https://digitalcommons.newhaven.edu/electricalcomputerengineering-facpubs/128

Publisher Citation

M. Nassar, R. State and O. Festor, "A Framework for Monitoring SIP Enterprise Networks," 2010 Fourth International Conference on Network and System Security, 2010, pp. 1-8, doi: 10.1109/NSS.2010.79.