Presenting a New Approach for Detecting Attacks on Voice over Internet Protocol Based on Ensemble Clustering

Due to lower cost and greater flexibility, voice over internet protocol (VoIP) is widely used in telecommunications. A variety of VoIP terminals causes them to be vulnerable. A common way to secure VoIP includes intrusion detection based on machine learning. Due to the diversity of traffics and lack of class labels for training Intrusion detection systems (IDSs) in many situations, clustering approaches (unsupervised learning) have been focused on. But individual cluster systems can't cover the diversities of feature values well, and some traffic samples may be identified as outliers. As an ensemble approach, the proposed model for solving these problems focuses on using TwoStep clustering algorithm, and by improving it, tries to improve the clustering-based intrusion detection. Moreover, regarding the importance of the feature selection process, a combination of Simulated Annealing algorithm (SA) and Multi-Layer Perceptron (MLP) has been exploited for identifying superior features used for clustering VoIP packets, as Normal or involving DoS, R2L, U2R either Probe attacks. Based on evaluation results obtained on the dataset “Network Security Lab-Knwledge Discovery in Databases” (NSL-KDD) by MATLAB, the proposed feature selection reduced the training and testing times, averagely by 77% and 80%, respectively, by reducing the features to 10 and 8. Also, compared to previous works, the proposed IDS shows average improvements in Accuracy, Detection rate, and F-Measure at 3.34 %, 14.17 %, and 32.87 %, respectively.