A self-learning system for detection of anomalous SIP messages

Konrad Rieck, Stefan Wahl, Pavel Laskov, Peter Domschitz, Klaus Robert Müller

Research output: Chapter in Book/Report/Conference proceedingConference contribution

28 Citations (Scopus)

Abstract

Current Voice-over-IP infrastructures lack defenses against unexpected network threats, such as zero-day exploits and computer worms. The possibility of such threats originates from the ongoing convergence of telecommunication and IP network infrastructures. As a countermeasure, we propose a self-learning system for detection of unknown and novel attacks in the Session Initiation Protocol (SIP). The system identifies anomalous content by embedding SIP messages to a feature space and determining deviation from a model of normality. The system adapts to network changes by automatically retraining itself while being hardened against targeted manipulations. Experiments conducted with realistic SIP traffic demonstrate the high detection performance of the proposed system at low false-positive rates.

Original languageEnglish
Title of host publicationPrinciples, Systems and Applications of IP Telecommunications
Subtitle of host publicationServices and Security for Next Generation Networks - Second International Conference, IPTComm 2008, Revised Selected Papers
Pages90-106
Number of pages17
DOIs
Publication statusPublished - 2008
Event2nd International Conference on Principles, Systems and Applications of IP Telecommunications, IPTComm 2008 - Heidelberg, Germany
Duration: 2008 Jul 12008 Jul 2

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume5310 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other2nd International Conference on Principles, Systems and Applications of IP Telecommunications, IPTComm 2008
CountryGermany
CityHeidelberg
Period08/7/108/7/2

ASJC Scopus subject areas

  • Theoretical Computer Science
  • Computer Science(all)

Fingerprint Dive into the research topics of 'A self-learning system for detection of anomalous SIP messages'. Together they form a unique fingerprint.

Cite this