A Framework for Monitoring SIP Enterprise Networks
Computer networks--Security measures, Internet telephony, Operating systems (Computers), Anomaly detection (Computer security)
Computer Engineering | Computer Sciences | Electrical and Computer Engineering
In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification. Our approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.
Nassar, Mohamed; State, Radu; and Festor, Olivier, "A Framework for Monitoring SIP Enterprise Networks" (2010). Electrical & Computer Engineering and Computer Science Faculty Publications. 128.
M. Nassar, R. State and O. Festor, "A Framework for Monitoring SIP Enterprise Networks," 2010 Fourth International Conference on Network and System Security, 2010, pp. 1-8, doi: 10.1109/NSS.2010.79.