SIP-based VoIP traffic behavior profiling and its applications

Hun Jeong Kang, Zhi-Li Zhang, Supranamaya Ranjan, Antonio Nucci
2007 Proceedings of the 3rd annual ACM workshop on Mining network data - MineNet '07  
With the widespread adoption of SIP-based VoIP, understanding the characteristics of SIP traffic behavior is critical to problem diagnosis and security protection of VoIP services -two key aspects of providing dependable VoIP services. In this paper we propose a general methodology for profiling SIP-based VoIP traffic behavior at several levels: SIP server host, server entity (e.g., registrar and call proxy) and individual user levels -to derive "normal" behavior profiles. Using SIP traffic
more » ... ing SIP traffic traces captured in a production VoIP network, we illustrate the characteristics of SIP-based VoIP traffic behavior in an operational environment and demonstrate the effectiveness of our general profiling methodology. Based upon the profiling methodology, we develop a simple and yet effective entropy-based anomaly detection algorithm for detecting potential security attacks as well as performance problems. We demonstrate the efficacy of our algorithm in detecting potential VoIP attacks through testbed experimentation.
doi:10.1145/1269880.1269891 dblp:conf/minenet/KangZRN07 fatcat:7wgc64fmafauxpu7lmbaqg22ym