نویسندگان
1 دانشگاه علم و صنعت ایران
2 دانشگاه علم و صنعت
3 دانشگاه اوتاوا
چکیده
کلیدواژهها
عنوان مقاله [English]
نویسندگان [English]
The main signaling protocol of next generation networks especially in multimedia applications (e.g. video conference, IPTV and VoIP) is session initiation protocol (SIP). Different types of Denial of Service (DoS) attacks are applicable to SIP entities because of the stateful functionality and text based nature of SIP. More than 98 percent of these attacks against SIP entities are caused by misconfiguration and implementation shortcomings. In this paper, a feature set for using in anomaly detection systems by feature engineering approach is generated. The knowledge of SIP packets, SIP internal state machine and normal behavior of this protocol were employed to create features that make machine learning algorithms work. The performance of the engineered feature set is evaluated with two different classifiers by applying three different data sets. The experimental results show the performance of proposed feature set in terms of detection and false alarm rate.
کلیدواژهها [English]