By Topic

Intrusion Detection System for IP Multimedia Subsystem using K-Nearest Neighbor classifier

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Ashfaq Hussain Farooqi ; Department of Computer Sciences, National University of Computer and Emerging Sciences, Islamabad, Pakistan ; Ali Munir

IP multimedia subsystem (IMS) is a new next generation networking architecture that will provide better quality of service, charging infrastructure and security. The basic idea behind IMS is convergence; providing a single interface to different traditional or modern networking architectures allowing better working environment for the end users. IMS is still not commercially adopted and used but research is in progress to explore it. IMS is an IP based overlay next generation network architecture. It inherent number of security threats of session initiation protocol (SIP), TCP, UDP etc as it uses SIP and IP protocols. Some of them can degrade the performance of IMS seriously and may cause DoS or DDoS attacks. The paper presents a new approach keeping a vision of secure IMS based on intrusion detection system (IDS) using k-nearest neighbor (KNN) as classifier. The KNN classifier can effectively detect intrusive attacks and achieve a low false positive rate. It can distinguish between the normal behavior of the system or abnormal. In this paper, we have focused on the key element of IMS core known as proxy call session control function (PCSCF). Network based anomaly detection mechanism is proposed using KNN as anomaly detector. Experiments are performed on OpenIMS core and the result shows that IMS is vulnerable to different types of attacks such as UDP flooding, IP spoofing that can cause DoS. KNN classifier effectively distinguishes the behavior of the system as normal or intrusive and achieve low false positive rate.

Published in:

Multitopic Conference, 2008. INMIC 2008. IEEE International

Date of Conference:

23-24 Dec. 2008