| Authors: | Tsiatsikas Z., Fakis A., Papamartzivanos D., Geneiatakis D., Kambourakis G., Kolias C. |
|---|
| Title: | Battling against DDoS in SIP. Is machine learning-based detection an effective weapon? |
|---|
| Conference: | The 12th International Conference on Security and Cryptography (SECRYPT 2015) |
|---|
| Editors: | |
|---|
| Ed: | No |
|---|
| Eds: | No |
|---|
| Pages: | |
|---|
| To appear: | No |
|---|
| Month: | July |
|---|
| Year: | 2015 |
|---|
| Place: | Colmar, France |
|---|
| Pubisher: | SCITEPRESS |
|---|
| Link: | http://www.secrypt.icete.org/ |
|---|
| File name: | secrypt2015.pdf##^^&&346755263.pdf |
|---|
| Abstract: | This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML)
techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several
works in the literature have been devoted to this topic, but only a small fraction of them have done so in an
elaborate way. Even more, none of them takes into account high and low-rate Distributed DoS (DDoS) when
assessing the efficacy of such techniques in SIP intrusion detection. To provide a more complete estimation
of this potential, we conduct extensive experimentations involving 5 different classifiers and a plethora of
realistically simulated attack scenarios representing a variety of (D)DoS incidents. Moreover, for DDoS ones,
we compare our results with those produced by two other anomaly-based detection methods, namely Entropy
and Hellinger Distance. Our results show that ML-powered detection scores a promising false alarm rate in
the general case, and seems to outperform similar methods when it comes to DDoS. |
|---|
Greek