Skip to Main content Skip to Navigation
Conference papers

A framework for monitoring SIP enterprise networks

Mohamed Nassar 1, * Radu State 1 Olivier Festor 1
* Corresponding author
1 MADYNES - Management of dynamic networks and services
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
Abstract : In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification. Our approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.
Document type :
Conference papers
Complete list of metadata

Cited literature [16 references]  Display  Hide  Download

https://hal.inria.fr/inria-00519728
Contributor : Mohamed Nassar <>
Submitted on : Tuesday, September 21, 2010 - 2:35:23 PM
Last modification on : Friday, February 26, 2021 - 3:28:04 PM
Long-term archiving on: : Wednesday, December 22, 2010 - 2:48:04 AM

File

nss10.pdf
Files produced by the author(s)

Identifiers

Collections

Citation

Mohamed Nassar, Radu State, Olivier Festor. A framework for monitoring SIP enterprise networks. Fourth international conference on Network and System Security - NSS 2010, Sep 2010, Melbourne, Australia. pp.1--8, ⟨10.1109/NSS.2010.79⟩. ⟨inria-00519728⟩

Share

Metrics

Record views

248

Files downloads

961