Detection of Signaling Vulnerabilities in Session Initiation Protocol
2021
This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. The paper starts to briefly characterize the adopted dataset and introduces a few definitions to propose a deep learning-based approach to detect possible attacks. The solution is based on the definition of an orthogonal space capable of representing the sampling space for each time step, which is then used to train a recurrent neural network to classify the type of SIP dialog for the sequence of packets observed so far. When a sequence of observed SIP messages is unknown, this represents possible exploitation of a vulnerability and in that case, it should be classified accordingly. The proposed classifier is based on supervised learning of two different sets of anomalous and non-anomalous sequences, which is then tested to identify the detection performance of unknown SIP sequences. Experimental results are presented to assess the proposed solution, which validates the proposed approach to rapidly detect signaling-based attacks.
Keywords:
- Correction
- Source
- Cite
- Save
- Machine Reading By IdeaReader
12
References
0
Citations
NaN
KQI