Sciweavers

FI
2010

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

13 years 10 months ago
Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures
: Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
Martin Güthle, Jochen Kögel, Stefan Wahl
Added 02 Mar 2011
Updated 02 Mar 2011
Type Journal
Year 2010
Where FI
Authors Martin Güthle, Jochen Kögel, Stefan Wahl, Matthias Kaschub, Christian M. Mueller
Comments (0)