Intrusion Detection in IMS: Experiences with a Hellinger Distance-Based Flooding Detector

Author

Hecht, Christoph ; Reichl, Peter ; Berger, Andreas ; Jung, Oliver ; Gojmerac, Ivan

Author_Institution

Univ. of Appl. Sci. Technikum, Vienna, Austria

fYear

2009

Firstpage

65

Lastpage

70

Abstract

With the imminent roll-out of the 3GPP IP Multimedia Subsystem (IMS), IMS-specific security threats and corresponding counter-mechanisms are gaining increasing attention. One of the most promising recent intrusion detection approaches dealing with unforeseen anomalies caused by flooding attacks is based on a specific metric for the distance between two empirical probability distributions, the so-called Hellinger distance. In this paper, we discuss the application of this concept for IMS networks as well as the resulting implementation of a flooding detector, and describe some practical experiences based utilizing different traffic generation tools. The results show that shorter analysis cycles and precise parameterization in general trigger higher detection rates.

Keywords

IP networks; multimedia systems; probability; security of data; Hellinger distance-based flooding detector; IMS; IP multimedia subsystem; empirical probability distributions; intrusion detection systems; security threats; traffic generation tools; Communication system security; Computer crime; Detectors; Floods; IP networks; Intrusion detection; Multimedia systems; Next generation networking; Protocols; Telecommunication traffic; Hellinger Distance; IMS Bench; IP Multimedia Subsystem; Intrusion Detection System; SIPp;

fLanguage

English

Publisher

ieee

Conference_Titel

Evolving Internet, 2009. INTERNET '09. First International Conference on

Conference_Location

Cannes/La Bocca

Print_ISBN

978-1-4244-4718-3

Electronic_ISBN

978-0-7695-3748-1

Type

conf

DOI

10.1109/INTERNET.2009.17

Filename

5277864