Date Added: Sep 2010
In this paper, the authors aim to enable security within SIP enterprise domains by providing monitoring capabilities at three levels: the network traffic, the server logs and the billing records. They propose an anomaly detection approach based on appropriate feature extraction and one-class Support Vector Machines (SVM). They propose methods for anomaly/attack type classification and attack source identification. Their approach is validated through experiments on a controlled test-bed using a customized normal traffic generation model and synthesized attacks. The results show promising performances in terms of accuracy, efficiency and usability.