An anomaly-based approach to the analysis of the social behavior of VoIP users

In this paper we present the results of a study we recently conducted by analyzing a large data set of VoIP Call Detail Records (CDRs), provided by an Italian telecom operator. The objectives of this study were twofold: (i) first, to provide a representation of users behavior, as well as of their mutual interaction and communication patterns, allowing to identify certain easily separable user categories; and (ii) second, to design and implement a framework calculating such a representation starting from CDR, capable of operating within certain time constraints, and grouping users using unsupervised techniques. The paper shows how we can reliably identify behavioral patterns associated with the most common anomalous behaviors of VoIP users. It also exploits the expressive power of relational graphs in order to both validate the results of the unsupervised analysis and ease their interpretation by human operators.

[1]  Haesun Park,et al.  CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation , 2007, CEAS.

[2]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[3]  Kevin D. Mitnick,et al.  Ghost In The Wires: My Adventures as the World's Most Wanted Hacker , 2011 .

[4]  Joao Antonio Pereira,et al.  Linked: The new science of networks , 2002 .

[5]  Harris Chaiklin Ghost in the Wires. My Adventures as the World’s Most Wanted Hacker , 2012 .

[6]  P. Oscar Boykin,et al.  Leveraging social networks to fight spam , 2005, Computer.

[7]  Esa Alhoniemi,et al.  Clustering of the self-organizing map , 2000, IEEE Trans. Neural Networks Learn. Syst..

[8]  Dario Lombardo,et al.  An innovative way to analyze large ISP data for IMS security and monitoring , 2009, 2009 13th International Conference on Intelligence in Next Generation Networks.

[9]  Sergei Vassilvitskii,et al.  k-means++: the advantages of careful seeding , 2007, SODA '07.

[10]  Claudio Mazzariello,et al.  Clustering NGN user behavior for anomaly detection , 2011, Inf. Secur. Tech. Rep..

[11]  Saurabh Bagchi,et al.  Spam detection in voice-over-IP calls through semi-supervised clustering , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[12]  Hyung-Jong Kim,et al.  DEVS-Based modeling of VoIP spam callers' behavior for SPIT level calculation , 2009, Simul. Model. Pract. Theory.

[13]  Christoph Pörschmann,et al.  Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony , 2008, CEAS.

[14]  Donald W. Bouldin,et al.  A Cluster Separation Measure , 1979, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[15]  J. MacQueen Some methods for classification and analysis of multivariate observations , 1967 .

[16]  James C. Bezdek,et al.  Cluster validation with generalized Dunn's indices , 1995, Proceedings 1995 Second New Zealand International Two-Stream Conference on Artificial Neural Networks and Expert Systems.

[17]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[18]  Ram Dantu,et al.  Detecting Spam in VoIP Networks , 2005, SRUTI.