A Framework for Detecting Anomalies in VoIP Networks

March 04-March 07

DOI Bookmark:

http://doi.ieeecomputersociety.org/10.1109/ARES.2008.205

2008 Third International Conference o ...

	This Article
	PURCHASE ARTICLE: $19 PDF HTML IEEE Xplore Subscribers
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Yacine Bouzida Articles by Christophe Mangin

	ASCII Text	x
	Yacine Bouzida, Christophe Mangin, "A Framework for Detecting Anomalies in VoIP Networks," Availability, Reliability and Security, International Conference on, pp. 204-211, 2008 Third International Conference on Availability, Reliability and Security, 2008.

	BibTex	x
	@article{ 10.1109/ARES.2008.205, author = {Yacine Bouzida and Christophe Mangin}, title = {A Framework for Detecting Anomalies in VoIP Networks}, journal ={Availability, Reliability and Security, International Conference on}, volume = {0}, year = {2008}, isbn = {978-0-7695-3102-1}, pages = {204-211}, doi = {http://doi.ieeecomputersociety.org/10.1109/ARES.2008.205}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Availability, Reliability and Security, International Conference on TI - A Framework for Detecting Anomalies in VoIP Networks SN - 978-0-7695-3102-1 SP204 EP211 A1 - Yacine Bouzida, A1 - Christophe Mangin, PY - 2008 KW - Intrusion detection KW - SIP KW - Voice over IP KW - Anomaly detection KW - Overlay networks VL - 0 JA - Availability, Reliability and Security, International Conference on ER -

Yacine Bouzida

Christophe Mangin

This paper introduces a novel system (architecture and techniques) that aims to secure overlay networks by detecting anomalies in Voice over IP networks. It is particularly designed for the signaling protocol SIP. The proposed system mainly consists of two parts. The first one determines the different features that are extracted from the specification of the SIP protocol. In fact, these features should highly characterize the behavior of the signaling traffic so that the evidence of the intrusion is not lost when only these attributes are considered for the attack detection goal. After the attributes extraction step, a detection algorithm is used to classify new SIP profiles in their appropriate class (either as normal, or as an anomaly). Another feature of this system is its adaptability since a feedback from the detected attacks is possible.

Index Terms:

Intrusion detection, SIP, Voice over IP, Anomaly detection, Overlay networks

Citation:

Yacine Bouzida, Christophe Mangin, "A Framework for Detecting Anomalies in VoIP Networks," ares, pp.204-211, 2008 Third International Conference on Availability, Reliability and Security, 2008

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.