Intrusion Detection in IMS: Experiences with a Hellinger Distance-Based Flooding Detector

Autor: Oliver Jung, Andreas Berger, Christoph Hecht, Ivan Gojmerac, Peter Reichl
Rok vydání: 2009
Předmět:
Zdroj: 2009 First International Conference on Evolving Internet.
DOI: 10.1109/internet.2009.17
Popis: With the imminent roll-out of the 3GPP IP Multimedia Subsystem (IMS), IMS-specific security threats and corresponding counter-mechanisms are gaining increasing attention. One of the most promising recent intrusion detection approaches dealing with unforeseen anomalies caused by flooding attacks is based on a specific metric for the distance between two empirical probability distributions, the so-called Hellinger distance. In this paper, we discuss the application of this concept for IMS networks as well as the resulting implementation of a flooding detector, and describe some practical experiences based utilizing different traffic generation tools. The results show that shorter analysis cycles and precise parameterization in general trigger higher detection rates.
Databáze: OpenAIRE