Battling Against DDoS in SIP - Is Machine Learning-based Detection an Effective Weapon?

Z. Tsiatsikas; A. Fakis; D. Papamartzivanos; D. Geneiatakis; G. Kambourakis; C. Kolias

doi:10.5220/0005549103010308

Battling Against DDoS in SIP - Is Machine Learning-based Detection an Effective Weapon?

Z. Tsiatsikas, A. Fakis, D. Papamartzivanos, D. Geneiatakis, G. Kambourakis, C. Kolias

2015

Abstract

This paper focuses on network anomaly-detection and especially the effectiveness of Machine Learning (ML) techniques in detecting Denial of Service (DoS) in SIP-based VoIP ecosystems. It is true that until now several works in the literature have been devoted to this topic, but only a small fraction of them have done so in an elaborate way. Even more, none of them takes into account high and low-rate Distributed DoS (DDoS) when assessing the efficacy of such techniques in SIP intrusion detection. To provide a more complete estimation of this potential, we conduct extensive experimentations involving 5 different classifiers and a plethora of realistically simulated attack scenarios representing a variety of (D)DoS incidents. Moreover, for DDoS ones, we compare our results with those produced by two other anomaly-based detection methods, namely Entropy and Hellinger Distance. Our results show that ML-powered detection scores a promising false alarm rate in the general case, and seems to outperform similar methods when it comes to DDoS.

Download

Paper Citation

in Harvard Style

Tsiatsikas Z., Fakis A., Papamartzivanos D., Geneiatakis D., Kambourakis G. and Kolias C. (2015). Battling Against DDoS in SIP - Is Machine Learning-based Detection an Effective Weapon? . In Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015) ISBN 978-989-758-117-5, pages 301-308. DOI: 10.5220/0005549103010308

in Bibtex Style

@conference{secrypt15,
author={Z. Tsiatsikas and A. Fakis and D. Papamartzivanos and D. Geneiatakis and G. Kambourakis and C. Kolias},
title={Battling Against DDoS in SIP - Is Machine Learning-based Detection an Effective Weapon?},
booktitle={Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)},
year={2015},
pages={301-308},
publisher={SciTePress},
organization={INSTICC},
doi={10.5220/0005549103010308},
isbn={978-989-758-117-5},
}

in EndNote Style

TY - CONF
JO - Proceedings of the 12th International Conference on Security and Cryptography - Volume 1: SECRYPT, (ICETE 2015)
TI - Battling Against DDoS in SIP - Is Machine Learning-based Detection an Effective Weapon?
SN - 978-989-758-117-5
AU - Tsiatsikas Z.
AU - Fakis A.
AU - Papamartzivanos D.
AU - Geneiatakis D.
AU - Kambourakis G.
AU - Kolias C.
PY - 2015
SP - 301
EP - 308
DO - 10.5220/0005549103010308