Social Behavior Analysis of VoIP Users and its application to Malicious Users Detection (Extended Version { V1.0)

Ferdous, Raihana and Lo Cigno, Renato and Zorat, Alessandro (2014) Social Behavior Analysis of VoIP Users and its application to Malicious Users Detection (Extended Version { V1.0). Trento, Italy : University of Trento. (Unpublished)

[img]
Preview
PDF - Full Text
Download (1675Kb) | Preview

    Abstract

    IP Telephony has become very popular and Session Initiation Protocol (SIP)-based telephony systems are almost substituting the traditional PSTN systems. Being so widespread and ubiquitous, the protocol’s resilience and security in presence of incorrect, malformed or malicious messages is fundamental for the correct management of a network. This is of particular importance for the session-based applications since they appear to be much more sensitive very sensitive not only to malicious attacks, but also to errors, and even incorrect interpretation of the standard. To have an in-depth knowledge about the net-work behavior is primary requirement to design and tune any attack or anomaly detection system. In the context of VoIP, traffic analysis plays a very significant role due to the fact that SIP based VoIP traffic does not follow any generic model to describe its characteristics like traditional telephony. To this end, we have performed a thorough analysis on SIP traces captured from the VoIP network of our institution. Here, we use social network analysis techniques to capture the relationship behavior of users and to explore distinct behavioral patterns of users inside the VoIP network. Knowledge about the normal behavior of the system and users gained from the traffic analysis is helpful in detecting intrusion and anomalies. In this paper, we also present an anomaly detection architecture where we train an automated machine with the normal behavioral pattern of the users. The machine, thus trained, is capable of identifying malicious users.

    Item Type: Departmental Technical Report
    Department or Research center: Information Engineering and Computer Science
    Subjects: Q Science > QA Mathematics > QA075 Electronic computers. Computer science
    Uncontrolled Keywords: SIP, VoIP, Social Network Analysis, Clustering, SVN
    Report Number: DISI-14-001
    Repository staff approval on: 27 Mar 2014 09:15

    Actions (login required)

    View Item