The Session Initiation Protocol (SIP) is the de facto standard for user's session control in the next generation Voice over Internet Protocol (VoIP) networks based on the IP Multimedia Subsystem (IMS) framework. In this paper, we first analyze the role of SIP based floods in the Denial of Service (DoS) attacks on the IMS. Afterwards, we present an online intrusion detection framework for detection of such attacks. We analyze the role of different evolutionary and non-evolutionary classifiers on the classification accuracy of the proposed framework. We have evaluated the performance of our intrusion detection framework on a traffic in which SIP floods of varying intensities are injected. The results of our study show that the evolutionary classifiers like sUpervised Classifier System (UCS) and Genetic clASSIfier sySTem (GAssist) can even detect low intensity SIP floods in realtime. Finally, we formulate a set of specific guidelines that can help VoIP service providers in customizing our intrusion detection framework by selecting an appropriate classifier-depending on their requirements in different service scenarios.

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	3GPP2. IMS Security Framework. http://www.3gpp2.org, Dec. 2003.
	2	M. Akbar et al. A Comparative Study of Anomaly Detection Algorithms for Detection of SIP Flooding in IMS. In IMSAA, 2008.
	3	J. Alcalá-Fdez , L. Sánchez , S. García , M. J. del Jesus , S. Ventura , J. M. Garrell , J. Otero , C. Romero , J. Bacardit , V. M. Rivas , J. C. Fernández , F. Herrera, KEEL: a software tool to assess evolutionary algorithms for data mining problems, Soft Computing - A Fusion of Foundations, Methodologies and Applications, v.13 n.3, p.307-318, October 2008  [doi>10.1007/s00500-008-0323-y]
	4	Aliya Awais , Muddassar Farooq , Muhammad Younus Javed, Attack analysis & bio-inspired security framework for IPMultimedia subsystem, Proceedings of the 2008 GECCO conference companion on Genetic and evolutionary computation, July 12-16, 2008, Atlanta, GA, USA  [doi>10.1145/1388969.1389029]
	5	J. Bacardit. Pittsburgh Genetics-Based Machine Learning in the Data Mining era: Representations, generalization, and run-time. PhD disertation, 2004.
	6	A. Cuevas et al. The IMS Service Platform: A Solution for Next-Generation Network Operators to Be More than Bit Pipes. IEEE Comm. Mag., pages 75--81, 2006.
	7	B. Dasarathy. Nearest Neighbor (NN) Norms: NN Pattern Classification Techniques. Los Alamitos, CA: IEEE Computer Society Press, 1991.
	8	M. del Jesus et al. Induction of fuzzy-rule-based classifiers with evolutionary boosting algorithms. Fuzzy Systems, IEEE Trans. on, 12(3):296--308, 2004.
	9	R. Gayraud. SIPp, 2007. http://sipp.sourceforge.net.
	10	P. Lewicki et al. Statistics: Methods and Applications. StatSoft, Inc., 2006.
	11	Ester Bernadó-Mansilla , Josep M. Garrell-Guiu, Accuracy-based learning classifier systems: models, analysis and applications to classification tasks, Evolutionary Computation, v.11 n.3, p.209-238, Fall 2003  [doi>10.1162/106365603322365289]
	12	Mohamed Nassar , Radu State , Olivier Festor, Monitoring SIP Traffic Using Support Vector Machines, Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection, September 15-17, 2008, Cambridge, MA, USA  [doi>10.1007/978-3-540-87403-4_17]
	13	Fernando E. Otero , Alex A. Freitas , Colin G. Johnson, cAnt-Miner: An Ant Colony Classification Algorithm to Cope with Continuous Attributes, Proceedings of the 6th international conference on Ant Colony Optimization and Swarm Intelligence, September 22-24, 2008, Brussels, Belgium  [doi>10.1007/978-3-540-87527-7_5]
	14	R. Parpinelli et al. An Ant Colony Algorithm for Classification Rule Discovery. Data Mining: a Heuristic Approach, 208, 2002.
	15	Miikka Poikselka , Aki Niemi , Hisham Khartabil , Georg Mayer, The IMS Second Edition: IP Multimedia Concepts and Services, John Wiley & Sons, 2006
	16	J. Quinlan. Improved Use of Continuous Attributes in C4.5. JAIR, 4:77--90, 1996.
	17	Yacine Rebahi , Muhammad Sher , Thomas Magedanz, Detecting flooding attacks against IP Multimedia Subsystem (IMS) networks, Proceedings of the 2008 IEEE/ACS International Conference on Computer Systems and Applications, p.848-851, March 31-April 04, 2008  [doi>10.1109/AICCSA.2008.4493627]
	18	I. Rish. An empirical study of the naive Bayes classifier. In Proc. IJCAI-01 Workshop on Empirical Methods in AI, volume 335, 2001.
	19	V. M. Rivas , J. J. Merelo , P. A. Castillo , M. G. Arenas , J. G. Castellano, Evolving RBF neural networks for time-series forecasting with EvRBF, Information Sciences—Informatics and Computer Science: An International Journal, v.165 n.3-4, p.207-220, 19 October 2004  [doi>10.1016/j.ins.2003.09.025]
	20	SANS Institute. SANS Top-20 2007 Security Risks, 2007. http://www.sans.org/top20/.
	21	M. Sher et al. Secure Service Provisioning Framework (SSPF) for IP Multimedia System and Next Generation Mobile Networks. IWWST'05, pages 101--106, April 2005.
	22	S. Wilson. Generalization in the XCS classifier system. In Proc. Genetic Programming, pages 665--674. Morgan Kaufmann, 1998.
	23	S. Wilson. Get Real! XCS with Continuous-Valued Inputs. LNCS, pages 209--222, 2000.