An intelligent cyber security system against DDoS attacks in SIP networks

Distributed Denial of Services (DDoS) attacks are among the most encountered cyber criminal activities in communication networks that can result in considerable financial and prestige losses for the corporations or governmental organizations. Therefore, autonomous detection of a DDoS attack and identification of its sources is essential for taking counter-measures. This study proposes an intelligent security system against DDoS attacks in communication networks that is composed of two components: A monitor for detection of DDoS attacks and a discriminator for detection of users in the system with malicious intents. A novel adaptive real time change-point model that tracks the changes in Mahalanobis distances between sampled feature vectors in the monitored system accounts for possible DDoS attacks. A clustering model that runs over the similarity scores of behavioral patterns between the users is used to segregate the malicious from the innocent. The proposed model is deployed over a simulated telephone network that uses a Session Initiation Protocol (SIP) server. The performance of the models are evaluated on data generated by this high throughput simulation environment.