Abstract
VoIP has become a major application of multimedia communications over IP. Many initiatives around the world focus on the detection of attacks against VoIP services and infrastructures. Because of the lack of a common labeled data-set similarly to what is available in TCP/IP network-based intrusion detection, their results can not be compared. VoIP providers are not able to contribute their data because of user privacy agreements. In this paper, we propose a framework for customizing and generating VoIP traffic within controlled environments. We provide a labeled data-set generated in two types of SIP networks. Our data-set is composed of signaling and other protocol traces, call detail records and server logs. By this contribution we aim to enable the works on VoIP anomaly and intrusion detection to become comparable through its application to common datasets.
Keywords
- Intrusion Detection
- Session Initiation Protocol
- Intrusion Detection System
- Attack Scenario
- Internet Relay Chat
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
Download conference paper PDF
References
VoIPSA: VoIP security and privacy threat taxonomy. Public Release 1.0 (2005), http://www.voipsa.org/Activities/VOIPSA_Threat_Taxonomy_0.1.pdf
Reynolds, B., Ghosal, D.: Secure IP telephony using multi-layered protection. In: Proceedings of The 10th Annual Network and Distributed System Security Symposium, San Diego, CA, USA (2003)
Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: RFC3261: SIP: Session initiation protocol (2002)
Niccolini, S., Garroppo, R., Giordano, S., Risi, G., Ventura, S.: SIP intrusion detection and prevention: recommendations and prototype implementation. In: 1st IEEE Workshop on VoIP Management and Security, pp. 47–52 (2006)
Wu, Y., Bagchi, S., Garg, S., Singh, N., Tsai, T.K.: SCIDIVE: A stateful and cross protocol intrusion detection architecture for Voice-over-IP environments. In: International Conference on Dependable Systems and Networks (DSN 2004), pp. 433–442. IEEE Computer Society, Los Alamitos (2004)
Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP intrusion detection through interacting protocol state machines. In: Proceedings of the 38th IEEE International Conference on Dependable Systems and Networks (DSN 2006). IEEE Computer Society, Los Alamitos (2006)
Fiedler, J., Kupka, T., Ehlert, S., Magedanz, T., Sisalem, D.: VoIP defender: Highly scalable SIP-based security architecture. In: Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications (IPTComm 2007). ACM, New York (2007)
Chen, E.Y.: Detecting DoS attacks on SIP systems. In: Proceedings of 1st IEEE Workshop on VoIP Management and Security, San Diego, CA, USA, pp. 53–58 (2006)
Ehlert, S., Wang, C., Magedanz, T., Sisalem, D.: Specification-based denial-of-service detection for SIP Voice-over-IP networks. In: The Third International Conference on Internet Monitoring and Protection (ICIMP), pp. 59–66. IEEE Computer Society, Los Alamitos (2008)
Zhang, G., Ehlert, S., Magedanz, T., Sisalem, D.: Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding. In: Proceedings of the 1st international conference on Principles, systems and applications of IP telecommunications (IPTComm 2007), pp. 57–66. ACM, New York (2007)
Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Detecting VoIP floods using the Hellinger distance. IEEE Trans. Parallel Distrib. Syst. 19, 794–805 (2008)
Kang, H., Zhang, Z., Ranjan, S., Nucci, A.: SIP-based VoIP traffic behavior profiling and its applications. In: Proceedings of the 3rd annual ACM workshop on Mining network data (MineNet 2007), pp. 39–44. ACM, New York (2007)
Nassar, M., State, R., Festor, O.: Monitoring SIP traffic using support vector machines. In: Lippmann, R., Kirda, E., Trachtenberg, A. (eds.) RAID 2008. LNCS, vol. 5230, pp. 311–330. Springer, Heidelberg (2008)
Nassar, M., State, R., Festor, O.: The VoIP Bot project, http://gforge.inria.fr/projects/voipbot/
Nassar, M., State, R., Festor, O.: VoIP malware: Attack tool & attack scenarios. In: Proceedings of the IEEE International Conference on Communications, Communication and Information Systems Security Symposium (ICC 2009, CISS). IEEE, Los Alamitos (2009)
Dang, T.D., Sonkoly, B., Molnar, S.: Fractal analysis and modeling of VoIP traffic. In: Proceedings of Networks 2004, pp. 217–222 (2004)
Duffy, F., Mercer, R.: A study of network performance and customer behavior during-direct-distance-dialing call attempts in the USA. Bell System Technical Journal 57, 1–33 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nassar, M., State, R., Festor, O. (2010). Labeled VoIP Data-Set for Intrusion Detection Evaluation. In: Aagesen, F.A., Knapskog, S.J. (eds) Networked Services and Applications - Engineering, Control and Management. EUNICE 2010. Lecture Notes in Computer Science, vol 6164. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13971-0_10
Download citation
DOI: https://doi.org/10.1007/978-3-642-13971-0_10
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13970-3
Online ISBN: 978-3-642-13971-0
eBook Packages: Computer ScienceComputer Science (R0)