Title :
A comparative study of anomaly detection algorithms for detection of SIP flooding in IMS
Author :
Akbar, M.A. ; Tariq, Z. ; Farooq, M.
Author_Institution :
Next Generation Intell. Networks Res. Center (nexGIN RC), Nat. Univ. of Comput. & Emerging Sci. (NUCES), Islamabad
Abstract :
The IP multimedia subsystem (IMS) framework uses session initiation protocol (SIP) for signaling and control of sessions. In this paper, we first demonstrate that SIP flooding attacks on IMS can result in denial of service to the legitimate users. Afterwards, we report our comparative study of three well-known anomaly detection algorithms, adaptive threshold, cumulative sum, and Hellinger distance for detection of flood attacks in IMS. We evaluate the accuracy of the algorithms using a comprehensive traffic dataset that consists of varying benign and malicious traffic patterns.
Keywords :
IP networks; multimedia communication; signalling protocols; telecommunication traffic; Hellinger distance algorithm; IMS framework; IP multimedia subsystem; SIP flooding attack; adaptive threshold algorithm; anomaly detection algorithm; comprehensive traffic dataset; cumulative sum algorithm; session initiation protocol; Computer crime; Computer hacking; Detection algorithms; Floods; Internet telephony; Next generation networking; Protocols; TCPIP; Telecommunication traffic; Web server;
Conference_Titel :
Internet Multimedia Services Architecture and Applications, 2008. IMSAA 2008. 2nd International Conference on
Conference_Location :
Bangalore
Print_ISBN :
978-1-4244-2684-3
DOI :
10.1109/IMSAA.2008.4753934
