Next Article in Journal / Special Issue
On Using TPM for Secure Identities in Future Home Networks
Previous Article in Journal
Simplifying the Scientific Writing and Review Process with SciFlow
Future Internet 2010, 2(4), 662-669; doi:10.3390/fi2040662

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

1,* , 2
1 Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany 2 Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany
* Author to whom correspondence should be addressed.
Received: 23 October 2010 / Revised: 16 December 2010 / Accepted: 17 December 2010 / Published: 21 December 2010
(This article belongs to the Special Issue Semantics in the Future Internet)
View Full-Text   |   Download PDF [297 KB, uploaded 21 December 2010]   |   Browse Figures


Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.
Keywords: anomaly detection; classification; text-based protocols; SIP; SVM anomaly detection; classification; text-based protocols; SIP; SVM
This is an open access article distributed under the Creative Commons Attribution License (CC BY) which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

Share & Cite This Article

Further Mendeley | CiteULike
Export to BibTeX |
EndNote |
MDPI and ACS Style

Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Mueller, C.M. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet 2010, 2, 662-669.

View more citation formats

Article Metrics

For more information on the journal, click here


[Return to top]
Future Internet EISSN 1999-5903 Published by MDPI AG, Basel, Switzerland RSS E-Mail Table of Contents Alert