Skip to Main content Skip to Navigation
Conference papers

Monitoring SIP traffic using Support Vector Machines

Mohamed Nassar 1, * Radu State 1 Olivier Festor 1
* Corresponding author
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : In this paper, we propose a novel online monitoring approach able to distinguish between attacks and normal activity in SIP based Voice over IP environments. We demonstrate the efficiency of the approach even in presence of very limited data sets for the learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and on Support Vector Machines for the classification part. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy to detect SPIT and flooding attacks and promising performance for an online deployment are measured.
Document type :
Conference papers
Complete list of metadata

Cited literature [3 references]  Display  Hide  Download

https://hal.inria.fr/inria-00325290
Contributor : Mohamed Nassar <>
Submitted on : Saturday, September 27, 2008 - 5:03:18 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Monday, October 8, 2012 - 1:36:22 PM

File

main.pdf
Files produced by the author(s)

Identifiers

  • HAL Id : inria-00325290, version 1

Collections

Citation

Mohamed Nassar, Radu State, Olivier Festor. Monitoring SIP traffic using Support Vector Machines. 11th International Symposium on Recent advances in intrusion detection - RAID 2008, Sep 2008, Boston, United States. pp.311-330. ⟨inria-00325290⟩

Share

Metrics

Record views

404

Files downloads

652