A Framework for Detecting Anomalies in VoIP Networks

Author

Bouzida, Yacine ; Mangin, Christophe

Author_Institution

Dept. RSM, Telecom Bretagne, Cesson-Sevigne

fYear

2008

Firstpage

204

Lastpage

211

Abstract

This paper introduces a novel system (architecture and techniques) that aims to secure overlay networks by detecting anomalies in Voice over IP networks. It is particularly designed for the signaling protocol SIP. The proposed system mainly consists of two parts. The first one determines the different features that are extracted from the specification of the SIP protocol. In fact, these features should highly characterize the behavior of the signaling traffic so that the evidence of the intrusion is not lost when only these attributes are considered for the attack detection goal. After the attributes extraction step, a detection algorithm is used to classify new SIP profiles in their appropriate class (either as normal, or as an anomaly). Another feature of this system is its adaptability since a feedback from the detected attacks is possible.

Keywords

Internet telephony; feature extraction; signalling protocols; telecommunication traffic; SIP protocol; VoIP network; anomaly detection; feature extraction; signaling protocol; telecommunication traffic; Counting circuits; Feature extraction; IP networks; Internet telephony; Intrusion detection; Particle measurements; Protocols; TCPIP; Telecommunication traffic; Traffic control; Anomaly detection; Intrusion detection; Overlay networks; SIP; Voice over IP;

fLanguage

English

Publisher

ieee

Conference_Titel

Availability, Reliability and Security, 2008. ARES 08. Third International Conference on

Conference_Location

Barcelona

Print_ISBN

978-0-7695-3102-1

Type

conf

DOI

10.1109/ARES.2008.205

Filename

4529339