• DocumentCode
    3093819
  • Title

    A Framework for Monitoring SIP Enterprise Networks

  • Author

    Nassar, Mohamed ; State, Radu ; Festor, Olivier

  • Author_Institution
    INRIA Res. Center, Nancy - Grand Est, Villers-Lès-Nancy, France
  • fYear
    2010
  • fDate
    1-3 Sept. 2010
  • Firstpage
    1
  • Lastpage
    8
  • Abstract
    In this paper we aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. We propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). We propose methods for anomaly/attack type classification and attack source identification. Our approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.
  • Keywords
    computer network security; signalling protocols; support vector machines; SIP enterprise network monitoring; anomaly detection approach; anomaly-attack type classification; attack source identification; billing records; controlled test-bed; feature extraction; network traffic; normal traffic generation model; server logs; support vector machines; Feature extraction; Media; Monitoring; Protocols; Security; Servers; Support vector machines; Anomaly detection; DoS; SIP; SPIT; SVM; VoIP;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Network and System Security (NSS), 2010 4th International Conference on
  • Conference_Location
    Melbourne, VIC
  • Print_ISBN
    978-1-4244-8484-3
  • Electronic_ISBN
    978-0-7695-4159-4
  • Type

    conf

  • DOI
    10.1109/NSS.2010.79
  • Filename
    5636154
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3093819