Monitoring SIP Traffic Using Support Vector Machines

Authors:
Mohamed Nassar;Radu State;Olivier Festor
Affiliations:
Centre de Recherche INRIA Nancy - Grand Est, Villers-Lès-Nancy, France 54602;Centre de Recherche INRIA Nancy - Grand Est, Villers-Lès-Nancy, France 54602;Centre de Recherche INRIA Nancy - Grand Est, Villers-Lès-Nancy, France 54602
Venue:
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Year:
2008

Citing 12
Cited 5

The nature of statistical learning theory

The nature of statistical learning theory
Service specific anomaly detection for network intrusion detection

Proceedings of the 2002 ACM symposium on Applied computing
Gene Selection for Cancer Classification using Support Vector Machines

Machine Learning
Adaptive, Model-Based Monitoring for Cyber Attack Detection

RAID '00 Proceedings of the Third International Workshop on Recent Advances in Intrusion Detection
Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)

Machine Learning and Data Mining for Computer Security: Methods and Applications (Advanced Information and Knowledge Processing)
Supernova Recognition Using Support Vector Machines

ICMLA '06 Proceedings of the 5th International Conference on Machine Learning and Applications
Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions

Hacking Exposed VoIP: Voice Over IP Security Secrets & Solutions
SIP-based VoIP traffic behavior profiling and its applications

Proceedings of the 3rd annual ACM workshop on Mining network data
KiF: a stateful SIP fuzzer

Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Detecting VoIP Floods Using the Hellinger Distance

IEEE Transactions on Parallel and Distributed Systems
LIBSVM: A library for support vector machines

ACM Transactions on Intelligent Systems and Technology (TIST)
Progressive multi gray-leveling: a voice spam protection algorithm

IEEE Network: The Magazine of Global Internetworking

Labeled VoIP data-set for intrusion detection evaluation

EUNICE'10 Proceedings of the 16th EUNICE/IFIP WG 6.6 conference on Networked services and applications: engineering, control and management
SPRT for SPIT: using the sequential probability ratio test for spam in VoIP prevention

AIMS'12 Proceedings of the 6th IFIP WG 6.6 international autonomous infrastructure, management, and security conference on Dependable Networks and Services
A survey of anomaly intrusion detection techniques

Journal of Computing Sciences in Colleges
Characteristics of real open SIP-Server traffic

PAM'13 Proceedings of the 14th international conference on Passive and Active Measurement
Outbound SPIT filter with optimal performance guarantees

Computer Networks: The International Journal of Computer and Telecommunications Networking

Quantified Score

Hi-index	0.00

Visualization

Abstract

We propose a novel online monitoring approach to distinguish between attacks and normal activity in SIP-based Voice over IP environments. We demonstrate the efficiency of the approach even when only limited data sets are used in learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and uses Support Vector Machines for classification. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy of detecting SPIT and flooding attacks and promising performance for an online deployment are measured.