Navie Bayes Intrusion Classification System for Voice over Internet Protocol Network Using Honeypot

Voice over Internet Protocol (VoIP) is an emerging trend of applications on the Internet today. As with any recent technology, VoIP also introduces both fortuity and problems. Existing VoIP honeypot experimental set ups based on SIP (Session Initiation Protocol) deals with the basic attacks like DoS (Denial of Service), enumeration detection, signature collection and SPIT (Spam over Internet Telephony). We propose a method using honeypot where Naive Bayes’ classifier is used to categorize attack packets into VoIP MAC spoofing, SIP port scanning and VoIP service abuse attack, which are not concentrated much in the extant prevention methods. VoIP honeypot results are treated more valuable than the existing Intrusion Detection System (IDS) as the datasets used in IDS are predefined and can identify only the existing pattern of attacks. But honeypot can identify attacks which originate from new patterns than the existing IDS. For result analysis, we propose a test-bed using Zoiper (SIP clients), Asterisk server, Artemisa honeypot and Wireshark as network packet analyzer. The test-bed demonstrates how honeypot identifies and prevents unsolicited users, thus improving the robustness of the VoIP system in terms of security.