Hira Agrawal
2008-Jun-10 21:16 UTC
[asterisk-users] Seeking Collaboration in Development and Validation of an Anomaly Detection System for Asterisk
We are currently doing research and development on an open-source runtime application monitoring system for Asterisk. This system is aimed at detecting and mitigating problems or vulnerabilities that arise from residual errors--whether unintentional or malicious--either in the application code or in its configuration or usage patterns. It can, for example, be used to detect and prevent various security, performance, and availability problems resulting from latent errors in Asterisk code or, more importantly, in the dialplans it is configured with for handling all calls that go through it. Our approach involves examining "events" that get generated as a side effect of normal call processing and analyzing them, or some appropriate transformations of those events, against "normal", expected application behavior. Certain expected behaviors may be specified explicitly by system experts, while others may be "learned" implicitly by the monitoring system from "training" data that represents the target Asterisk PBX's normal, intended usage modes. In many instances, problems detected by the monitoring system may also be addressed automatically if the target system also provides appropriate control interfaces. In the case of Asterisk, for example, the Asterisk Manager Interface (AMI) API may be used for both--obtaining application events as well as performing certain mitigation actions. System logs generated by Asterisk may also act as additional sources of application events. We would like to make the resulting monitoring software available as an open source system for others to use, enhance, and experiment with. To do an effective job, however, we would like to partner with some large, existing Asterisk users, who can help us gather real life examples of Asterisk usage against which we can test and evaluate our techniques. This can, obviously, be done in a manner that addresses the privacy and confidentiality concerns of all parties involved. Any names, phone numbers, and URIs, for example, may be masked appropriately in all data that is shared with others. Please let us know if you would like to participate in this effort or if you have any questions in this regard. Any related help/suggestions/pointers would also be greatly appreciated. Thanks. -- Hira Agrawal Telcordia Technologies hira at research.telcordia.com