Fast Detection of Distributed Denial of Service Attacks in VoIP Networks Using Convolutional Neural Networks

Document Type : Original Article

Authors

1 Department of Computer Science, College of Computer Engineering and Sciences, Prince Sattam bin Abdulaziz University, Al Kharj, KSA

2 Faculty of Computers and Information, Helwan University, Egypt

3 Faculty of Computers and Information Sciences, Ain Shams University, Egypt College of Applied Computer Sciences (CACS), King Saud University, KSA

4 Vice Dean for Community Service and Environmental Development, Faculty of computer and Information Sciences, Ain Shams University

Abstract

Voice over Internet Protocol (VoIP) is a recent technology used to transfer media and voice over Internet Protocol (IP). Many organizations moved to VoIP services instead of the traditional telephone systems because of its low cost and variety of introduced services. The Session Initiation Protocol (SIP) is the most used protocol for signaling functions in VoIP networks. It has simple implantation but suffers from less protection against attacks. The Distributed Denial of Service (DDoS) attack is a dangerous attack that preventing legitimate users from using VoIP services and draining their resources. In this paper, we proposed an approach that utilizes deep learning to detect DDoS attacks. The proposed approach uses token embedding to improve the extracted features of SIP messages. Then, Convolutional Neural Network (CNN) was used to detect DDoS attacks with different intensities. Furthermore, a real VoIP dataset that contains different scenarios of attacks was used to evaluate the proposed approach. Our experiments find that the CNN model achieved a high F1 score (99-100\%) as another deep learning approach that utilizes Recurrent Neural Network (RNN) but with less detection time. Also, it outperforms another system that depends on classical machine learning in case of low-rate DDoS attacks.

Keywords