A message level SIP anomaly detection architecture that analyses SIP messages to classify them as “good” or “bad” depending on their structure and content is proposed in [1, 2]. Though these papers contain a detailed discussion on the motivation of the work and development of the architecture, technical details of the system architecture are discussed very briefly. This report fills that gap and contains discussions of several technical aspects, such as, feature selection and dataset preparation, which are fundamental for the efficient and precise classification. It also includes download links of our developed applications and sample data, which are freely available for the community. Moreover, guidelines to configure the application and to perform experiments with the developed applications are included.
Message Level SIP Anomaly Detection: Configuration and Measures Setup
Ferdous, Raihana;Lo Cigno, Renato Antonio;Zorat, Alessandro
2015-01-01
Abstract
A message level SIP anomaly detection architecture that analyses SIP messages to classify them as “good” or “bad” depending on their structure and content is proposed in [1, 2]. Though these papers contain a detailed discussion on the motivation of the work and development of the architecture, technical details of the system architecture are discussed very briefly. This report fills that gap and contains discussions of several technical aspects, such as, feature selection and dataset preparation, which are fundamental for the efficient and precise classification. It also includes download links of our developed applications and sample data, which are freely available for the community. Moreover, guidelines to configure the application and to perform experiments with the developed applications are included.I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione
