论文信息 - VoIP anomaly detection by combining OCSVM and PSO algorithm

VoIP anomaly detection by combining OCSVM and PSO algorithm

Voice over Internet Protocol (VoIP) is an emerging technology caused a revolution in the telecommunication industry. Because of the nature of its protocols (e.g., using text-based messages and transporting over UDP), VoIP is more susceptible to Denial of Service and Social threats than other internet-based services. Hence, the VoIP security has become one of the most important issues of concern and attracted renewed interest in much of the recent researches. In this paper, we use one-class support vector machines (OCSVM) for detecting anomalies in VoIP networks, in which, a few parameters (such as error control parameter and kernel parameter) significantly affect anomaly detection accuracy, and need to be tuned. The proposed method takes the advantages of particle swarm optimization (PSO) algorithm on parameters optimization. To evaluate candidate parameters, we suggest a new fitness function that considers both the overfitting and the underfitting problems. The results of experiments show that after determining the optimal value of parameters, the final decision function will bring in a high detection rate with a lower false positive rate.

Saeed Jalili | S. Jalili | Mahboobeh Shakeri Miandare

[1] Bernhard Schölkopf,et al. Estimating the Support of a High-Dimensional Distribution , 2001, Neural Computation.

[2] Radu State,et al. Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[3] Teuvo Kohonen,et al. The self-organizing map , 1990 .

[4] Paul Geladi,et al. Principal Component Analysis , 1987, Comprehensive Chemometrics.

[5] Dipak Ghosal,et al. Secure IP Telephony using Multi-layered Protection , 2003, NDSS.

[6] James Kennedy,et al. Particle swarm optimization , 2002, Proceedings of ICNN'95 - International Conference on Neural Networks.

[7] Yang Liu,et al. One-Class Support Vector Machine Calibration Using Particle Swarm Optimisation , 2007 .

[8] VARUN CHANDOLA,et al. Anomaly detection: A survey , 2009, CSUR.

[9] Adrian Rishi Madhosingh. The Design of a Differentiated Session Initiation Protocol to Control VoIP Spam , 2006 .

[10] Henning Schulzrinne,et al. RTP: A Transport Protocol for Real-Time Applications , 1996, RFC.

[11] Chih-Jen Lin,et al. LIBSVM: A library for support vector machines , 2011, TIST.

[12] Teuvo Kohonen,et al. Self-Organizing Maps , 2010 .

[13] Sushil Jajodia,et al. Detecting VoIP Floods Using the Hellinger Distance , 2008, IEEE Transactions on Parallel and Distributed Systems.

[14] Richard O. Duda,et al. Pattern classification and scene analysis , 1974, A Wiley-Interscience publication.