{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,3,27]],"date-time":"2025-03-27T14:47:16Z","timestamp":1743086836472,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":37,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783540890539"},{"type":"electronic","value":"9783540890546"}],"license":[{"start":{"date-parts":[[2008,1,1]],"date-time":"2008-01-01T00:00:00Z","timestamp":1199145600000},"content-version":"unspecified","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2008]]},"DOI":"10.1007\/978-3-540-89054-6_5","type":"book-chapter","created":{"date-parts":[[2008,10,22]],"date-time":"2008-10-22T14:34:17Z","timestamp":1224686057000},"page":"90-106","source":"Crossref","is-referenced-by-count":20,"title":["A Self-learning System for Detection of Anomalous SIP Messages"],"prefix":"10.1007","author":[{"given":"Konrad","family":"Rieck","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Wahl","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Pavel","family":"Laskov","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Peter","family":"Domschitz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Klaus-Robert","family":"M\u00fcller","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"5_CR1","doi-asserted-by":"crossref","unstructured":"Abdelnur, H., Festor, O., State, R.: KiF: A statefule SIP fuzzer. In: Proc. of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM), pp. 47\u201356 (2007)","DOI":"10.1145\/1326304.1326313"},{"key":"5_CR2","unstructured":"Apte, V., Wu, Y.-S., Garg, S., Singh, N.: SPACEDIVE: A distributed intrusion detection system for voice-over-ip environments. In: Abstract Paper at International Conference on Dependable Systems and Networks (DSN) (2006)"},{"key":"5_CR3","unstructured":"Cretu, G., Stavrou, A., Locasto, M., Stolfo, S., Keromytis, A.: Casting out demons: Sanitizing training data for anomaly sensors. In: IEEESP (to appear, 2008)"},{"key":"5_CR4","doi-asserted-by":"crossref","unstructured":"Fiedler, J., Kupka, T., Ehlert, S., Magedanz, T., Sisalem, D.: VoIP Defender: Highly scalable SIP-based security architecture. In: Proc. of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM), pp. 11\u201317 (2007)","DOI":"10.1145\/1326304.1326307"},{"issue":"3","key":"5_CR5","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1109\/COMST.2006.253270","volume":"8","author":"D. Geneiatakis","year":"2006","unstructured":"Geneiatakis, D., Dagiuklas, T., Kambourakis, G., Lambrinoudakis, C., Gritzalis, S., Ehlert, S., Sisalem, D.: Survery of security vulnerabilities in session initial protocol. IEEE Communications Surverys & Tutorials\u00a08(3), 68\u201381 (2006)","journal-title":"IEEE Communications Surverys & Tutorials"},{"issue":"10","key":"5_CR6","doi-asserted-by":"publisher","first-page":"2580","DOI":"10.1016\/j.comnet.2006.11.014","volume":"51","author":"D. Geneiatakis","year":"2007","unstructured":"Geneiatakis, D., Kambourakis, G., Lambrinoudakis, C., Dagiuklas, T., Gritzalis, S.: A framework for protecting a SIP-based infrastructure against malformed message attacks. Computer Networks\u00a051(10), 2580\u20132593 (2007)","journal-title":"Computer Networks"},{"key":"5_CR7","doi-asserted-by":"crossref","unstructured":"Handley, M., Jacobson, V., Perkins, C.: SDP: Session Description Protocol. RFC 4566 (Proposed Standard) (July 2006)","DOI":"10.17487\/rfc4566"},{"key":"5_CR8","unstructured":"Holz, T., Steiner, M., Dahl, F., Biersack, E., Freiling, F.: Measurements and mitigation of peer-to-peer-based botnets: A case study on storm worm. In: First USENIX Workshop on Large-Scale Exploits and Emergent Threats (LEET) (2008)"},{"key":"5_CR9","unstructured":"Kloft, M., Laskov, P.: A poisoning attack against online anomaly detection. In: NIPS Workshop on Machine Learning in Adversarial Environments for Computer Security (2007)"},{"key":"5_CR10","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Toth, T., Kirda, E.: Service specific anomaly detection for network intrusion detection. In: Proc. of ACM Symposium on Applied Computing, pp. 201\u2013208 (2002)","DOI":"10.1145\/508791.508835"},{"key":"5_CR11","doi-asserted-by":"crossref","unstructured":"Kruegel, C., Vigna, G.: Anomaly detection of web-based attacks. In: Proc. of 10th ACM Conf. on Computer and Communications Security, pp. 251\u2013261 (2003)","DOI":"10.1145\/948143.948144"},{"key":"5_CR12","first-page":"1909","volume":"7","author":"P. Laskov","year":"2006","unstructured":"Laskov, P., Gehl, C., Kr\u00fcger, S., M\u00fcller, K.R.: Incremental support vector learning: Analysis, implementation and applications. Journal of Machine Learning Research\u00a07, 1909\u20131936 (2006)","journal-title":"Journal of Machine Learning Research"},{"key":"5_CR13","unstructured":"Lee, W., Stolfo, S., Mok, K.: A data mining framework for building intrusion detection models. In: Proc. of IEEE Symposium on Security and Privacy, pp. 120\u2013132 (1999)"},{"key":"5_CR14","doi-asserted-by":"crossref","unstructured":"Mahoney, M.: Network traffic anomaly detection based on packet bytes. In: Proc. of ACM Symposium on Applied Computing, pp. 346\u2013350 (2003)","DOI":"10.1145\/952589.952601"},{"key":"5_CR15","doi-asserted-by":"crossref","unstructured":"Nassar, M., Niccolini, S., State, R., Ewald, T.: Holistic VoIP intrusion detection and prevention system. In: Proc. of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM), pp. 1\u20139 (2007)","DOI":"10.1145\/1326304.1326306"},{"key":"5_CR16","unstructured":"Nassar, M., State, R., Festor, O.: Intrusion detection mechanisms for VoIP applications. In: Proc. of VoIP Security Workshop (VSW) (2006)"},{"key":"5_CR17","doi-asserted-by":"crossref","unstructured":"Nassar, M., State, R., Festor, O.: VoIP honeypot architecture. In: Proc. of IEEE Symposium on Integrated Network Management (IM), pp. 109\u2013118 (2007)","DOI":"10.1109\/INM.2007.374775"},{"key":"5_CR18","unstructured":"Niccolini, S.: VoIP security threats. Draft of IETF Working Group Session Peering for Multimedia Interconnect (SPEERMINT) (2006)"},{"key":"5_CR19","doi-asserted-by":"crossref","unstructured":"Niccolini, S., Garroppo, R., Giordano, S., Risi, G., Ventura, S.: SIP intrusion detection and prevention: recommendations and prototype implementation. In: Proc. of IEEE Workshop on VoIP Management and Security, pp. 47\u201352 (2006)","DOI":"10.1109\/VOIPMS.2006.1638122"},{"key":"5_CR20","unstructured":"Paxson, V.: The bro 0.8 user manual. Lawrence Berkeley National Laboratroy and ICSI Center for Internet Research (2004)"},{"key":"5_CR21","unstructured":"Reynolds, B., Ghosal, D.: Secure IP telephony using multi-layered protection. In: Proc. of Network and Distributed System Security Symposium (NDSS) (2003)"},{"key":"5_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"74","DOI":"10.1007\/11790754_5","volume-title":"Detection of Intrusions and Malware & Vulnerability Assessment","author":"K. Rieck","year":"2006","unstructured":"Rieck, K., Laskov, P.: Detecting unknown network attacks using language models. In: B\u00fcschkes, R., Laskov, P. (eds.) DIMVA 2006. LNCS, vol.\u00a04064, pp. 74\u201390. Springer, Heidelberg (2006)"},{"issue":"4","key":"5_CR23","doi-asserted-by":"publisher","first-page":"243","DOI":"10.1007\/s11416-006-0030-0","volume":"2","author":"K. Rieck","year":"2007","unstructured":"Rieck, K., Laskov, P.: Language models for detection of unknown attacks in network traffic. Journal in Computer Virology\u00a02(4), 243\u2013256 (2007)","journal-title":"Journal in Computer Virology"},{"key":"5_CR24","first-page":"23","volume":"9","author":"K. Rieck","year":"2008","unstructured":"Rieck, K., Laskov, P.: Linear-time computation of similarity measures for sequential data. Journal of Machine Learning Research\u00a09, 23\u201348 (2008)","journal-title":"Journal of Machine Learning Research"},{"key":"5_CR25","unstructured":"Roesch, M.: Snort: Lightweight intrusion detection for networks. In: Proc. of USENIX Large Installation System Administration Conference LISA, pp. 229\u2013238 (1999)"},{"key":"5_CR26","doi-asserted-by":"crossref","unstructured":"Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., Schooler, E.: SIP: Session Initiation Protocol. RFC 3261 (Proposed Standard), Updated by RFCs 3265, 3853, 4320, 4916 (June 2002)","DOI":"10.17487\/rfc3261"},{"key":"5_CR27","doi-asserted-by":"crossref","unstructured":"Sengar, H., Wang, H., Wijesekera, D., Jajodia, S.: Fast detection of denial of service attacks on ip telephony. In: Proc. of International Workshop on Quality of Service (IWQoS), pp. 199\u2013208 (2006)","DOI":"10.1109\/IWQOS.2006.250469"},{"key":"5_CR28","doi-asserted-by":"crossref","unstructured":"Sengar, H., Wijesekera, D., Wang, H., Jajodia, S.: VoIP intrusion detection through interacting protocol state machines. In: Proc. of International Conference on Dependable Systems and Networks (DSN), pp. 393\u2013402 (2004)","DOI":"10.1109\/DSN.2006.73"},{"key":"5_CR29","doi-asserted-by":"crossref","unstructured":"Sisalem, D., Kuthan, J., Ehlert, S.: Denial of service attacks targeting a SIP VoIP infrastructure: Attack scenarios and prevention mechanisms. IEEE Networks Magazine\u00a020(5) (2006)","DOI":"10.1109\/MNET.2006.1705880"},{"key":"5_CR30","unstructured":"Staniford, S., Paxson, V., Weaver, N.: How to 0wn the internet in your spare time. In: Proc. of USENIX Security Symposium (2002)"},{"issue":"11\u201313","key":"5_CR31","doi-asserted-by":"publisher","first-page":"1191","DOI":"10.1016\/S0167-8655(99)00087-2","volume":"20","author":"D. Tax","year":"1999","unstructured":"Tax, D., Duin, R.: Support vector domain description. Pattern Recognition Letters\u00a020(11\u201313), 1191\u20131199 (1999)","journal-title":"Pattern Recognition Letters"},{"key":"5_CR32","unstructured":"Truong, P., Nieh, D., Moh, M.: Specification-based intrusion detection for H.232-based voice over IP. In: Proc. of IEEE Symposium on Signal Processing and Information Technology (ISSPIT), pp. 387\u2013392 (2005)"},{"key":"5_CR33","doi-asserted-by":"crossref","unstructured":"VoIPSA. Voip security and privacy threat taxonomy. Report of Voice over IP Security Alliance (2005)","DOI":"10.1016\/S1353-4858(05)00196-0"},{"key":"5_CR34","doi-asserted-by":"crossref","unstructured":"Wang, K., Parekh, J., Stolfo, S.: Anagram: A content anomaly detector resistant to mimicry attack. In: Recent Adances in Intrusion Detection (RAID), pp. 226\u2013248 (2006)","DOI":"10.1007\/11856214_12"},{"key":"5_CR35","doi-asserted-by":"crossref","unstructured":"Wang, K., Stolfo, S.: Anomalous payload-based network intrusion detection. In: Recent Adances in Intrusion Detection (RAID), pp. 203\u2013222 (2004)","DOI":"10.1007\/978-3-540-30143-1_11"},{"key":"5_CR36","doi-asserted-by":"crossref","unstructured":"Wu, Y.-S., Bagchi, S., Garg, S., Singh, N.: SCIDIVE: a stateful and cross protocol intrusion detection architecture for voice-over-ip environments. In: Proc. of International Confernce on Dependable Systems and Neteworks (DSN), pp. 433\u2013442 (2004)","DOI":"10.1109\/DSN.2004.1311913"},{"key":"5_CR37","doi-asserted-by":"crossref","unstructured":"Zhang, G., Ehlert, S., Magedanz, T., Sisalem, D.: Denial of service attack and prevention on SIP VoIP infrastructures using DNS flooding. In: Proc. of International Conference on Principles, Systems and Applications of IP Telecommunications (IPTCOMM) (2007)","DOI":"10.1145\/1326304.1326314"}],"container-title":["Lecture Notes in Computer Science","Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-540-89054-6_5","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,2,2]],"date-time":"2025-02-02T05:26:35Z","timestamp":1738473995000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/978-3-540-89054-6_5"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2008]]},"ISBN":["9783540890539","9783540890546"],"references-count":37,"URL":"https:\/\/doi.org\/10.1007\/978-3-540-89054-6_5","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2008]]}}}