The Session Initiation Protocol (SIP) is the de facto standard for user’s session control in the next generation Voice over Internet Protocol (VoIP) networks based on the IP Multimedia Subsystem (IMS) framework. In this paper, we first analyze the role of SIP based floods in the Denial of Service (DoS) attacks on the IMS. Afterwards, we present an online intrusion detection framework for detection of such attacks. We analyze the role of different evolutionary and non-evolutionary classifiers on the classification accuracy of the proposed framework. We have evaluated the performance of our intrusion detection framework on a traffic in which SIP floods of varying intensities are injected. The results of our study show that the evolutionary classifiers like sUpervised Classifier System (UCS) and Genetic clASSIfier sySTem (GAssist) can even detect low intensity SIP floods in realtime. Finally, we formulate a set of specific guidelines that can help VoIP service providers in c...
M. Ali Akbar, Muddassar Farooq