C4.5: programs for machine learning
C4.5: programs for machine learning
DSN '04 Proceedings of the 2004 International Conference on Dependable Systems and Networks
VoIP Intrusion Detection Through Interacting Protocol State Machines
DSN '06 Proceedings of the International Conference on Dependable Systems and Networks
Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications
Detecting VoIP Floods Using the Hellinger Distance
IEEE Transactions on Parallel and Distributed Systems
Application of evolutionary algorithms in detection of SIP based flooding attacks
Proceedings of the 11th Annual conference on Genetic and evolutionary computation
Malware detection using statistical analysis of byte-level file content
Proceedings of the ACM SIGKDD Workshop on CyberSecurity and Intelligence Informatics
Hi-index | 0.00 |
Real-time Transport Protocol (RTP) is a widely adopted standard for transmission of multimedia traffic in Internet telephony (commonly known as VoIP). Therefore, it is a hot potential target for imposters who can launch different types of Denial of Service (DoS) attacks to disrupt communication; resulting in not only substantive revenue loss to VoIP operators but also undermining the reliability of VoIP infrastructure. The major contribution of this paper is an online framework -- RTP-Miner -- that detects RTP fuzzing attacks in realtime; as a result, it is not possible to deny access to legitimate users. RTP-Miner can detect both header and payload fuzzing attacks. Fuzzing in the header of RTP packets is detected by combining well known distance measures with a decision tree based classifier. In comparison, payload fuzzing is detected through a novel Markov state space model at the receiver. We evaluate RTP-Miner on a realworld RTP traffic dataset. The results show that RTP-Miner detects fuzzing in RTP header with more than 98% accuracy and less than 0.1% false alarm rate even when only 3% fuzzing is introduced. For the same fuzzing rate, it detects payload fuzzing -- a significantly more challenging problem -- with more than 80% accuracy and less than 2% false alarm rate. RTP-Miner has low memory and processing overheads that makes it well suited for deployment in real world VoIP infrastructure.