TY - GEN
T1 - Abnormal Signaling SIP Dialogs Detection based on Deep Learning
AU - Pereira, Diogo
AU - Oliveira, Rodolfo
AU - Kim, Hyong S.
N1 - Funding Information:
V. CONCLUSIONS This work proposed four classification models based on LSTM RNNs to classify SIP dialogs. The detection probability was evaluated based on experimental data. To detect abnormal SIP dialogs, we have adopted classification features computed from the output of the LSTM RNN model and two different classification schemes were proposed. A semi-supervised scheme is shown to reach higher performance, achieving a detection probability of 99.45%, thus confirming the effective utility of the proposed methodology to detect abnormal SIP sequences in a short period of time.
ACKNOWLEDGEMENTS This work was funded by Fundac¸ão para a Ciência e Tecnologia, under the projects InfoCent-IoT (PTDC/EEI-TEL/30433/2017), CoSHARE (PTDC/EEI-TEL/30709/2017), and RFSense (UIDB/50008/2020).
PY - 2021/4
Y1 - 2021/4
N2 - The detection of abnormal sequences of SIP messages in real-time is crucial to avoid SIP signaling-based attacks. In this paper, we propose a deep learning approach to detect signaling patterns of multimedia sessions established with the Session Initiation Protocol (SIP). The approach is based on a recurrent neural network (RNN). We study the performance of different Long Short-term Memory (LSTM) RNN architectures, which are trained using a SIP signaling dataset of trustworthy SIP dialogs captured by a SIP server. The trained RNNs are then used to detect the SIP dialogs in real-time. After characterizing the dataset adopted for the training, validation, and testing, we present the experimental results obtained for the different RNN architectures, showing that the classification probability of trustworthy SIP dialogs exceeds 93% in the test stage. Finally, we present two methodologies to detect abnormal SIP dialogs, i.e., not contained in the trustworthy training dataset. After a detailed analysis of the skewness and kurtosis computed with the numerical RNN outputs, we show that they can be used as classification features. The first method is based on a K-means unsupervised classifier, while the second one is based on a semi-supervised threshold-based classifier. Experimental results show that the threshold-based classifier achieves 99.45% of detection probability, showing the effective utility of the proposed methodology to detect abnormal SIP sequences in a short period of time.
AB - The detection of abnormal sequences of SIP messages in real-time is crucial to avoid SIP signaling-based attacks. In this paper, we propose a deep learning approach to detect signaling patterns of multimedia sessions established with the Session Initiation Protocol (SIP). The approach is based on a recurrent neural network (RNN). We study the performance of different Long Short-term Memory (LSTM) RNN architectures, which are trained using a SIP signaling dataset of trustworthy SIP dialogs captured by a SIP server. The trained RNNs are then used to detect the SIP dialogs in real-time. After characterizing the dataset adopted for the training, validation, and testing, we present the experimental results obtained for the different RNN architectures, showing that the classification probability of trustworthy SIP dialogs exceeds 93% in the test stage. Finally, we present two methodologies to detect abnormal SIP dialogs, i.e., not contained in the trustworthy training dataset. After a detailed analysis of the skewness and kurtosis computed with the numerical RNN outputs, we show that they can be used as classification features. The first method is based on a K-means unsupervised classifier, while the second one is based on a semi-supervised threshold-based classifier. Experimental results show that the threshold-based classifier achieves 99.45% of detection probability, showing the effective utility of the proposed methodology to detect abnormal SIP sequences in a short period of time.
KW - Deep Learning
KW - Recurrent Neural Networks
KW - Session Initiation Protocol
UR - http://www.scopus.com/inward/record.url?scp=85112416004&partnerID=8YFLogxK
U2 - 10.1109/VTC2021-Spring51267.2021.9448664
DO - 10.1109/VTC2021-Spring51267.2021.9448664
M3 - Conference contribution
AN - SCOPUS:85112416004
T3 - IEEE Vehicular Technology Conference
BT - 2021 IEEE 93rd Vehicular Technology Conference, VTC 2021-Spring - Proceedings
PB - Institute of Electrical and Electronics Engineers (IEEE)
T2 - 93rd IEEE Vehicular Technology Conference, VTC 2021-Spring
Y2 - 25 April 2021 through 28 April 2021
ER -