Future Internet 2010, 2(4), 662-669; doi:10.3390/fi2040662
Article

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

1 Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany 2 Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany
* Author to whom correspondence should be addressed.
Received: 23 October 2010; in revised form: 16 December 2010 / Accepted: 17 December 2010 / Published: 21 December 2010
(This article belongs to the Special Issue Semantics in the Future Internet)
PDF Full-text Download PDF Full-Text [297 KB, uploaded 21 December 2010 12:34 CET]
Abstract: Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
Keywords: anomaly detection; classification; text-based protocols; SIP; SVM

Article Statistics

Load and display the download statistics.

Citations to this Article

Cite This Article

MDPI and ACS Style

Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Mueller, C.M. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet 2010, 2, 662-669.

AMA Style

Güthle M, Kögel J, Wahl S, Kaschub M, Mueller CM. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet. 2010; 2(4):662-669.

Chicago/Turabian Style

Güthle, Martin; Kögel, Jochen; Wahl, Stefan; Kaschub, Matthias; Mueller, Christian M. 2010. "Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures." Future Internet 2, no. 4: 662-669.

Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert