A Bayesian change point model for detecting SIP-based DDoS attacks

Kurt, Baris; Yıldız, Çağatay; Ceritli, Taha; Sankur, B.; Cemgil, Ali Taylan

doi:10.1016/j.dsp.2017.10.009

Cited by 31 publications

(18 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Kurt et al [ 10 ] extracted 41 features from SIP messages and resource usage measurements of the VoIP server to detect DDoS flooding attacks. Using a Hidden Markov Model (HMM), they related these features to hidden variables.…”

Section: Related Workmentioning

confidence: 99%

“…In contrast to previous machine learning approaches to DDoS detection such as those in [ 9 , 10 ], our method does not require designing features that represent SIP messages, as show in Figure 1 . The feature extraction process consists of tokenizing, converting to sequences, padding, and embedding.…”

Section: Proposed Approachmentioning

confidence: 99%

“…In addition, thresholds and model parameters must be updated to be compatible with various types of DDoS attacks. Some of these approaches have not achieved high detection accuracy against low-rate DDoS attacks [ 9 , 10 ].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

Many companies have transformed their telephone systems into Voice over IP (VoIP) systems. Although implementation is simple, VoIP is vulnerable to different types of attacks. The Session Initiation Protocol (SIP) is a widely used protocol for handling VoIP signaling functions. SIP is unprotected against attacks because it is a text-based protocol and lacks defense against the growing security threats. The Distributed Denial of Service (DDoS) attack is a harmful attack, because it drains resources, and prevents legitimate users from using the available services. In this paper, we formulate detection of DDoS attacks as a classification problem and propose an approach using token embedding to enhance extracted features from SIP messages. We discuss a deep learning model based on Recurrent Neural Networks (RNNs) developed to detect DDoS attacks with low and high-rate intensity. For validation, a balanced real traffic dataset was built containing three attack scenarios with different attack durations and intensities. Experiments show that the system has a high detection accuracy and low detection time. The detection accuracy was higher for low-rate attacks than that of traditional machine learning.

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Proposed Approachmentioning

confidence: 99%

See 1 more Smart Citation

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Nazih

Hifny

Elkilani

et al. 2020

Sensors

View full text Add to dashboard Cite

show abstract

“…Min-max distribution free continuous-review model was presented with a service level constraint and variable lead time [26]. The Bayesian change point detection model was recommended to identify the flooding attacks in VoIP systems in which the Session Initiation Protocol (SIP) is used as a signaling mechanism [27].…”

Section: Related Literaturementioning

confidence: 99%

Change Point Detection for Diversely Distributed Stochastic Processes Using a Probabilistic Method

Khan

Sarkar

2019

Inventions

View full text Add to dashboard Cite

Unpredicted deviations in time series data are called change points. These unexpected changes indicate transitions between states. Change point detection is a valuable technique in modeling to estimate unanticipated property changes underlying time series data. It can be applied in different areas like climate change detection, human activity analysis, medical condition monitoring and speech and image analyses. Supervised and unsupervised techniques are equally used to identify changes in time series. Even though change point detection algorithms have improved considerably in recent years, several undefended challenges exist. Previous work on change point detection was limited to specific areas; therefore, more studies are required to investigate appropriate change point detection techniques applicable to any data distribution to assess the numerical productivity of any stochastic process. This research is primarily focused on the formulation of an innovative methodology for change point detection of diversely distributed stochastic processes using a probabilistic method with variable data structures. Bayesian inference and a likelihood ratio test are used to detect a change point at an unknown time (k). The likelihood of k is determined and used in the likelihood ratio test. Parameter change must be evaluated by critically analyzing the parameters expectations before and after a change point. Real-time data of particulate matter concentrations at different locations were used for numerical verification, due to diverse features, that is, environment, population densities and transportation vehicle densities. Therefore, this study provides an understanding of how well this recommended model could perform for different data structures.

show abstract

“…However, EM exhibits better performance in case of minor changes and unsuitable priors while the Bayesian method has less computational work to do (Keshavarz and Huang [20]). The Bayesian multiple change point model was suggested for the identification of Distributed Denial of Service (DDoS) flooding attacks in VoIP systems in which Session Initiation Protocol (SIP) is used as signalling mechanism (Kurt et al [21]). One of the well-known change detection techniques is post classification with multi temporal remote sensing images.…”

Section: Introductionmentioning

confidence: 99%

Change Point Detection for Airborne Particulate Matter (PM2.5, PM10) by Using the Bayesian Approach

Khan

Sarkar

2019

Mathematics

View full text Add to dashboard Cite

Airborne particulate matter (PM) is a key air pollutant that affects human health adversely. Exposure to high concentrations of such particles may cause premature death, heart disease, respiratory problems, or reduced lung function. Previous work on particulate matter ( P M 2.5 and P M 10 ) was limited to specific areas. Therefore, more studies are required to investigate airborne particulate matter patterns due to their complex and varying properties, and their associated ( P M 10 and P M 2.5 ) concentrations and compositions to assess the numerical productivity of pollution control programs for air quality. Consequently, to control particulate matter pollution and to make effective plans for counter measurement, it is important to measure the efficiency and efficacy of policies applied by the Ministry of Environment. The primary purpose of this research is to construct a simulation model for the identification of a change point in particulate matter ( P M 2.5 and P M 10 ) concentration, and if it occurs in different areas of the world. The methodology is based on the Bayesian approach for the analysis of different data structures and a likelihood ratio test is used to a detect change point at unknown time (k). Real time data of particulate matter concentrations at different locations has been used for numerical verification. The model parameters before change point ( θ ) and parameters after change point ( λ ) have been critically analyzed so that the proficiency and success of environmental policies for particulate matter ( P M 2.5 and P M 10 ) concentrations can be evaluated. The main reason for using different areas is their considerably different features, i.e., environment, population densities, and transportation vehicle densities. Consequently, this study also provides insights about how well this suggested model could perform in different areas.

show abstract

A Bayesian change point model for detecting SIP-based DDoS attacks

Cited by 31 publications

References 18 publications

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Countering DDoS Attacks in SIP Based VoIP Networks Using Recurrent Neural Networks

Change Point Detection for Diversely Distributed Stochastic Processes Using a Probabilistic Method

Change Point Detection for Airborne Particulate Matter (PM2.5, PM10) by Using the Bayesian Approach

Contact Info

Product

Resources

About