{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,12]],"date-time":"2025-10-12T04:39:21Z","timestamp":1760243961002,"version":"build-2065373602"},"reference-count":6,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2010,12,21]],"date-time":"2010-12-21T00:00:00Z","timestamp":1292889600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/3.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>Service platforms using text-based protocols need to be protected against attacks. Machine-learning algorithms with pattern matching can be used to detect even previously unknown attacks. In this paper, we present an extension to known Support Vector Machine (SVM) based anomaly detection algorithms for the Session Initiation Protocol (SIP). Our contribution is to extend the amount of different features used for classification (feature space) by exploiting the structure of SIP messages, which reduces the false positive rate. Additionally, we show how combining our approach with attribute reduction significantly improves throughput.<\/jats:p>","DOI":"10.3390\/fi2040662","type":"journal-article","created":{"date-parts":[[2010,12,22]],"date-time":"2010-12-22T05:09:35Z","timestamp":1292994575000},"page":"662-669","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Improving Anomaly Detection for Text-Based Protocols by Exploiting Message Structures"],"prefix":"10.3390","volume":"2","author":[{"given":"Martin","family":"G\u00fcthle","sequence":"first","affiliation":[{"name":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jochen","family":"K\u00f6gel","sequence":"additional","affiliation":[{"name":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Stefan","family":"Wahl","sequence":"additional","affiliation":[{"name":"Bell-Labs Germany, Alcatel-Lucent Deutschland AG, Stuttgart, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Matthias","family":"Kaschub","sequence":"additional","affiliation":[{"name":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christian M.","family":"Mueller","sequence":"additional","affiliation":[{"name":"Institute of Communication Networks and Computer Engineering (IKR), University of Stuttgart, Germany"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2010,12,21]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Rosenberg, J., Schulzrinne, H., Camarillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and Schooler, E. (IETF, 2002). SIP: Session Initiation Protocol, RFC 3261, IETF.","DOI":"10.17487\/rfc3261"},{"key":"ref_2","unstructured":"Nassar, M., State, R., and Festor, O. (2008, January 15\u201317). Monitoring SIP Traffic Using Support Vector Machines. Proceedings of 11th International Symposium on Recent Advances in Intrusion Detection (RAID), Cambridge, MA, USA."},{"key":"ref_3","doi-asserted-by":"crossref","first-page":"1191","DOI":"10.1016\/S0167-8655(99)00087-2","article-title":"Support vector domain description","volume":"20","author":"Tax","year":"1999","journal-title":"Pattern Recogn. Lett."},{"key":"ref_4","doi-asserted-by":"crossref","unstructured":"Rieck, K., Wahl, S., Laskov, P., Domschitz, P., and Mueller, K.-R. (2008, January 1\u20132). A Self-Learning System for Detection of Anomalous SIP Messages. Principles, Systems and Applications of IP Telecommunications. Services and Security for Next Generation Networks. Proceedings of Second International Conference, Heidelberg, Germany.","DOI":"10.1007\/978-3-540-89054-6_5"},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"10","DOI":"10.1145\/1656274.1656278","article-title":"The WEKA data mining software: An update","volume":"11","author":"Hall","year":"2009","journal-title":"SIGKDD Explorations"},{"key":"ref_6","unstructured":"Chang, C.-C., and Lin, C.-J. LIBSVM: A library for support vector machines. Available online: http:\/\/www.csie.ntu.edu.tw\/~cjlin\/libsvm\/."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/2\/4\/662\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,11]],"date-time":"2025-10-11T22:04:09Z","timestamp":1760220249000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/2\/4\/662"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2010,12,21]]},"references-count":6,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2010,12]]}},"alternative-id":["fi2040662"],"URL":"https:\/\/doi.org\/10.3390\/fi2040662","relation":{},"ISSN":["1999-5903"],"issn-type":[{"type":"electronic","value":"1999-5903"}],"subject":[],"published":{"date-parts":[[2010,12,21]]}}}