A self-learning system for detection of anomalous SIP messages

Rieck, K.; Wahl, S.; Laskov, P.; Domschitz, P.; Müller, K.-R.

2008

Conference Paper

Abstract

Current Voice-over-IP infrastructures lack defenses against unexpected network threats, such as zero-day exploits and computer worms. The possibility of such threats originates from the ongoing convergence of telecommunication and IP network infrastructures. As a countermeasure, we propose a self-learning system for detection of unknown and novel attacks in the Session Initiation Protocol (SIP). The, system identifies anomalous content by embedding SIP messages to a feature space and determining deviation from a model of normality. The system adapts to network changes by v automatically retraining itself while being hardened against targeted manipulations. Experiments conducted with realistic SIP traffic demonstrate the high detection performance of the proposed system at low false-positive rates.

Author(s)

Rieck, K.

Wahl, S.

Laskov, P.

Domschitz, P.

Müller, K.-R.

Hauptwerk

Principles, systems and applications of IP telecommunications: Services and security for next generation networks

Konferenz

International Conference on Principles, Systems and Applications of IP Telecommunications (IPTComm) 2008

Options

A self-learning system for detection of anomalous SIP messages