Anomaly‐based DoS detection and prevention in SIP networks by modeling SIP normal traffic

Hosseinpour, Mahsa; Yaghmaee, Mohammad Hossein; Seno, Seyed Amin Hosseini; Roshkhari, Hossein Khosravi; Asadi, Mohsen

doi:10.1002/dac.3825

Cited by 4 publications

(4 citation statements)

References 44 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The types of abnormal network traffic mainly include Alpha Anomaly, DDos, Port Scan, Network Scan, Worms and Flash Crowd [4][5]. Common network attacks can be divided into three categories: first, reconnaissance and tracking attacks: stealing all kinds of information of the target computer; Second, access attack: using system vulnerabilities to gain host control rights; The third is to refuse service.…”

Section: Overall Design Of Modelmentioning

confidence: 99%

Research on Network Traffic Anomaly Detection Method Based on Python

Cai¹

2022

AJST

View full text Add to dashboard Cite

Abnormal traffic is the traffic that differs from the normal range of network services. Objective social and natural phenomena, network equipment failures on hardware, and man-made malicious attacks can all lead to abnormal network traffic. Python is a computer programming language that can realize cross-platform interaction, and it is also an object-oriented explanatory and interactive scripting language. Based on this, this paper studies the network traffic anomaly detection method based on Python. By sampling the data sets divided by each layer with different strategies, multiple balanced sub-data sets are obtained, and the feature selection fusion method proposed in the previous section is applied to each sub-data set to obtain the corresponding optimal feature subset, which is used to train multiple base classifiers to perform anomaly detection in this layer. The results show that Python-based network traffic anomaly detection method is superior to the traditional algorithm in accuracy and F1-Score.

show abstract

Section: Overall Design Of Modelmentioning

confidence: 99%

Research on Network Traffic Anomaly Detection Method Based on Python

Cai¹

2022

AJST

View full text Add to dashboard Cite

show abstract

“…Hosseinpour et al [22] used normal SIP calls to create an FSM. The number of messages in state transitions were calculated during the day, and an average of time differences between FSM states was extracted.…”

Section: Finite State Machine Approachesmentioning

confidence: 99%

“…-Features are extracted from SIP messages and server logs. Most of the surveyed approaches have classified the SIP messages into normal or malicious while others have determined the attack severity (e.g., [22]) or the intensity of the attacks (e.g., [49]). In addition, only the proposed approach in [21] has identified the attackers from legitimate users.…”

Section: Statistically Based Approachesmentioning

confidence: 99%

“…Feature extraction is an important process in ML approaches. The majority of the surveyed ML approaches extracted features from SIP headers and haven't used other resources such as server log files [40] or CDR [22]. In addition, some of these approaches such as [42,49] have calculated features over a group of SIP messages to capture the correlation between messages, while others such as [46,48] have extracted features over one by one SIP messages to achieve faster detection time.…”

Section: Statistically Based Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

et al. 2020

View full text Add to dashboard Cite

Voice over IP (VoIP) services hold promise because of their offered features and low cost. Most VoIP networks depend on the Session Initiation Protocol (SIP) to handle signaling functions. The SIP is a text-based protocol that is vulnerable to many attacks. Denial of Service (DoS) and distributed denial of service (DDoS) attacks are the most harmful types of attacks, because they drain VoIP resources and render SIP service unavailable to legitimate users. In this paper, we present recently introduced approaches to detect DoS and DDoS attacks, and classify them based on various factors. We then analyze these approaches according to various characteristics; furthermore, we investigate the main strengths and weaknesses of these approaches. Finally, we provide some remarks for enhancing the surveyed approaches and highlight directions for future research to build effective detection solutions.

show abstract