Fraunhofer-Gesellschaft

Publica

Hier finden Sie wissenschaftliche Publikationen aus den Fraunhofer-Instituten.

A self-learning system for detection of anomalous SIP messages

 
: Rieck, K.; Wahl, S.; Laskov, P.; Domschitz, P.; Müller, K.-R.

:

Schulzrinne, H.:
Principles, systems and applications of IP telecommunications: Services and security for next generation networks : Second international conference, IPTComm 2008, Heidelberg, Germany, July 1-2, 2008; Revised selected papers
Berlin: Springer, 2008 (Lecture Notes in Computer Science 5310)
ISBN: 3-540-89053-X
ISBN: 978-3-540-89053-9
ISSN: 0302-9743
pp.90-106
International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm) <2, 2008, Heidelberg>
English
Conference Paper
Fraunhofer FIRST ()

Abstract
Current Voice-over-IP infrastructures lack defenses against unexpected network threats, such as zero-day exploits and computer worms. The possibility of such threats originates from the ongoing convergence of telecommunication and IP network infrastructures. As a countermeasure, we propose a self-learning system for detection of unknown and novel attacks in the Session Initiation Protocol (SIP). The, system identifies anomalous content by embedding SIP messages to a feature space and determining deviation from a model of normality. The system adapts to network changes by v automatically retraining itself while being hardened against targeted manipulations. Experiments conducted with realistic SIP traffic demonstrate the high detection performance of the proposed system at low false-positive rates.

: http://publica.fraunhofer.de/documents/N-92370.html