Steganography involves the concealment of unrelated information in a data stream. The authors of this paper propose the use of chaos theory to determine whether a certain information element used in session initiation protocol (SIP) signaling is carrying steganographic information. They use a simplistic distance-based metric to train a simple classification system that recognizes suspect, and therefore potentially steganographic, information elements with 91.9 percent efficacy.
While there does not appear to be anything overtly wrong with the experiment and the results in the paper, the larger question to me is why we should bother with detecting steganography in SIP. SIP has a rather expressive grammar that allows wide variability of representation in messages. As such, it is relatively easy to do steganography in SIP in many places. Trying to assume that steganography will happen only in certain information elements is futile. The expressive grammar, the extensibility of the protocol, the need for intermediaries to pass unknown headers and information elements unmodified, and the need to include various multipurpose Internet mail extensions (MIME) types, including allowing JPEG and GIF images that are already vectors for steganographic attacks, allow for a virtually unlimited canvas with which to mount steganographic attacks in SIP. Picking one or two headers and studying the effect of steganography on these is futile, in my humble opinion.