Next Article in Journal / Special Issue
On Using TPM for Secure Identities in Future Home Networks
Previous Article in Journal
Simplifying the Scientific Writing and Review Process with SciFlow
Open AccessArticle

Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures

1
Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany
2
Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany
*
Author to whom correspondence should be addressed.
Future Internet 2010, 2(4), 662-669; https://doi.org/10.3390/fi2040662
Received: 23 October 2010 / Revised: 16 December 2010 / Accepted: 17 December 2010 / Published: 21 December 2010
(This article belongs to the Special Issue Semantics in the Future Internet)
Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput. View Full-Text
Keywords: anomaly detection; classification; text-based protocols; SIP; SVM anomaly detection; classification; text-based protocols; SIP; SVM
Show Figures

Graphical abstract

MDPI and ACS Style

Güthle, M.; Kögel, J.; Wahl, S.; Kaschub, M.; Mueller, C.M. Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures. Future Internet 2010, 2, 662-669.

Show more citation formats Show less citations formats

Article Access Map by Country/Region

1
Only visits after 24 November 2015 are recorded.
Back to TopTop