Using decision trees for generating adaptive SPIT signatures

With the spread of new and innovative Internet services such as SIP-based communications, the challenge of protecting and defending these critical applications has been raised. In particular, SIP firewalls attempt to filter the signaling unwanted activities and attacks based on the knowledge of the SIP protocol. Optimizing the SIP firewall configuration at real-time by selecting the best filtering rules is problematic because it depends on both natures of the legal traffic and the unwanted activities. More precisely, we do not know exactly how the unwanted activities are reflected in the SIP messages and in what they differ from the legal ones. In this paper, we address the case of Spam over Internet Telephony (SPIT) mitigation. We propose an adaptive solution based on extracting signatures from learnt decision trees. Our simulations show that quickly learning the optimal configuration for a SIP firewall leads to reduce at lowest the unsolicited calls as reported by the users under protection. Our results promote the application of machine learning algorithms for supporting network and service resilience against such new challenges.

[1]  K. Bowyer,et al.  Combining Decision Trees Learned in Parallel , 1998 .

[2]  Helmut Hlavacs,et al.  Automatic Adaptation and Analysis of SIP Headers Using Decision Trees , 2008, IPTComm.

[3]  Ian H. Witten,et al.  The WEKA data mining software: an update , 2009, SKDD.

[4]  Aiko Pras,et al.  Analysis of Techniques for Protection Against Spam over Internet Telephony , 2007, EUNICE.

[5]  Dimitris Gritzalis,et al.  Audio CAPTCHA for SIP-Based VoIP , 2009, SEC.

[6]  Saurabh Bagchi,et al.  Spam detection in voice-over-IP calls through semi-supervised clustering , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[7]  Jayanta Basak,et al.  Online Adaptive Decision Trees , 2004, Neural Computation.

[8]  Remi Badonnel,et al.  Risk management in VoIP infrastructures using support vector machines , 2010, 2010 International Conference on Network and Service Management.

[9]  J. Ross Quinlan,et al.  C4.5: Programs for Machine Learning , 1992 .

[10]  Ming-Syan Chen,et al.  Inference Based Classifier: Efficient Construction of Decision Trees for Sparse Categorical Attributes , 2003, DaWaK.

[11]  Foster J. Provost,et al.  Scaling Up: Distributed Machine Learning with Cooperation , 1996, AAAI/IAAI, Vol. 1.

[12]  Mircea Preda,et al.  Adaptive building of decision trees by reinforcement learning , 2007 .

[13]  David Hutchison,et al.  Resilience and survivability in communication networks: Strategies, principles, and survey of disciplines , 2010, Comput. Networks.

[14]  Michaël Rusinowitch,et al.  Protocol analysis in intrusion detection using decision tree , 2004, International Conference on Information Technology: Coding and Computing, 2004. Proceedings. ITCC 2004..

[15]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[16]  Santolo Meo,et al.  World Scientific and Engineering Academy and Society (WSEA) , 2010 .

[17]  Saverio Niccolini,et al.  SPam over Internet Telephony (SPIT) Prevention Framework. , 2006 .

[18]  Alberto Maria Segre,et al.  Programs for Machine Learning , 1994 .