Detection of Signaling Vulnerabilities in Session Initiation Protocol

Diogo Pereira; Rodolfo Oliveira

doi:10.1007/978-3-030-78288-7_20

Detection of Signaling Vulnerabilities in Session Initiation Protocol

Diogo Pereira, Rodolfo Oliveira

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

2 Citations (Scopus)

Abstract

This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. The paper starts to briefly characterize the adopted dataset and introduces a few definitions to propose a deep learning-based approach to detect possible attacks. The solution is based on the definition of an orthogonal space capable of representing the sampling space for each time step, which is then used to train a recurrent neural network to classify the type of SIP dialog for the sequence of packets observed so far. When a sequence of observed SIP messages is unknown, this represents possible exploitation of a vulnerability and in that case, it should be classified accordingly. The proposed classifier is based on supervised learning of two different sets of anomalous and non-anomalous sequences, which is then tested to identify the detection performance of unknown SIP sequences. Experimental results are presented to assess the proposed solution, which validates the proposed approach to rapidly detect signaling-based attacks.

Original language	English
Title of host publication	Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings
Editors	Luis M. Camarinha-Matos, Pedro Ferreira, Guilherme Brito
Place of Publication	Cham
Publisher	Springer
Pages	209-217
Number of pages	9
ISBN (Electronic)	978-3-030-78288-7
ISBN (Print)	978-3-030-78287-0
DOIs	https://doi.org/10.1007/978-3-030-78288-7_20
Publication status	Published - 2021
Event	12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021 - Costa de Caparica and Online, Portugal Duration: 7 Jul 2021 → 9 Jul 2021

Publication series

Name	IFIP Advances in Information and Communication Technology
Publisher	Springer
Volume	626
ISSN (Print)	1868-4238
ISSN (Electronic)	1868-422X

Conference

Conference	12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021
Country/Territory	Portugal
City	Costa de Caparica and Online
Period	7/07/21 → 9/07/21

Keywords

Deep learning
Multimedia networks
SIP protocol

Access to Document

10.1007/978-3-030-78288-7_20

Cite this

Pereira, D., & Oliveira, R. (2021). Detection of Signaling Vulnerabilities in Session Initiation Protocol. In L. M. Camarinha-Matos, P. Ferreira, & G. Brito (Eds.), Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings (pp. 209-217). (IFIP Advances in Information and Communication Technology; Vol. 626). Springer. https://doi.org/10.1007/978-3-030-78288-7_20

Pereira, Diogo ; Oliveira, Rodolfo. / Detection of Signaling Vulnerabilities in Session Initiation Protocol. Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings. editor / Luis M. Camarinha-Matos ; Pedro Ferreira ; Guilherme Brito. Cham : Springer, 2021. pp. 209-217 (IFIP Advances in Information and Communication Technology).

@inproceedings{9b04c19704324fb2a07d9acc4bc555b1,

title = "Detection of Signaling Vulnerabilities in Session Initiation Protocol",

abstract = "This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. The paper starts to briefly characterize the adopted dataset and introduces a few definitions to propose a deep learning-based approach to detect possible attacks. The solution is based on the definition of an orthogonal space capable of representing the sampling space for each time step, which is then used to train a recurrent neural network to classify the type of SIP dialog for the sequence of packets observed so far. When a sequence of observed SIP messages is unknown, this represents possible exploitation of a vulnerability and in that case, it should be classified accordingly. The proposed classifier is based on supervised learning of two different sets of anomalous and non-anomalous sequences, which is then tested to identify the detection performance of unknown SIP sequences. Experimental results are presented to assess the proposed solution, which validates the proposed approach to rapidly detect signaling-based attacks.",

keywords = "Deep learning, Multimedia networks, SIP protocol",

author = "Diogo Pereira and Rodolfo Oliveira",

year = "2021",

doi = "10.1007/978-3-030-78288-7_20",

language = "English",

isbn = "978-3-030-78287-0",

series = "IFIP Advances in Information and Communication Technology",

publisher = "Springer",

pages = "209--217",

editor = "Camarinha-Matos, {Luis M.} and Pedro Ferreira and Guilherme Brito",

booktitle = "Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings",

address = "Netherlands",

note = "12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021 ; Conference date: 07-07-2021 Through 09-07-2021",

}

Pereira, D & Oliveira, R 2021, Detection of Signaling Vulnerabilities in Session Initiation Protocol. in LM Camarinha-Matos, P Ferreira & G Brito (eds), Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings. IFIP Advances in Information and Communication Technology, vol. 626, Springer, Cham, pp. 209-217, 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Costa de Caparica and Online, Portugal, 7/07/21. https://doi.org/10.1007/978-3-030-78288-7_20

Detection of Signaling Vulnerabilities in Session Initiation Protocol. / Pereira, Diogo ; Oliveira, Rodolfo.
Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings. ed. / Luis M. Camarinha-Matos; Pedro Ferreira; Guilherme Brito. Cham: Springer, 2021. p. 209-217 (IFIP Advances in Information and Communication Technology; Vol. 626).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Detection of Signaling Vulnerabilities in Session Initiation Protocol

AU - Pereira, Diogo

AU - Oliveira, Rodolfo

PY - 2021

Y1 - 2021

N2 - This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. The paper starts to briefly characterize the adopted dataset and introduces a few definitions to propose a deep learning-based approach to detect possible attacks. The solution is based on the definition of an orthogonal space capable of representing the sampling space for each time step, which is then used to train a recurrent neural network to classify the type of SIP dialog for the sequence of packets observed so far. When a sequence of observed SIP messages is unknown, this represents possible exploitation of a vulnerability and in that case, it should be classified accordingly. The proposed classifier is based on supervised learning of two different sets of anomalous and non-anomalous sequences, which is then tested to identify the detection performance of unknown SIP sequences. Experimental results are presented to assess the proposed solution, which validates the proposed approach to rapidly detect signaling-based attacks.

AB - This paper investigates the detection of abnormal sequences of signaling packets purposely generated to perpetuate signaling-based attacks in computer networks. The problem is studied for the Session Initiation Protocol (SIP) using a dataset of signaling packets exchanged by multiple end-users. The paper starts to briefly characterize the adopted dataset and introduces a few definitions to propose a deep learning-based approach to detect possible attacks. The solution is based on the definition of an orthogonal space capable of representing the sampling space for each time step, which is then used to train a recurrent neural network to classify the type of SIP dialog for the sequence of packets observed so far. When a sequence of observed SIP messages is unknown, this represents possible exploitation of a vulnerability and in that case, it should be classified accordingly. The proposed classifier is based on supervised learning of two different sets of anomalous and non-anomalous sequences, which is then tested to identify the detection performance of unknown SIP sequences. Experimental results are presented to assess the proposed solution, which validates the proposed approach to rapidly detect signaling-based attacks.

KW - Deep learning

KW - Multimedia networks

KW - SIP protocol

UR - http://www.scopus.com/inward/record.url?scp=85112021576&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-78288-7_20

DO - 10.1007/978-3-030-78288-7_20

M3 - Conference contribution

AN - SCOPUS:85112021576

SN - 978-3-030-78287-0

T3 - IFIP Advances in Information and Communication Technology

SP - 209

EP - 217

BT - Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings

A2 - Camarinha-Matos, Luis M.

A2 - Ferreira, Pedro

A2 - Brito, Guilherme

PB - Springer

CY - Cham

T2 - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021

Y2 - 7 July 2021 through 9 July 2021

ER -

Pereira D , Oliveira R. Detection of Signaling Vulnerabilities in Session Initiation Protocol. In Camarinha-Matos LM, Ferreira P, Brito G, editors, Technological Innovation for Applied AI Systems - 12th IFIP WG 5.5/SOCOLNET Advanced Doctoral Conference on Computing, Electrical and Industrial Systems, DoCEIS 2021, Proceedings. Cham: Springer. 2021. p. 209-217. (IFIP Advances in Information and Communication Technology). doi: 10.1007/978-3-030-78288-7_20

Detection of Signaling Vulnerabilities in Session Initiation Protocol

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this