The main signaling protocol of next generation networks especially in multimedia applications (e.g. video conference, IPTV and VoIP) is session initiation protocol (SIP). Different types of Denial of Service (DoS) attacks are applicable to SIP entities because of the stateful functionality and text based nature of SIP. More than 98 percent of these attacks against SIP entities are caused by misconfiguration and implementation shortcomings. In this paper, a feature set for using in anomaly detection systems by feature engineering approach is generated. The knowledge of SIP packets, SIP internal state machine and normal behavior of this protocol were employed to create features that make machine learning algorithms work. The performance of the engineered feature set is evaluated with two different classifiers by applying three different data sets. The experimental results show the performance of proposed feature set in terms of detection and false alarm rate.
Asgharian, H., Akbari, A., & Raahemi, B. (2019). Engineered Feature Set to Detect Flooding Attacks in SIP Based VoIP. Journal of Advanced Defense Science & Technology, 8(1), 61-69.
MLA
Hassan Asgharian; Ahmad Akbari; Bijan Raahemi. "Engineered Feature Set to Detect Flooding Attacks in SIP Based VoIP", Journal of Advanced Defense Science & Technology, 8, 1, 2019, 61-69.
HARVARD
Asgharian, H., Akbari, A., Raahemi, B. (2019). 'Engineered Feature Set to Detect Flooding Attacks in SIP Based VoIP', Journal of Advanced Defense Science & Technology, 8(1), pp. 61-69.
VANCOUVER
Asgharian, H., Akbari, A., Raahemi, B. Engineered Feature Set to Detect Flooding Attacks in SIP Based VoIP. Journal of Advanced Defense Science & Technology, 2019; 8(1): 61-69.