Title :
Intrusion Detection in IMS: Experiences with a Hellinger Distance-Based Flooding Detector
Author :
Hecht, Christoph ; Reichl, Peter ; Berger, Andreas ; Jung, Oliver ; Gojmerac, Ivan
Author_Institution :
Univ. of Appl. Sci. Technikum, Vienna, Austria
Abstract :
With the imminent roll-out of the 3GPP IP Multimedia Subsystem (IMS), IMS-specific security threats and corresponding counter-mechanisms are gaining increasing attention. One of the most promising recent intrusion detection approaches dealing with unforeseen anomalies caused by flooding attacks is based on a specific metric for the distance between two empirical probability distributions, the so-called Hellinger distance. In this paper, we discuss the application of this concept for IMS networks as well as the resulting implementation of a flooding detector, and describe some practical experiences based utilizing different traffic generation tools. The results show that shorter analysis cycles and precise parameterization in general trigger higher detection rates.
Keywords :
IP networks; multimedia systems; probability; security of data; Hellinger distance-based flooding detector; IMS; IP multimedia subsystem; empirical probability distributions; intrusion detection systems; security threats; traffic generation tools; Communication system security; Computer crime; Detectors; Floods; IP networks; Intrusion detection; Multimedia systems; Next generation networking; Protocols; Telecommunication traffic; Hellinger Distance; IMS Bench; IP Multimedia Subsystem; Intrusion Detection System; SIPp;
Conference_Titel :
Evolving Internet, 2009. INTERNET '09. First International Conference on
Conference_Location :
Cannes/La Bocca
Print_ISBN :
978-1-4244-4718-3
Electronic_ISBN :
978-0-7695-3748-1
DOI :
10.1109/INTERNET.2009.17
