Title :
A Framework for Monitoring SIP Enterprise Networks
Author :
Nassar, Mohamed ; State, Radu ; Festor, Olivier
Author_Institution :
INRIA Res. Center, Nancy - Grand Est, Villers-Lès-Nancy, France
Abstract :
In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification. Our approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.
Keywords :
computer network security; signalling protocols; support vector machines; SIP enterprise network monitoring; anomaly detection approach; anomaly-attack type classification; attack source identification; billing records; controlled test-bed; feature extraction; network traffic; normal traffic generation model; server logs; support vector machines; Feature extraction; Media; Monitoring; Protocols; Security; Servers; Support vector machines; Anomaly detection; DoS; SIP; SPIT; SVM; VoIP;
Conference_Titel :
Network and System Security (NSS), 2010 4th International Conference on
Conference_Location :
Melbourne, VIC
Print_ISBN :
978-1-4244-8484-3
Electronic_ISBN :
978-0-7695-4159-4
DOI :
10.1109/NSS.2010.79
