Comparison of artificial intelligence classifiers for SIP attack data

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F16%3A10130740" target="_blank" >RIV/63839172:_____/16:10130740 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1117/12.2225292" target="_blank" >http://dx.doi.org/10.1117/12.2225292</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1117/12.2225292" target="_blank" >10.1117/12.2225292</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Comparison of artificial intelligence classifiers for SIP attack data

Popis výsledku v původním jazyce

Honeypot application is a source of valuable data about attacks on the network. We run several SIP honeypots in various computer networks, which are separated geographically and logically. Each honeypot runs on public IP address and uses standard SIP PBX ports. All information gathered via honeypot is periodically sent to the centralized server. This server classifies all attack data by neural network algorithm. The paper describes optimizations of a neural network classifier, which lower the classification error. The article contains the comparison of two neural network algorithm used for the classification of validation data. The first is the original implementation of the neural network described in recent work; the second neural network uses further optimizations like input normalization or cross-entropy cost function. We also use other implementations of neural networks and machine learning classification algorithms. The comparison test their capabilities on validation data to find the optimal classifier. The article result shows promise for further development of an accurate SIP attack classification engine.

Název v anglickém jazyce

Comparison of artificial intelligence classifiers for SIP attack data

Popis výsledku anglicky

Honeypot application is a source of valuable data about attacks on the network. We run several SIP honeypots in various computer networks, which are separated geographically and logically. Each honeypot runs on public IP address and uses standard SIP PBX ports. All information gathered via honeypot is periodically sent to the centralized server. This server classifies all attack data by neural network algorithm. The paper describes optimizations of a neural network classifier, which lower the classification error. The article contains the comparison of two neural network algorithm used for the classification of validation data. The first is the original implementation of the neural network described in recent work; the second neural network uses further optimizations like input normalization or cross-entropy cost function. We also use other implementations of neural networks and machine learning classification algorithms. The comparison test their capabilities on validation data to find the optimal classifier. The article result shows promise for further development of an accurate SIP attack classification engine.

Druh

D - Stať ve sborníku

CEP obor

IN - Informatika

OECD FORD obor

—

Projekt

<a href="/cs/project/LM2010005" target="_blank" >LM2010005: Velká infrastruktura CESNET</a><br>

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2016

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Machine Intelligence and Bio-inspired Computation: Theory and Applications X

ISBN

978-1-5106-0091-1

ISSN

1996-756X

e-ISSN

—

Počet stran výsledku

6

Strana od-do

—

Název nakladatele

SPIE

Místo vydání

Bellingham, Washington, US

Místo konání akce

Baltimore, Maryland, US

Datum konání akce

17. 4. 2016

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000389681700003