VoIP anomaly detection by combining OCSVM and PSO algorithm

Voice over Internet Protocol (VoIP) is an emerging technology caused a revolution in the telecommunication industry. Because of the nature of its protocols (e.g., using text-based messages and transporting over UDP), VoIP is more susceptible to Denial of Service and Social threats than other internet-based services. Hence, the VoIP security has become one of the most important issues of concern and attracted renewed interest in much of the recent researches. In this paper, we use one-class support vector machines (OCSVM) for detecting anomalies in VoIP networks, in which, a few parameters (such as error control parameter and kernel parameter) significantly affect anomaly detection accuracy, and need to be tuned. The proposed method takes the advantages of particle swarm optimization (PSO) algorithm on parameters optimization. To evaluate candidate parameters, we suggest a new fitness function that considers both the overfitting and the underfitting problems. The results of experiments show that after determining the optimal value of parameters, the final decision function will bring in a high detection rate with a lower false positive rate.