Intrusion Detection in IMS: Experiences with a Hellinger Distance-Based Flooding Detector
Autor: | Oliver Jung, Andreas Berger, Christoph Hecht, Ivan Gojmerac, Peter Reichl |
---|---|
Rok vydání: | 2009 |
Předmět: |
Computer science
business.industry ComputerSystemsOrganization_COMPUTER-COMMUNICATIONNETWORKS Real-time computing Detector IP Multimedia Subsystem Intrusion detection system Intrusion detection IMS Hellinger distance Flooding detector Empirical probability Flooding (computer networking) Server business Traffic generation model Computer network |
Zdroj: | 2009 First International Conference on Evolving Internet. |
DOI: | 10.1109/internet.2009.17 |
Popis: | With the imminent roll-out of the 3GPP IP Multimedia Subsystem (IMS), IMS-specific security threats and corresponding counter-mechanisms are gaining increasing attention. One of the most promising recent intrusion detection approaches dealing with unforeseen anomalies caused by flooding attacks is based on a specific metric for the distance between two empirical probability distributions, the so-called Hellinger distance. In this paper, we discuss the application of this concept for IMS networks as well as the resulting implementation of a flooding detector, and describe some practical experiences based utilizing different traffic generation tools. The results show that shorter analysis cycles and precise parameterization in general trigger higher detection rates. |
Databáze: | OpenAIRE |
Externí odkaz: |