Efficient Detection of Attacks in SIP Based VoIP Networks Using Linear l1-SVM Classifier
Keywords:Machine learning, Support Vector Machines (SVMs), Session Initiation Protocol (SIP), VoIP attacks
AbstractThe Session Initiation Protocol (SIP) is one of the most common protocols that are used for signaling function in Voice over IP (VoIP) networks. The SIP protocol is very popular because of its flexibility, simplicity, and easy implementation, so it is a target of many attacks. In this paper, we propose a new system to detect the Denial of Service (DoS) attacks (i.e. malformed message and invite flooding) and Spam over Internet Telephony (SPIT) attack in the SIP based VoIP networks using a linear Support Vector Machine with l1 regularization (i.e. l1-SVM) classifier. In our approach, we project the SIP messages into a very high dimensional space using string based n-gram features. Hence, a linear classifier is trained on the top of these features. Our experimental results show that the proposed system detects malformed message, invite flooding, and SPIT attacks with a high accuracy. In addition, the proposed system outperformed other systems significantly in the detection speed.
Akbar, A.; Basha, S.M.; Sattar, S.A. et al. (2016). An intelligent SIP message parser for detecting and mitigating DDoS attacks, Int. J. Innov. Eng. Technol, 7(2), 1-7, 2016.
Akbar, M. A.; Farooq, M. (2014). Securing SIP-based VoIP infrastructure against flooding attacks and Spam Over IP Telephony, Knowledge and information systems, 38(2), 491-510, 2014. https://doi.org/10.1007/s10115-012-0595-5
Asgharian, H.; Akbari, A.; Raahemi, B. (2015). Feature engineering for detection of Denial of Service attacks in session initiation protocol, Security and Communication Networks, 8(8), 1587-1601, 2015. https://doi.org/10.1002/sec.1106
Cortes, C.; Vapnik, V. (1995). Support-vector networks, Machine learning, Springer, 20(3), 273-297, 1995. https://doi.org/10.1007/BF00994018
Cover, T. M. (1965). Geometrical and statistical properties of systems of linear inequalities with applications in pattern recognition, IEEE transactions on electronic computers, 3, 326- 334, 1965. https://doi.org/10.1109/PGEC.1965.264137
Fan, R.-E.; Chang, K.-W.; Hsieh, C.-J. et al. (2008). LIBLINEAR: A library for large linear classification, Journal of machine learning research, 1871-1874, 2008.
Ferdous, R. (2012). SIP-Msg-Gen : SIP Message Generator, [Online]. Available: https://github.com/rferdous/SIP-Msg-Gen, Accessed on 8 May 2019.
Friedman, J.; Hastie, T.;Tibshirani, R. (2001). The elements of statistical learning, Springer series in statistics New York, 1(10), 2001. https://doi.org/10.1007/978-0-387-21606-5_1
Hosseinpour, M.; Hosseini Seno, S.A.; Yaghmaee Moghaddam, M.H. et al. (2016). An anomaly based VoIP DoS attack detection and prevention method using fuzzy logic, Telecommunications (IST), 2016 8th International Symposium on. IEEE, 713-718, 2010. https://doi.org/10.1109/ISTEL.2016.7881916
Hsu, C.-W.; Chang, C.-C.; Lin, C.-J. et al. (2003). A practical guide to support vector classification, National Taiwan University, Taipei, 2003 (last updated 2016).
Jurafsky, D.; Martin, J. H. (2014). Speech and language processing, Pearson London, 3-ed, 2019.
Kurt, B. et al. (2018). A Bayesian change point model for detecting SIP-based DDoS attacks, Digital Signal Processing, Elsevier, 77, 48-62, 2018. https://doi.org/10.1016/j.dsp.2017.10.009
Li, H.; Yildiz, C.; Ceritli, T.Y. et al. (2018). A Machine Learning Approach To Prevent Malicious Calls Over Telephony Networks, arXiv preprint arXiv:1804.02566, 2018. https://doi.org/10.1109/SP.2018.00034
Nassar, M.; State, R.; Festor, O. (2008). Monitoring SIP traffic using support vector machines, International Workshop on Recent Advances in Intrusion Detection, Springer, 311- 330, 2008. https://doi.org/10.1007/978-3-540-87403-4_17
Nassar, M.; State, R.; Festor, O. (2010). Labeled VoIP data-set for intrusion detection evaluation, Meeting of the European Network of Universities and Companies in Information and Communication Engineering, 97-106, 2010. https://doi.org/10.1007/978-3-642-13971-0_10
Packetizer, I. (2011). H. 323 versus SIP: A Comparison, [Online]. Available: http://www.packetizer.com/ipmc/h323_vs_sip, Accessed on December 2018.
Pougajendy, J. and Parthiban, A. R. K. (2017). Detection of SIP-Based Denial of Service Attack Using Dual Cost Formulation of Support Vector Machine, The Computer Journal, Oxford University Press, 60(12), 1770-1784, 2017. https://doi.org/10.1093/comjnl/bxx052
Rieck, K.; Wahl S.; Laskov, P.; Domschitz, P. et al.(2008) A self-learning system for detection of anomalous SIP messages, Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks, Springer, 90-106, 2008. https://doi.org/10.1007/978-3-540-89054-6_5
Rosenberg, J. (2002). SIP: Session Initiation Protocol, IETF RFC 3261, 2002. https://doi.org/10.17487/rfc3261
Sasaki, Y. (2007). The truth of the F-measure, Teach Tutor mater, 1-5, 2007.
Semerci, M.; Cemgil, A. T.; Sankur, B. (2018). An intelligent cyber security system against DDoS attacks in SIP networks, Computer Networks, Elsevier, 136, 137-154, 2018. https://doi.org/10.1016/j.comnet.2018.02.025
Sparks, R.; Hawrylyshen, A.; Johnston Avaya, A. et al. (2006). Session initiation protocol (SIP) torture test messages, 2006. https://doi.org/10.17487/rfc4475
Su, M.-Y.: Tsai, C.-H. (2015). Using data mining approaches to identify voice over IP spam, International Journal of Communication Systems, Wiley Online Library, 28(1), 187-200, 2015. https://doi.org/10.1002/dac.2665
Tang, J.; Cheng, Y.; Hao, Y. (2012). Detection and prevention of SIP flooding attacks in voice over IP networks, INFOCOM, 2012 Proceedings IEEE, 1161-1169, 2012. https://doi.org/10.1109/INFCOM.2012.6195475
Tsiatsikas, Z.; Fakis, A.; Papamartzivanos, D. et al. (2015). Battling against DDoS in SIP: Is Machine Learning-based detection an effective weapon?, 12th International Joint Conference on e-Business and Telecommunications (ICETE), IEEE, 4, 301-308, 2015. https://doi.org/10.5220/0005549103010308
Tsiatsikas, Z., Geneiatakis, D.; Kambourakis, G. et al. (2016). Realtime DDoS Detection in SIP Ecosystems: Machine Learning Tools of the Trade, International Conference on Network and System Security, Springer, 126-139, 2016. https://doi.org/10.1007/978-3-319-46298-1_9
Tsiatsikas, Z.; Kambourakis, G.; Geneiatakis, D. et al. (2019). The Devil is in the Detail: SDP-Driven Malformed Message Attacks and Mitigation in SIP Ecosystems, IEEE Access, IEEE, 7, 2401-2417, 2019. https://doi.org/10.1109/ACCESS.2018.2886356
Vapnik, V. (2013). The nature of statistical learning theory, Springer science & business media, 2013.
Vennila, G.; Manikandan, M.; Aswathi, S. (2015). Detection of SIP signaling attacks using two-tier fine grained model for VoIP, TENCON 2015-2015 IEEE Region 10 Conference, IEEE, 1-7, 2015. https://doi.org/10.1109/TENCON.2015.7372954
Vennila, G.; Manikandan, M.; Suresh, M. (2017). Detection and prevention of spam over Internet telephony in Voice over Internet Protocol networks using Markov chain with incremental SVM, International Journal of Communication Systems, Wiley Online Library, 30(11), 2017. https://doi.org/10.1002/dac.3255
Wang, K.; Parekh, J.J.; Stolfo, S.J. (2006). Anagram: A content anomaly detector resistant to mimicry attack, International Workshop on Recent Advances in Intrusion Detection, Springer, 226-248, 2006. https://doi.org/10.1007/11856214_12
[Online]. Marchex. (2018). Spam Phone Calls Cost U.S. 2018 Small businesses half-billion dollars in lost productivity, Available: http://goo.gl/jTrgp3, Accessed on 10 March 2019.
[Online]. Nettitude. (2015). VoIP Attacks on the Rise, Available: https://www.nettitude.com/uk/, Accessed on December 2018.
ONLINE OPEN ACCES: Acces to full text of each article and each issue are allowed for free in respect of Attribution-NonCommercial 4.0 International (CC BY-NC 4.0.
You are free to:
-Share: copy and redistribute the material in any medium or format;
-Adapt: remix, transform, and build upon the material.
The licensor cannot revoke these freedoms as long as you follow the license terms.
DISCLAIMER: The author(s) of each article appearing in International Journal of Computers Communications & Control is/are solely responsible for the content thereof; the publication of an article shall not constitute or be deemed to constitute any representation by the Editors or Agora University Press that the data presented therein are original, correct or sufficient to support the conclusions reached or that the experiment design or methodology is adequate.