SoK: Everyone Hates Robocalls: A Survey of Techniques Against Telephone Spam

Telephone spam costs United States consumers $8.6 billion annually. In 2014, the Federal Trade Commission has received over 22 million complaints of illegal and wanted calls. Telephone spammers today are leveraging recent technical advances in the telephony ecosystem to distribute massive automated spam calls known as robocalls. Given that anti-spam techniques and approaches are effective in the email domain, the question we address is: what are the effective defenses against spam calls? In this paper, we first describe the telephone spam ecosystem, specifically focusing on the differences between email and telephone spam. Then, we survey the existing telephone spam solutions and, by analyzing the failings of the current techniques, derive evaluation criteria that are critical to an acceptable solution. We believe that this work will help guide the development of effective telephone spam defenses, as well as provide a framework to evaluate future defenses.

[1]  Andrei V. Gurtov,et al.  Collaborative Reputation-based Voice Spam Filtering , 2009, 2009 20th International Workshop on Database and Expert Systems Application.

[2]  Mohammad Hossein Yaghmaee Moghaddam,et al.  New method for evaluating anti-SPIT in VoIP networks , 2013, ICCKE 2013.

[3]  Christoph Pörschmann,et al.  Content-Based Detection and Prevention of Spam over IP Telephony - System Design, Prototype and First Results , 2011, 2011 IEEE International Conference on Communications (ICC).

[4]  Benxiong Huang,et al.  ADVS: a reputation-based model on filtering SPIT over P2P-VoIP networks , 2010, The Journal of Supercomputing.

[5]  Henning Schulzrinne,et al.  Issues and challenges in securing VoIP , 2009, Comput. Secur..

[6]  Angelos D. Keromytis,et al.  A Survey of Voice over IP Security Research , 2009, ICISS.

[7]  Giannis F. Marias,et al.  SPIDER: A platform for managing SIP-based Spam over Internet Telephony (SPIT) , 2011, J. Comput. Secur..

[8]  Lawrence R. Rabiner,et al.  Applications of speech recognition in the area of telecommunications , 1997, 1997 IEEE Workshop on Automatic Speech Recognition and Understanding Proceedings.

[9]  Janne Lindqvist,et al.  Accessible Voice CAPTCHAs for Internet Telephony , 2008 .

[10]  Dorgham Sisalem,et al.  SDRS: A Voice-over-IP Spam Detection and Reaction System , 2008, IEEE Security & Privacy.

[11]  Dimitris Gritzalis,et al.  ASPF: Adaptive anti-SPIT Policy-based Framework , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[12]  Giannis F. Marias,et al.  SIP Vulnerabilities and Anti-SPIT Mechanisms Assessment , 2007, 2007 16th International Conference on Computer Communications and Networks.

[13]  Mustaque Ahamad,et al.  Phoneypot: Data-driven Understanding of Telephony Threats , 2015, NDSS.

[14]  Federico Maggi Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds , 2010, 2010 10th IEEE International Conference on Computer and Information Technology.

[15]  Ram Dantu,et al.  Detecting Spam in VoIP Networks , 2005, SRUTI.

[16]  Dimitris Gritzalis,et al.  A SIP-oriented SPIT Management Framework , 2008, Comput. Secur..

[17]  R. MacIntosh,et al.  Detection and mitigation of spam in IP telephony networks using signaling protocol analysis , 2005, IEEE/Sarnoff Symposium on Advances in Wired and Wireless Communication, 2005..

[18]  Muhammad Ajmal Azad,et al.  Caller-REP: Detecting unwanted calls with caller social strength , 2013, Comput. Secur..

[19]  Christoph Sorge,et al.  A Provider-Level Reputation System for Assessing the Quality of SPIT Mitigation Algorithms , 2009, 2009 IEEE International Conference on Communications.

[20]  Kumar Srivastava,et al.  Preventing Spam For SIP-based Instant Messages and Sessions , 2004 .

[21]  Steven Bethard,et al.  Decaptcha: Breaking 75% of eBay Audio CAPTCHAs , 2009, WOOT.

[22]  M. Brunner,et al.  ISE03-2: SPam over Internet Telephony (SPIT) Prevention Framework , 2006, IEEE Globecom 2006.

[23]  Jeff Hodges,et al.  Using SAML to protect the session initiation protocol (SIP) , 2006, IEEE Network.

[24]  Muhammad Ajmal Azad,et al.  Multistage SPIT detection in transit VoIP , 2011, SoftCOM 2011, 19th International Conference on Software, Telecommunications and Computer Networks.

[25]  Adel Bouhoula,et al.  Behavior-based approach to detect spam over IP telephony attacks , 2015, International Journal of Information Security.

[26]  Aurelio La Corte,et al.  Security analysis and countermeasures assessment against spit attacks on VoIP systems , 2011, 2011 World Congress on Internet Security (WorldCIS-2011).

[27]  Patrick Traynor,et al.  PinDr0p: using single-ended audio features to determine call provenance , 2010, CCS '10.

[28]  Xinyuan Wang,et al.  Call Behavioral Analysis to Thwart SPIT Attacks on VoIP Networks , 2011, SecureComm.

[29]  Ram Dantu,et al.  Nuisance level of a voice call , 2008, TOMCCAP.

[30]  D. Sisalem,et al.  SIP Spam Detection , 2006, International Conference on Digital Telecommunications (ICDT'06).

[31]  Anazida Zainal,et al.  Fraud detection system: A survey , 2016, J. Netw. Comput. Appl..

[32]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[33]  Wenyuan Xu,et al.  You Can Call but You Can't Hide: Detecting Caller ID Spoofing Attacks , 2014, 2014 44th Annual IEEE/IFIP International Conference on Dependable Systems and Networks.

[34]  Spencer Kimball,et al.  Interactive Voice Recognition Communication in Electoral Politics , 2014 .

[35]  Henning Schulzrinne,et al.  Have I met you before?: using cross-media relations to reduce SPIT , 2009, IPTComm.

[36]  Ram Dantu,et al.  VoIP Security — Attacks and Solutions , 2008, Inf. Secur. J. A Glob. Perspect..

[37]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[38]  Ram Dantu,et al.  Socio-technical defense against voice spamming , 2007, TAAS.

[39]  Haining Wang,et al.  A Voice Spam Filter to Clean Subscribers' Mailbox , 2012, SecureComm.

[40]  김태은,et al.  금융 Fraud Detection System 운영 프레임워크 연구 , 2015 .

[41]  Atsuhiro Goto Proceedings of the 2007 ACM workshop on Digital identity management , 2007, CCS 2007.

[42]  Moni Naor,et al.  Pricing via Processing or Combatting Junk Mail , 1992, CRYPTO.

[43]  Nilanjan Banerjee,et al.  Anti-vamming trust enforcement in peer-to-peer VoIP networks , 2006, IWCMC '06.

[44]  Zhi-Li Zhang,et al.  SIP-based VoIP traffic behavior profiling and its applications , 2007, MineNet '07.

[45]  Neil W. Bergmann,et al.  A Review of Methods for Preventing Spam in IP Telephony , 2013 .

[46]  Suguru Yamaguchi,et al.  Trust-based VoIP Spam Detection based on Calling Behaviors and Human Relationships , 2013, J. Inf. Process..

[47]  A.R. Modarressi,et al.  Signaling System No.7: a tutorial , 1990, IEEE Communications Magazine.

[48]  Aiko Pras,et al.  Analysis of Techniques for Protection Against Spam over Internet Telephony , 2007, EUNICE.

[49]  Benxiong Huang,et al.  P2P-AVS: P2P Based Cooperative VoIP Spam Filtering , 2007, 2007 IEEE Wireless Communications and Networking Conference.

[50]  Hai Huang,et al.  A SPIT Detection Method Using Voice Activity Analysis , 2009, 2009 International Conference on Multimedia Information Networking and Security.

[51]  Marit Hansen,et al.  Developing a Legally Compliant Reachability Management System as a Countermeasure against SPIT 1 , 2006 .

[52]  Cullen Jennings Computational Puzzles for SPAM Reduction in SIP , 2007 .

[53]  Abhishek Shukla,et al.  A Model for Spam Prevention in IP Telephony Networks using Anonymous Verifying Authorities , 2007 .

[54]  Haesun Park,et al.  CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation , 2007, CEAS.

[55]  Saverio Niccolini,et al.  Prevention of Spam over IP Telephony (SPIT) , 2006 .

[56]  Christoph Pörschmann,et al.  Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony , 2008, CEAS.

[57]  Alicia Hatfield Phoney Business: Successful Caller ID Spoofing Regulation Requires More Than the Truth in Caller ID Act of 2009 , 2011 .

[58]  Dimitris Gritzalis,et al.  OntoSPIT: SPIT management through ontologies , 2009, Comput. Commun..

[59]  Saverio Niccolini,et al.  A policy framework for personalized and role-based SPIT prevention , 2009, IPTComm.

[60]  Hong Yan,et al.  Incorporating Active Fingerprinting into SPIT Prevention Systems , 2006 .

[61]  Dimitris Gritzalis,et al.  SPIT Identification Criteria Implementation: Effectiveness and Lessons Learned , 2008, SEC.

[62]  Dimitris Gritzalis,et al.  Audio CAPTCHA for SIP-Based VoIP , 2009, SEC.

[63]  Saurabh Bagchi,et al.  Spam detection in voice-over-IP calls through semi-supervised clustering , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.

[64]  Hyung-Jong Kim,et al.  DEVS-Based modeling of VoIP spam callers' behavior for SPIT level calculation , 2009, Simul. Model. Pract. Theory.

[65]  Xiao Su,et al.  Adaptive Voice Spam Control with User Behavior Analysis , 2009, 2009 11th IEEE International Conference on High Performance Computing and Communications.

[66]  Heiko Knospe,et al.  An efficient search method for the content-based identification of telephone-SPAM , 2012, 2012 IEEE International Conference on Communications (ICC).

[67]  Y. Rebahi,et al.  SIP Service Providers and The Spam Problem , 2005 .

[68]  Ming-Yang Su,et al.  A Prevention System for Spam over Internet Telephony , 2012 .

[69]  Dongwook Shin,et al.  Progressive multi gray-leveling: a voice spam protection algorithm , 2006, IEEE Network.

[70]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[71]  Samir Saklikar,et al.  Identity federation for voip-based services , 2007, DIM '07.

[72]  M. Ahamad,et al.  A lightweight scheme for securely and reliably locating SIP users , 2006, 1st IEEE Workshop on VoIP Management and Security, 2006..

[73]  Chita R. Das,et al.  Exploring Anti-Spam Models in Large Scale VoIP Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[74]  Ram Dantu,et al.  Behavior-based adaptive call predictor , 2011, TAAS.

[75]  Adam Back,et al.  Hashcash - A Denial of Service Counter-Measure , 2002 .

[76]  Jürgen Quittek,et al.  On Spam over Internet Telephony (SPIT) Prevention , 2008, IEEE Communications Magazine.

[77]  Miika Komu,et al.  Cure for Spam Over Internet Telephony , 2007, 2007 4th IEEE Consumer Communications and Networking Conference.