Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

13 years 9 months ago

Download www.ikr.uni-stuttgart.de

: Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.

Martin Güthle, Jochen Kögel, Stefan Wahl

Real-time Traffic

False Positive Rate | FI 2010 | Session Initiation Protocol | Support Vector Machine |

claim paper

Post Info
More Details (n/a)

Added	02 Mar 2011
Updated	02 Mar 2011
Type	Journal
Year	2010
Where	FI
Authors	Martin Güthle, Jochen Kögel, Stefan Wahl, Matthias Kaschub, Christian M. Mueller

Comments (0)

Sciweavers

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

False Positive Rate | FI 2010 | Session Initiation Protocol | Support Vector Machine |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers