Next week I will present some of our research on learning-based security systems on the IPTCOMM 2008 conference. The resulting paper is available at the following link:
A Self-Learning System for Detection of Anomalous SIP Messages. To appear in Proceedings of Principles, Systems and Applications of IP Telecommunications (IPTCOMM), 2008.
In this joint work with Bell Labs Germany, we propose a system for automatic detection of unknown attacks in SIP. The system
identifies anomalous content by cleverly mapping SIP messages to a vector space, in which deviation from normality can be expressed geometrically. We present some nice experiments demonstrating the high accuracy of the proposed system (no false-positives on a data set of real SIP traffic) and, also, its moderate througput rate (about ~70 mbit/s).
Subscribe to:
Posts (Atom)
Posts
