Classifier fusion for VoIP attacks classification

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F63839172%3A_____%2F17%3A10132895" target="_blank" >RIV/63839172:_____/17:10132895 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.1117/12.2262744" target="_blank" >http://dx.doi.org/10.1117/12.2262744</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1117/12.2262744" target="_blank" >10.1117/12.2262744</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Classifier fusion for VoIP attacks classification

Popis výsledku v původním jazyce

SIP is one of the most successful protocols in the field of IP telephony communication. It establishes and manages VoIP calls. As the number of SIP implementation rises, we can expect a higher number of attacks on the communication system in the near future. This work aims at malicious SIP traffic classification. A number of various machine learning algorithms have been developed for attack classification. The paper presents a comparison of current research and the use of classifier fusion method leading to a potential decrease in classification error rate. Use of classifier combination makes a more robust solution without difficulties that may affect single algorithms. Different voting schemes, combination rules, and classifiers are discussed to improve the overall performance. All classifiers have been trained on real malicious traffic. The concept of traffic monitoring depends on the network of honeypot nodes. These honeypots run in several networks spread in different locations. Separation of honeypots allows us to gain an independent and trustworthy attack information.

Název v anglickém jazyce

Classifier fusion for VoIP attacks classification

Popis výsledku anglicky

SIP is one of the most successful protocols in the field of IP telephony communication. It establishes and manages VoIP calls. As the number of SIP implementation rises, we can expect a higher number of attacks on the communication system in the near future. This work aims at malicious SIP traffic classification. A number of various machine learning algorithms have been developed for attack classification. The paper presents a comparison of current research and the use of classifier fusion method leading to a potential decrease in classification error rate. Use of classifier combination makes a more robust solution without difficulties that may affect single algorithms. Different voting schemes, combination rules, and classifiers are discussed to improve the overall performance. All classifiers have been trained on real malicious traffic. The concept of traffic monitoring depends on the network of honeypot nodes. These honeypots run in several networks spread in different locations. Separation of honeypots allows us to gain an independent and trustworthy attack information.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

Výsledek vznikl pri realizaci vícero projektů. Více informací v záložce Projekty.

Návaznosti

P - Projekt vyzkumu a vyvoje financovany z verejnych zdroju (s odkazem do CEP)

Rok uplatnění

2017

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of SPIE 10200; Signal Processing, Sensor/Information Fusion, and Target Recognition XXVI

ISBN

978-1-5106-0901-3

ISSN

0277-786X

e-ISSN

neuvedeno

Počet stran výsledku

7

Strana od-do

"102001F"-"102001F7"

Název nakladatele

SPIE

Místo vydání

Neuveden

Místo konání akce

Anaheim, California, United States

Datum konání akce

9. 4. 2017

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

000424391600040