Intrusion Detection System for IP Multimedia Subsystem using K-Nearest Neighbor classifier

IP multimedia subsystem (IMS) is a new next generation networking architecture that will provide better quality of service, charging infrastructure and security. The basic idea behind IMS is convergence; providing a single interface to different traditional or modern networking architectures allowing better working environment for the end users. IMS is still not commercially adopted and used but research is in progress to explore it. IMS is an IP based overlay next generation network architecture. It inherent number of security threats of session initiation protocol (SIP), TCP, UDP etc as it uses SIP and IP protocols. Some of them can degrade the performance of IMS seriously and may cause DoS or DDoS attacks. The paper presents a new approach keeping a vision of secure IMS based on intrusion detection system (IDS) using k-nearest neighbor (KNN) as classifier. The KNN classifier can effectively detect intrusive attacks and achieve a low false positive rate. It can distinguish between the normal behavior of the system or abnormal. In this paper, we have focused on the key element of IMS core known as proxy call session control function (PCSCF). Network based anomaly detection mechanism is proposed using KNN as anomaly detector. Experiments are performed on OpenIMS core and the result shows that IMS is vulnerable to different types of attacks such as UDP flooding, IP spoofing that can cause DoS. KNN classifier effectively distinguishes the behavior of the system as normal or intrusive and achieve low false positive rate.