Abstract
The Self-Enforcing Network (SEN), a self-organized learning neural network, is used to analyze SIP attack traffic to obtain classifications for attack variants that use one of four widely used User Agents. These classifications can be used to categorize SIP messages regardless of User-Agent field. For this, we combined SEN with clustering methods to increase the amount of traffic that can be handled and analyzed; the attack traffic was observed at a honeynet system over a month. The results were multiple categories for each User Agent with a low rate of overlap between the User Agents.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Rosenberg, J., et al.: SIP – Session Initiation Protocol. No. RFC 3261 (2002)
Jacobson, V., Frederick, R., Casner, S., Schulzrinne, H.: RTP – A transport protocol for real-time applications. No. RFC 3550 (2003)
Franks, J., Hallam-Baker, P., Hostetler, J., Lawrence, S., Leach, P., Luotonen, A., Stewart, L.: HTTP authentication – Basic and Digest Access Authentication. No. RFC 2617 (1999)
Aleroud, A., Zhou, L.: L.: Phishing environments, techniques, and countermeasures: a survey. Comput. Secur. 68, 160–196 (2017)
Elsabagh, M., Fleck, D., Stavrou, A., Kaplan, M., Bowen, T.: Revisiting difficulty notions for client puzzles and DoS resilience. In: Dacier, M., Bailey, M., Polychronakis, M., Antonakakis, M. (eds.) ISC 2012. LNCS, vol. 10453, pp. 39–54. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-319-66332-6_20
Manunza, L., Marseglia, S., Romano, S.P.: Kerberos: a real-time fraud detection system for IMS-enabled VoIP networks. J. Netw. Comput. Appl. 80, 22–34 (2017)
Vennila, G., Manikandan, M.S.K., Suresh, M.N.: Detection and prevention of spam over Internet telephony in Voice over Internet Protocol networks using Markov chain with incremental SVM. Int. J. Commun. Syst. 30(11), e3255 (2017)
Aziz, A., Hoffstadt, D., Ganz, S., Rathgeb, E.: Development and analysis of generic VoIP attack sequences based on analysis of real attack traffic. In: 2013 12th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom 2013), pp. 675–682. IEEE, Melbourne (2013)
Aziz, A., Hoffstadt, D., Rathgeb, E., Dreibholz, T.: A distributed infrastructure to analyse SIP attacks in the internet. In: IFIP Networking Conference 2014 (IFIP Networking), pp. 1–9 (2014)
Gruber, M., Hoffstadt, D., Aziz, A., Fankhauser, F., Schanes, C., Rathgeb, E., Grechenig, T.: Global VoIP security threats – large scale validation based on independent honeynets. In: IFIP Networking Conference (IFIP Networking) 2015, pp. 1–9 (2015)
Hoffstadt, D., Marold, A., Rathgeb, E.P.: Analysis of SIP-based threats using a VoIP honeynet system. In: Conference proceedings of the 11th IEEE International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom). Liverpool, UK (2012)
Hoffstadt, D., Monhof, S., Rathgeb, E.: SIP trace recorder: monitor and analysis tool for threats in SIP-based networks. In: 2012 8th International on Wireless Communications and Mobile Computing Conference (IWCMC), August 2012
Klüver, C.: Steering clustering of medical data in a self-enforcing network (SEN) with a cue validity factor. In: 2016 IEEE Symposium Series on Computational Intelligence (SSCI), pp. 1–8 (2016)
Klüver, C.: A self-enforcing network as a tool for clustering and analyzing complex data. Procedia Comput. Sci. 108, 2496–2500 (2017)
Klüver, C., Klüver, J., Zinkhan, D.: A self-enforcing neural network as decision support system for air traffic control based on probabilistic weather forecasts. In: Proceedings of the IEEE International Joint Conference on Neural Networks (IJCNN), Anchorage, Alaska, USA, pp. 729–736 (2017)
Rosch, E., Mervis, C.B.: Family resemblances: studies in the internal structure of categories. Cognit. Psychol. 7(4), 573–605 (1975)
Liu, H., Ban, X.J.: Clustering by growing incremental self-organizing neural network. Expert Syst. Appl. 42(11), 4965–4981 (2015)
Xu, R., Wunsch, D.: Survey of clustering algorithms. IEEE Trans. Neural Netw. 16(3), 645–678 (2005)
Fahad, A., et al.: A survey of clustering algorithms for big data: taxonomy and empirical analysis. IEEE Trans. Emerg. Top. Comput. 2(3), 267–279 (2014)
Aggarwal, C.C., Reddy, C.K. (eds.): Data clustering: algorithms and applications. CRC Press, Boca Raton (2013)
Gower, J.C., Ross, G.J.: Minimum spanning tree and single linkage cluster analysis. Appl. Stat. 18, 54–64 (1969)
Lloyd, S.: Least squares quantization in PCM. IEEE Trans. Inf. Theory 28(2), 129–137 (1982)
Jain, A.K.: Data clustering: 50 years beyond K-means. Pattern Recognit. Lett. 31(8), 651–666 (2010)
Fred, A.L., Jain, A.K.: Data clustering using evidence accumulation. In: 16th International Conference on Pattern Recognition Proceedings, vol. 4, pp. 276–280. IEEE (2002)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2018 Springer Nature Switzerland AG
About this paper
Cite this paper
Hartwig, W., Klüver, C., Aziz, A., Hoffstadt, D. (2018). Classification of SIP Attack Variants with a Hybrid Self-enforcing Network. In: Kůrková, V., Manolopoulos, Y., Hammer, B., Iliadis, L., Maglogiannis, I. (eds) Artificial Neural Networks and Machine Learning – ICANN 2018. ICANN 2018. Lecture Notes in Computer Science(), vol 11140. Springer, Cham. https://doi.org/10.1007/978-3-030-01421-6_44
Download citation
DOI: https://doi.org/10.1007/978-3-030-01421-6_44
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-01420-9
Online ISBN: 978-3-030-01421-6
eBook Packages: Computer ScienceComputer Science (R0)