Abstract
Current Voice-over-IP infrastructures lack defenses against unexpected network threats, such as zero-day exploits and computer worms. The possibility of such threats originates from the ongoing convergence of telecommunication and IP network infrastructures. As a countermeasure, we propose a self-learning system for detection of unknown and novel attacks in the Session Initiation Protocol (SIP). The system identifies anomalous content by embedding SIP messages to a feature space and determining deviation from a model of normality. The system adapts to network changes by automatically retraining itself while being hardened against targeted manipulations. Experiments conducted with realistic SIP traffic demonstrate the high detection performance of the proposed system at low false-positive rates. © 2008 Springer Berlin Heidelberg.
Cite
CITATION STYLE
Rieck, K., Wahl, S., Laskov, P., Domschitz, P., & Müller, K. R. (2008). A self-learning system for detection of anomalous SIP messages. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 5310 LNCS, pp. 90–106). Springer Verlag. https://doi.org/10.1007/978-3-540-89054-6_5
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
