<p>With their inherent capacity for massive connectivity, ultra-low latency and high reliability, B5G networks provide an ideal infrastructure to support the diverse and dynamic requirements of IoT (Internet of Things) communication. Originally designed to initiate, modify and terminate multimedia sessions over IP networks, the Session Initiation Protocol (SIP), a standardized protocol developed by the 3GPP, has emerged as a promising protocol for enabling communication and coordination in IoT environments. Nonetheless, SIP encounters a multitude of Distributed Denial of Service (DDoS) threats, with INVITE flooding attacks emerging as a notable challenge. Traditional IoT-IDS (Intrusion Detection System) relies on machine learning models trained on local data of their deployment context. However, such a model may not detect some attack patterns observed in other deployment contexts. We propose a design approach based on federated learning, and in which different IDS collaborate to achieve early detection of any INVITE flooding attack faced by any of them. The results show the effectiveness of the framework in detecting and mitigating INVITE flooding attacks across a various of flow intensities under realistic SIP operational conditions. Performance evaluations under different relevant scenarios demonstrate the robustness of the proposed framework. Experiments show that federated learning (FL) enhances the analysis of SIP flooding attacks, improving accuracy from 47 to 99% through knowledge sharing. The FL model with a GRU architecture and a FedAvgM aggregation function delivers the best performance, even in varied scenarios.</p>

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

SIP-DDoS framework based on federated learning for collaborative anomaly detection

  • Oussama Sbai,
  • Benjamin Allaert,
  • Patrick Sondi,
  • Ahmed Meddahi

摘要

With their inherent capacity for massive connectivity, ultra-low latency and high reliability, B5G networks provide an ideal infrastructure to support the diverse and dynamic requirements of IoT (Internet of Things) communication. Originally designed to initiate, modify and terminate multimedia sessions over IP networks, the Session Initiation Protocol (SIP), a standardized protocol developed by the 3GPP, has emerged as a promising protocol for enabling communication and coordination in IoT environments. Nonetheless, SIP encounters a multitude of Distributed Denial of Service (DDoS) threats, with INVITE flooding attacks emerging as a notable challenge. Traditional IoT-IDS (Intrusion Detection System) relies on machine learning models trained on local data of their deployment context. However, such a model may not detect some attack patterns observed in other deployment contexts. We propose a design approach based on federated learning, and in which different IDS collaborate to achieve early detection of any INVITE flooding attack faced by any of them. The results show the effectiveness of the framework in detecting and mitigating INVITE flooding attacks across a various of flow intensities under realistic SIP operational conditions. Performance evaluations under different relevant scenarios demonstrate the robustness of the proposed framework. Experiments show that federated learning (FL) enhances the analysis of SIP flooding attacks, improving accuracy from 47 to 99% through knowledge sharing. The FL model with a GRU architecture and a FedAvgM aggregation function delivers the best performance, even in varied scenarios.