Next Article in Journal / Special Issue
On Using TPM for Secure Identities in Future Home Networks
Previous Article in Journal
Simplifying the Scientific Writing and Review Process with SciFlow
Article Menu

Export Article

Open AccessArticle
Future Internet 2010, 2(4), 662-669; doi:10.3390/fi2040662

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany
Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany
Author to whom correspondence should be addressed.
Received: 23 October 2010 / Revised: 16 December 2010 / Accepted: 17 December 2010 / Published: 21 December 2010
(This article belongs to the Special Issue Semantics in the Future Internet)
View Full-Text   |   Download PDF [297 KB, uploaded 21 December 2010]   |  


Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
Keywords: anomaly detection; classification; text-based protocols; SIP; SVM anomaly detection; classification; text-based protocols; SIP; SVM

This is an open access article distributed under the Creative Commons Attribution License (CC BY 3.0).

Scifeed alert for new publications

Never miss any articles matching your research from any publisher
  • Get alerts for new papers matching your research
  • Find out the new papers from selected authors
  • Updated daily for 49'000+ journals and 6000+ publishers
  • Define your Scifeed now

SciFeed Share & Cite This Article

MDPI and ACS Style

Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Mueller, C.M. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet 2010, 2, 662-669.

Show more citation formats Show less citations formats

Article Metrics

Article Access Statistics



[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert
Back to Top