Behavior-based approach to detect spam over IP telephony attacks

Spam over IP telephony (SPIT) is expected to become a serious problem as the use of voice over IP grows. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but there are still limited in some cases. Thus, in this paper, we propose a system to detect SPIT attacks through behavior-based approach. Our framework operates in three steps: (1) collecting significant calls attributes by exploring and analyzing network traces using OPNET environment; (2) applying sliding windows strategy to properly maintain the callers profiles; and (3) classifying caller (i.e., legitimate or SPITter) using ten supervised learning methods: NaïveBayes, BayesNet, SMO RBFKernel, SMO PolyKernel, MultiLayerPerceptron with two and three layers, NBTree, J48, Bagging and AdaBoostM1. The results of our experiments demonstrate the great performance of these methods. Our study, based on receiver operating characteristics curves, shows that the AdaBoostM1 classifier is more efficient than the other methods and achieve an almost perfect detection rate with acceptable training time.

[1]  Laura Schweitzer,et al.  Advances In Kernel Methods Support Vector Learning , 2016 .

[2]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[3]  A. Atiya,et al.  Learning with Kernels: Support Vector Machines, Regularization, Optimization, and Beyond , 2005, IEEE Transactions on Neural Networks.

[4]  Dongwook Shin,et al.  Progressive multi gray-leveling: a voice spam protection algorithm , 2006, IEEE Network.

[5]  Lukasz Golab,et al.  On Indexing Sliding Windows over Online Data Streams , 2004, EDBT.

[6]  Angelos D. Keromytis,et al.  A Comprehensive Survey of Voice over IP Security Research , 2012, IEEE Communications Surveys & Tutorials.

[7]  Remi Badonnel,et al.  Risk management in VoIP infrastructures using support vector machines , 2010, 2010 International Conference on Network and Service Management.

[8]  Bernhard Schölkopf,et al.  Comparing support vector machines with Gaussian kernels to radial basis function classifiers , 1997, IEEE Trans. Signal Process..

[9]  Vladimir Vapnik,et al.  Statistical learning theory , 1998 .

[10]  Brian Neil Levine,et al.  A Survey of Solutions to the Sybil Attack , 2006 .

[11]  Heekuck Oh,et al.  Neural Networks for Pattern Recognition , 1993, Adv. Comput..

[12]  Radu State,et al.  Monitoring SIP Traffic Using Support Vector Machines , 2008, RAID.

[13]  L. Breiman Arcing Classifiers , 1998 .

[15]  L. Breiman Arcing classifier (with discussion and a rejoinder by the author) , 1998 .

[16]  Dorgham Sisalem,et al.  SDRS: A Voice-over-IP Spam Detection and Reaction System , 2008, IEEE Security & Privacy.

[17]  Ram Dantu,et al.  Socio-technical defense against voice spamming , 2007, TAAS.

[18]  Adel Bouhoula,et al.  A SPIT detection algorithm based on user's call behavior , 2013, 2013 21st International Conference on Software, Telecommunications and Computer Networks - (SoftCOM 2013).

[19]  Saverio Niccolini,et al.  SPam over Internet Telephony (SPIT) Prevention Framework. , 2006 .

[20]  Tom Fawcett,et al.  An introduction to ROC analysis , 2006, Pattern Recognit. Lett..

[21]  M. Brunner,et al.  ISE03-2: SPam over Internet Telephony (SPIT) Prevention Framework , 2006, IEEE Globecom 2006.

[22]  Haesun Park,et al.  CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation , 2007, CEAS.

[23]  Piotr Indyk,et al.  Maintaining stream statistics over sliding windows: (extended abstract) , 2002, SODA '02.

[24]  Remco R. Bouckaert,et al.  Bayesian network classifiers in Weka , 2004 .

[25]  Dimitris Gritzalis,et al.  ASPF: Adaptive anti-SPIT Policy-based Framework , 2011, 2011 Sixth International Conference on Availability, Reliability and Security.

[26]  Jan M. Zytkow,et al.  Handbook of Data Mining and Knowledge Discovery , 2002 .

[27]  Rajeev Kumar,et al.  Receiver operating characteristic (ROC) curve for medical researchers , 2011, Indian pediatrics.

[28]  John C. Platt,et al.  Fast training of support vector machines using sequential minimal optimization, advances in kernel methods , 1999 .

[29]  A. Murat Tekalp,et al.  Automatic Image Annotation Using Adaptive Color Classification , 1996, CVGIP Graph. Model. Image Process..

[30]  Andrew P. Bradley,et al.  The use of the area under the ROC curve in the evaluation of machine learning algorithms , 1997, Pattern Recognit..

[31]  Ram Dantu,et al.  Detecting Spam in VoIP Networks , 2005, SRUTI.

[32]  Chita R. Das,et al.  Exploring Anti-Spam Models in Large Scale VoIP Systems , 2008, 2008 The 28th International Conference on Distributed Computing Systems.

[33]  Daniel B. Wright,et al.  Receiver Operating Characteristics Curves , 2005 .

[34]  Hong Yan,et al.  Incorporating Active Fingerprinting into SPIT Prevention Systems , 2006 .

[35]  Nello Cristianini,et al.  An introduction to Support Vector Machines , 2000 .

[36]  Xiao Su,et al.  Adaptive Voice Spam Control with User Behavior Analysis , 2009, 2009 11th IEEE International Conference on High Performance Computing and Communications.

[37]  Y. Rebahi,et al.  SIP Service Providers and The Spam Problem , 2005 .

[38]  Eric Y. Chen,et al.  Using Call Patterns to Detect Unwanted Communication Callers , 2009, 2009 Ninth Annual International Symposium on Applications and the Internet.

[39]  Mohammad Hadi Sadreddini,et al.  A sliding window based algorithm for frequent closed itemset mining over data streams , 2013, J. Syst. Softw..

[40]  Vladimir Cherkassky,et al.  The Nature Of Statistical Learning Theory , 1997, IEEE Trans. Neural Networks.

[41]  Jürgen Quittek,et al.  Detecting SPIT Calls by Checking Human Communication Patterns , 2007, 2007 IEEE International Conference on Communications.

[42]  R. Quinlan,et al.  Decision tree discovery , 1999 .

[43]  Pat Langley,et al.  Estimating Continuous Distributions in Bayesian Classifiers , 1995, UAI.

[44]  Thorsten Joachims,et al.  Making large scale SVM learning practical , 1998 .

[45]  Marit Hansen,et al.  Developing a Legally Compliant Reachability Management System as a Countermeasure against SPIT 1 , 2006 .

[46]  Piotr Indyk,et al.  Maintaining Stream Statistics over Sliding Windows , 2002, SIAM J. Comput..

[47]  Ron Kohavi,et al.  Scaling Up the Accuracy of Naive-Bayes Classifiers: A Decision-Tree Hybrid , 1996, KDD.

[48]  Saurabh Bagchi,et al.  Spam detection in voice-over-IP calls through semi-supervised clustering , 2009, 2009 IEEE/IFIP International Conference on Dependable Systems & Networks.