Classification of SIP Attack Variants with a Hybrid Self-enforcing Network

The Self-Enforcing Network (SEN), a self-organized learning neural network, is used to analyze SIP attack traffic to obtain classifications for attack variants that use one of four widely used User Agents. These classifications can be used to categorize SIP messages regardless of User-Agent field. For this, we combined SEN with clustering methods to increase the amount of traffic that can be handled and analyzed; the attack traffic was observed at a honeynet system over a month. The results were multiple categories for each User Agent with a low rate of overlap between the User Agents.

[1]  Thomas Grechenig,et al.  Global VoIP security threats - large scale validation based on independent honeynets , 2015, 2015 IFIP Networking Conference (IFIP Networking).

[2]  Anil K. Jain Data clustering: 50 years beyond K-means , 2010, Pattern Recognit. Lett..

[3]  S. P. Lloyd,et al.  Least squares quantization in PCM , 1982, IEEE Trans. Inf. Theory.

[4]  Adnan Aziz,et al.  Development and Analysis of Generic VoIP Attack Sequences Based on Analysis of Real Attack Traffic , 2013, 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications.

[5]  Adnan Aziz,et al.  A distributed infrastructure to analyse SIP attacks in the Internet , 2014, 2014 IFIP Networking Conference.

[6]  Christina Klüver Steering clustering of medical data in a Self-Enforcing Network (SEN) with a cue validity factor , 2016, 2016 IEEE Symposium Series on Computational Intelligence (SSCI).

[7]  J. Gower,et al.  Minimum Spanning Trees and Single Linkage Cluster Analysis , 1969 .

[8]  Zahir Tari,et al.  A Survey of Clustering Algorithms for Big Data: Taxonomy and Empirical Analysis , 2014, IEEE Transactions on Emerging Topics in Computing.

[9]  Bogdan Warinschi,et al.  Revisiting Difficulty Notions for Client Puzzles and DoS Resilience , 2012, ISC.

[10]  Vennila Ganesan,et al.  Detection and prevention of spam over Internet telephony in Voice over Internet Protocol networks using Markov chain with incremental SVM , 2017, Int. J. Commun. Syst..

[11]  Rui Xu,et al.  Survey of clustering algorithms , 2005, IEEE Transactions on Neural Networks.

[12]  Charu C. Aggarwal,et al.  Data Clustering , 2013 .

[13]  E. Rosch,et al.  Family resemblances: Studies in the internal structure of categories , 1975, Cognitive Psychology.

[14]  Erwin P. Rathgeb,et al.  Analysis of SIP-Based Threats Using a VoIP Honeynet System , 2012, 2012 IEEE 11th International Conference on Trust, Security and Privacy in Computing and Communications.

[15]  Simon Pietro Romano,et al.  Kerberos: A real-time fraud detection system for IMS-enabled VoIP networks , 2017, J. Netw. Comput. Appl..

[16]  Hao Liu,et al.  Clustering by growing incremental self-organizing neural network , 2015, Expert Syst. Appl..

[17]  Christina Klüver A Self-Enforcing Network as a Tool for Clustering and Analyzing Complex Data , 2017, ICCS.

[18]  Lina Zhou,et al.  Phishing environments, techniques, and countermeasures: A survey , 2017, Comput. Secur..

[19]  Ana L. N. Fred,et al.  Data clustering using evidence accumulation , 2002, Object recognition supported by user interaction for service robots.

[20]  Angelos Stavrou,et al.  Practical and Accurate Runtime Application Protection Against DoS Attacks , 2017, RAID.

[21]  Christina Klüver,et al.  A self-enforcing neural network as decision support system for air traffic control based on probabilistic weather forecasts , 2017, 2017 International Joint Conference on Neural Networks (IJCNN).

[22]  Erwin P. Rathgeb,et al.  SIP Trace Recorder: Monitor and analysis tool for threats in SIP-based networks , 2012, 2012 8th International Wireless Communications and Mobile Computing Conference (IWCMC).