The IP Multimedia Subsystem (IMS) framework uses Session Initiation Protocol (SIP) for signaling and control of sessions. In this paper, we first demonstrate that SIP flooding attacks on IMS can result in denial of service to the legitimate users. Afterwards, we report our comparative study of three well-known anomaly detection algorithms, Adaptive threshold, Cumulative sum, and Hellinger distance) for detection of flood attacks in IMS. We evaluate the accuracy of the algorithms using a comprehensive traffic dataset that consists of varying benign and malicious traffic patterns.
展开▼