Publication No 40093
|
Author(s)
|
Güthle, M.; Kögel, J.*; Wahl, S.; Kaschub, M.*; Müller, C.M.*
|
Title
|
Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures
|
Topics
|
Network Security
|
Methods
|
Network Security
|
Keywords
|
CLASSIFICATION; SIGNALLING PROTOCOL; SECURITY; VOIP
|
Abstract
|
Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
|
Year
|
2010
|
Reference entry
|
Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Müller, C.M.
Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures
Future Internet, Vol. 2, No. 4, 2010, pp. 662-669
|
BibTex file
|
Download [BIBTEX]
|
Full Text
|
Download
[PDF]
|
|
|