Mr Hassan Asgharian is going to defense his Phd thesis on “Security Framework for Intrusion Detection and Automated Response in SIP based Applications” on wednsday Feb. 17, 2016. The session will be held in Phd defense hall, Computer Engineering Department, Iran University of Science and Technology, Tehran, Iran.
Session Initiation Protocol (SIP) is the main control protocol of multimedia networks that is used as the signaling protocol in Next Generation Networks (NGN). It is a text-based stateful protocol which looks like the HTTP protocol. It manages the transactions in its specific multi-layer architecture over the application layer. The results of previous researches on the SIP attacks show that the root cause of more than 98 percent of these attacks is implementation problems and misconfigurations. New advances in multimedia and broadband communication networks make it possible to define software based services, but the security issues of control protocols in these multimedia clouds has been received proper attentions. Therefore, we present a security framework for intrusion detection and automated response selection on SIP based platforms. We employ the feature engineering approach to generate suitable features for anomaly detection systems. Feature engineering is the process of using domain knowledge of raw data and transforming them into features that best represent the security issues to the machine learning algorithms, resulting in improved model accuracy on unseen data. For this purpose, after analyzing the normal behavior of SIP entities, raw information of SIP header fields that may be used in features are extracted. We objectively estimate the usefulness of features and construct the feature set for using in SIP anomaly detection systems. We also categorize the different flooding attacks in SIP and construct four different feature sets for detecting these attack classes. The experimental results show the performance of proposed feature sets in terms of detection and false alarm rate. Finally, we complete our security framework by adding SIP specific automatic intrusion response module. It is done by the development of an application layer firewall and an automatic response selection engine. The final response is selected from the nominated responses by considering the runtime conditions in addition to the output alarm of detection engine. The results of the performance assessment of the proposed framework on available datasets show the proper function of the security framework in intrusion prevention. Since there is no benchmark data for SIP-based security system assessment, we also provide a real testbed based on the well-known open source applications to generate new and complex attack scenarios.
Keywords: SIP security, SIP flooding attacks, specification based intrusion detection system, automated intrusion response system
Phd cadidate: Hassan Asgharian
Supervisor: Dr. Ahmad Akbari
Dr. Bijan Raahemi
Jury Committee: Dr.Fathy, Dr. Seyed Vahid Azhari, Dr. Kabiri, Dr. Pedram, Dr. Malekiyan
Time: Location: 09:30 AM, wednsday Feb. 17, 2016, Phd defense hall, Computer Engineering Department, Iran University of Science and Technology, Tehran, Iran