Support vector domain description
Pattern Recognition Letters - Special issue on pattern recognition in practice VI
Service specific anomaly detection for network intrusion detection
Proceedings of the 2002 ACM symposium on Applied computing
How to Own the Internet in Your Spare Time
Proceedings of the 11th USENIX Security Symposium
Anomaly detection of web-based attacks
Proceedings of the 10th ACM conference on Computer and communications security
Network traffic anomaly detection based on packet bytes
Proceedings of the 2003 ACM symposium on Applied computing
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
Snort - Lightweight Intrusion Detection for Networks
LISA '99 Proceedings of the 13th USENIX conference on System administration
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
A framework for protecting a SIP-based infrastructure against malformed message attacks
Computer Networks: The International Journal of Computer and Telecommunications Networking
Incremental Support Vector Learning: Analysis, Implementation and Applications
The Journal of Machine Learning Research
Holistic VoIP intrusion detection and prevention system
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
VoIP defender: highly scalable SIP-based security architecture
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Measurements and mitigation of peer-to-peer-based botnets: a case study on storm worm
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Linear-Time Computation of Similarity Measures for Sequential Data
The Journal of Machine Learning Research
Casting out Demons: Sanitizing Training Data for Anomaly Sensors
SP '08 Proceedings of the 2008 IEEE Symposium on Security and Privacy
Detecting unknown network attacks using language models
DIMVA'06 Proceedings of the Third international conference on Detection of Intrusions and Malware & Vulnerability Assessment
Anagram: a content anomaly detector resistant to mimicry attack
RAID'06 Proceedings of the 9th international conference on Recent Advances in Intrusion Detection
Survey of security vulnerabilities in session initiation protocol
IEEE Communications Surveys & Tutorials
IEEE Network: The Magazine of Global Internetworking
Using game theory to configure P2P SIP
Proceedings of the 3rd International Conference on Principles, Systems and Applications of IP Telecommunications
A Survey of Voice over IP Security Research
ICISS '09 Proceedings of the 5th International Conference on Information Systems Security
SIP CLF: a common log format (CLF) for the session initiation protocol (SIP)
SLAML'10 Proceedings of the 2010 workshop on Managing systems via log analysis and machine learning techniques
Journal of Network and Computer Applications
Outbound SPIT filter with optimal performance guarantees
Computer Networks: The International Journal of Computer and Telecommunications Networking
Hi-index | 0.00 |
Current Voice-over-IP infrastructures lack defenses against unexpected network threats, such as zero-day exploits and computer worms. The possibility of such threats originates from the ongoing convergence of telecommunication and IP network infrastructures. As a countermeasure, we propose a self-learning system for detection of unknown and novel attacks in the Session Initiation Protocol (SIP). The system identifies anomalous content by embedding SIP messages to a feature space and determining deviation from a model of normality. The system adapts to network changes by automatically retraining itself while being hardened against targeted manipulations. Experiments conducted with realistic SIP traffic demonstrate the high detection performance of the proposed system at low false-positive rates.