Detecting Anomalous Behavior in VoIP Systems: A Discrete Event System Modeling

Golait, Diksha; Hubballi, Neminath

doi:10.1109/tifs.2016.2632071

Cited by 25 publications

(18 citation statements)

References 29 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, the SIP component will be put out of service for legitimate users. This attack has multiple forms such as INVITE flooding, shown in Figure 4, REGISTER flooding, BYE flooding, and multi-attribute flooding [19].…”

Section: Flooding Attacksmentioning

confidence: 99%

“…Then, if incoming SIP messages have significant deviation-usually by exceeding some threshold(s)-from normal behavior, an attack alarm is raised. Because these approaches are sometimes based on the differences in occurrence counts of different events, it may fail to detect certain attacks or produce false alarms [19]. These can automatically detect unknown attacks in the meantime.…”

Section: Statistically Based Approachesmentioning

confidence: 99%

“…Golait et al [19] proposed a discrete event system and a new state transition machine for SIP. They modeled different SIP dialogues and transactions and described them using a probabilistic state transition machine.…”

Section: Statistically Based Approachesmentioning

confidence: 99%

See 2 more Smart Citations

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

et al. 2020

View full text Add to dashboard Cite

Voice over IP (VoIP) services hold promise because of their offered features and low cost. Most VoIP networks depend on the Session Initiation Protocol (SIP) to handle signaling functions. The SIP is a text-based protocol that is vulnerable to many attacks. Denial of Service (DoS) and distributed denial of service (DDoS) attacks are the most harmful types of attacks, because they drain VoIP resources and render SIP service unavailable to legitimate users. In this paper, we present recently introduced approaches to detect DoS and DDoS attacks, and classify them based on various factors. We then analyze these approaches according to various characteristics; furthermore, we investigate the main strengths and weaknesses of these approaches. Finally, we provide some remarks for enhancing the surveyed approaches and highlight directions for future research to build effective detection solutions.

show abstract

Section: Flooding Attacksmentioning

confidence: 99%

Section: Statistically Based Approachesmentioning

confidence: 99%

See 1 more Smart Citation

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

et al. 2020

View full text Add to dashboard Cite

show abstract

“…On the other hand, smart devices (i.e., sensors, controllers) and wireless networks make the data collection and distribution to computers easier, thus promoting extensive researches on data-based anomaly detection algorithms. Based on the type of data, anomaly detection algorithms can deal with time-series data [ 9 , 10 , 11 ], discrete data [ 12 , 13 , 14 , 15 ], or mixed types of data [ 16 ].…”

Section: Introductionmentioning

confidence: 99%

Anomaly Detection in Discrete Manufacturing Systems by Pattern Relation Table Approaches

Sun

Zhen

2020

Sensors

View full text Add to dashboard Cite

Anomaly detection for discrete manufacturing systems is important in intelligent manufacturing. In this paper, we address the problem of anomaly detection for the discrete manufacturing systems with complicated processes, including parallel processes, loop processes, and/or parallel with nested loop sub-processes. Such systems can generate a series of discrete event data during normal operations. Existing methods that deal with the discrete sequence data may not be efficient for the discrete manufacturing systems or methods that are dealing with manufacturing systems only focus on some specific systems. In this paper, we take the middle way and seek to propose an efficient algorithm by applying only the system structure information. Motivated by the system structure information that the loop processes may result in repeated events, we propose two algorithms—centralized pattern relation table algorithm and parallel pattern relation table algorithm—to build one or multiple relation tables between loop pattern elements and individual events. The effectiveness of the proposed algorithms is tested by two artificial data sets that are generated by Timed Petri Nets. The experimental results show that the proposed algorithms can achieve higher AUC and F1-score, even with smaller sized data set compared to the other algorithms and that the parallel algorithm achieves the highest performance with the smallest data set.

show abstract

“…**There are other known threat vectors to VoIP systems like flooding and coordinated attacks, billing attacks, user enumeration, spoofing and man‐in‐the‐middle attacks …”

mentioning

confidence: 99%

SpamDetector: Detecting spam callers in Voice over Internet Protocol with graph anomalies

Swarnkar

Hubballi

2018

Security and Privacy

Self Cite

View full text Add to dashboard Cite

SPam over Internet Telephony is a major issue in Voice over Internet Protocol (VoIP) systems where a large number of automated unsolicited calls are made to users of VoIP. The economy of communication that VoIP brings is a lucrative proposition to spammers. In this paper, we describe a method to detect spammers in VoIP by identifying anomalies in the CallGraph. This directed, weighted graph is generated using call data records of users where a set of differentiating call parameters are used to derive weights on the edges. We identify anomalies in the graph by considering the local neighborhood of a node under consideration and assign a label based on how similar the node is in comparison to its neighbors. The similarity between a node and its neighbor is measured through a parameter known as SpamOutlierFactor. We experiment with a large simulated user base and show that the proposed method can detect spam callers.

show abstract

Detecting Anomalous Behavior in VoIP Systems: A Discrete Event System Modeling

Cited by 25 publications

References 29 publications

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Survey of Countering DoS/DDoS Attacks on SIP Based VoIP Networks

Anomaly Detection in Discrete Manufacturing Systems by Pattern Relation Table Approaches

SpamDetector: Detecting spam callers in Voice over Internet Protocol with graph anomalies

Contact Info

Product

Resources

About