Skip to Main content Skip to Navigation
New interface
Conference papers

Monitoring SIP traffic using Support Vector Machines

Mohamed Nassar 1, * Radu State 1 Olivier Festor 1 
* Corresponding author
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : In this paper, we propose a novel online monitoring approach able to distinguish between attacks and normal activity in SIP based Voice over IP environments. We demonstrate the efficiency of the approach even in presence of very limited data sets for the learning phase. The solution builds on the monitoring of a set of 38 features in VoIP flows and on Support Vector Machines for the classification part. We validate our proposal through large offline experiments performed over a mix of real world traces from a large VoIP provider and attacks locally generated on our own testbed. Results show high accuracy to detect SPIT and flooding attacks and promising performance for an online deployment are measured.
Document type :
Conference papers
Complete list of metadata

Cited literature [3 references]  Display  Hide  Download
Contributor : Mohamed Nassar Connect in order to contact the contributor
Submitted on : Saturday, September 27, 2008 - 5:03:18 PM
Last modification on : Saturday, June 25, 2022 - 7:45:40 PM
Long-term archiving on: : Monday, October 8, 2012 - 1:36:22 PM


Files produced by the author(s)


  • HAL Id : inria-00325290, version 1



Mohamed Nassar, Radu State, Olivier Festor. Monitoring SIP traffic using Support Vector Machines. 11th International Symposium on Recent advances in intrusion detection - RAID 2008, Sep 2008, Boston, United States. pp.311-330. ⟨inria-00325290⟩



Record views


Files downloads