TY - JOUR
T1 - A Machine Learning Approach for Prediction of Signaling SIP Dialogs
AU - Pereira, Diogo
AU - Oliveira, Rodolfo
AU - Kim, Hyong S.
N1 - info:eu-repo/grantAgreement/FCT/9471 - RIDTI/151901/PT#
POCI-01-0145-FEDER-030433
LISBOA-01-0145-FEDER-0307095
UIDB/EEA/50008/2020
PY - 2021
Y1 - 2021
N2 - In this paper, we propose a machine learning methodology for prediction of signaling sessions established with the Session Initiation Protocol (SIP). Given the increasing importance of predicting and detecting abnormal sequences of SIP messages to avoid SIP signaling-based attacks, we first propose a Bayesian inference method capable of representing the statistical relation between a SIP message, observed by a SIP user agent or a SIP server, and prior trustworthy SIP dialogs. The Bayesian inference method, a Hidden Markov Model (HMM) enriched with $n-$ gram Markov observations, is updated over time, so the inference can be used in real-time. The HMM is then used for predicting and detecting SIP dialogs through a lightweight implementation of Viterbi algorithm for sparse state spaces. Experimental results are also reported, where a SIP dataset representing prior information collected by a SIP user agent and/or a SIP server is used to predict or detect if a received sequence of SIP messages is legitimate according to similar SIP dialogs already observed. Finally, we discuss the results obtained for a dataset of abnormal SIP sequences, not observed during the inference stage, showing the effective utility of the proposed methodology to detect abnormal SIP sequences in a short period of time.
AB - In this paper, we propose a machine learning methodology for prediction of signaling sessions established with the Session Initiation Protocol (SIP). Given the increasing importance of predicting and detecting abnormal sequences of SIP messages to avoid SIP signaling-based attacks, we first propose a Bayesian inference method capable of representing the statistical relation between a SIP message, observed by a SIP user agent or a SIP server, and prior trustworthy SIP dialogs. The Bayesian inference method, a Hidden Markov Model (HMM) enriched with $n-$ gram Markov observations, is updated over time, so the inference can be used in real-time. The HMM is then used for predicting and detecting SIP dialogs through a lightweight implementation of Viterbi algorithm for sparse state spaces. Experimental results are also reported, where a SIP dataset representing prior information collected by a SIP user agent and/or a SIP server is used to predict or detect if a received sequence of SIP messages is legitimate according to similar SIP dialogs already observed. Finally, we discuss the results obtained for a dataset of abnormal SIP sequences, not observed during the inference stage, showing the effective utility of the proposed methodology to detect abnormal SIP sequences in a short period of time.
KW - Bayesian networks
KW - hidden Markov chains
KW - machine learning
KW - Session initiation protocol
UR - http://www.scopus.com/inward/record.url?scp=85102686313&partnerID=8YFLogxK
U2 - 10.1109/ACCESS.2021.3065660
DO - 10.1109/ACCESS.2021.3065660
M3 - Article
AN - SCOPUS:85102686313
VL - 9
SP - 44094
EP - 44106
JO - IEEE Access
JF - IEEE Access
M1 - 9376867
ER -