Future Internet 2010, 2(4), 662-669; doi:10.3390/fi2040662
Article

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

1email, 1,* email, 2email, 1email and 1email
Received: 23 October 2010; in revised form: 16 December 2010 / Accepted: 17 December 2010 / Published: 21 December 2010
(This article belongs to the Special Issue Semantics in the Future Internet)
This is an open access article distributed under the Creative Commons Attribution License which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
Abstract: Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
Keywords: anomaly detection; classification; text-based protocols; SIP; SVM
PDF Full-text Download PDF Full-Text [297 KB, uploaded 21 December 2010 12:34 CET]

Export to BibTeX |
EndNote


MDPI and ACS Style

Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Mueller, C.M. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet 2010, 2, 662-669.

AMA Style

Güthle M, Kögel J, Wahl S, Kaschub M, Mueller CM. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet. 2010; 2(4):662-669.

Chicago/Turabian Style

Güthle, Martin; Kögel, Jochen; Wahl, Stefan; Kaschub, Matthias; Mueller, Christian M. 2010. "Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures." Future Internet 2, no. 4: 662-669.

Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert