Boxed Out: Blocking Cellular Interconnect Bypass Fraud at the Network Edge

The high price of incoming international calls is a common method of subsidizing telephony infrastructure in the developing world. Accordingly, international telephone system interconnects are regulated to ensure call quality and accurate billing. High call tariffs create a strong incentive to evade such interconnects and deliver costly international calls illicitly. Specifically, adversaries use VoIP-GSM gateways informally known as "simboxes" to receive incoming calls over wired data connections and deliver them into a cellular voice network through a local call that appears to originate from a customer's phone. This practice is not only extremely profitable for simboxers, but also dramatically degrades network experience for legitimate customers, violates telecommunications laws in many countries, and results in significant revenue loss. In this paper, we present a passive detection technique for combating simboxes at a cellular base station. Our system relies on the raw voice data received by the tower during a call to distinguish errors in GSM transmission from the distinct audio artifacts caused by delivering the call over a VoIP link. Our experiments demonstrate that this approach is highly effective, and can detect 87% of real simbox calls in only 30 seconds of audio with no false positives. Moreover, we demonstrate that evading our detection across multiple calls is only possible with a small probability. In so doing, we demonstrate that fraud that degrades network quality and costs telecommunications billions of dollars annually can easily be detected and counteracted in real time.

[1]  S HilasConstantinos,et al.  An application of supervised and unsupervised learning approaches to telecommunications fraud detection , 2008 .

[2]  Paris A. Mastorocostas,et al.  An application of supervised and unsupervised learning approaches to telecommunications fraud detection , 2008, Knowl. Based Syst..

[3]  Roger Piqueras Jover,et al.  Analysis and detection of SIMbox fraud in mobility networks , 2014, IEEE INFOCOM 2014 - IEEE Conference on Computer Communications.

[4]  Subariah Ibrahim,et al.  Detecting SIM Box Fraud Using Neural Network , 2012, ICITCS.

[5]  Patrick Traynor Characterizing the Security Implications of Third-Party Emergency Alert Systems over Cellular Text Messaging Services , 2012, IEEE Transactions on Mobile Computing.

[6]  R. Les Cottrell Pinging Africa - A decadelong quest aims to pinpoint the internet bottlenecks holding Africa back , 2013 .

[7]  Martin Paping,et al.  Automatic detection of disturbing robot voice- and ping pong-effects in GSM transmitted speech , 1997, EUROSPEECH.

[8]  Fabian Monrose,et al.  Phonotactic Reconstruction of Encrypted VoIP Conversations: Hookt on Fon-iks , 2011, 2011 IEEE Symposium on Security and Privacy.

[9]  Cheng Huang,et al.  Queen: Estimating Packet Loss Rate between Arbitrary Internet Hosts , 2009, PAM.

[10]  Akira Takahashi,et al.  Objective Assessment Methodology for Estimating Conversational Quality in VoIP , 2006, IEEE Transactions on Audio, Speech, and Language Processing.

[11]  Patrick Traynor,et al.  PinDr0p: using single-ended audio features to determine call provenance , 2010, CCS '10.

[12]  Ronald J. Brachman,et al.  Brief Application Description; Visual Data Mining: Recognizing Telephone Calling Fraud , 2004, Data Mining and Knowledge Discovery.

[13]  John Shawe-Taylor,et al.  An Unsupervised Neural Network Approach to Profiling the Behavior of Mobile Phone Users for Use in Fraud Detection , 2001, J. Parallel Distributed Comput..

[14]  Faran Awais Butt,et al.  Short-time energy, magnitude, zero crossing rate and autocorrelation measurement for discriminating voiced and unvoiced segments of speech signals , 2013, 2013 The International Conference on Technological Advances in Electrical, Electronics and Computer Engineering (TAEECE).

[15]  Tiago H. Falk,et al.  Single-Ended Speech Quality Measurement Using Machine Learning Methods , 2006, IEEE Transactions on Audio, Speech, and Language Processing.

[16]  Thomas F. La Porta,et al.  On cellular botnets: measuring the impact of malicious devices on a cellular network core , 2009, CCS.

[17]  Adam Wolisz,et al.  A perceptual quality model intended for adaptive VoIP applications: Research Articles , 2006 .

[18]  Anil C. Kokaram,et al.  Monitoring the effects of temporal clipping on voIP speech quality , 2013, INTERSPEECH.

[19]  S. R. Broom,et al.  VoIP Quality Assessment: Taking Account of the Edge-Device , 2006, IEEE Transactions on Audio, Speech, and Language Processing.

[20]  Wenyu Jiang,et al.  Comparison and optimization of packet loss repair methods on VoIP perceived quality under bursty loss , 2002, NOSSDAV '02.

[21]  Zahid Halim,et al.  Fraudulent call detection for mobile networks , 2010, 2010 International Conference on Information and Emerging Technologies.

[22]  Ayman Radwan,et al.  Non-intrusive single-ended speech quality assessment in VoIP , 2007, Speech Commun..

[23]  V. Hardman,et al.  A survey of packet loss recovery techniques for streaming audio , 1998, IEEE Network.

[24]  Henning Schulzrinne,et al.  RTP Profile for Audio and Video Conferences with Minimal Control , 2003, RFC.

[25]  Carla Teixeira Lopes,et al.  TIMIT Acoustic-Phonetic Continuous Speech Corpus , 2012 .

[26]  Gerhard Haßlinger,et al.  The Gilbert-Elliott Model for Packet Loss in Real Time Services on the Internet , 2011, MMB.

[27]  R. Les Cottrell Pinging Africa - A decadelong quest aims to pinpoint the internet bottlenecks holding Africa back , 2013, IEEE Spectrum.

[28]  Jonathan G. Fiscus,et al.  Darpa Timit Acoustic-Phonetic Continuous Speech Corpus CD-ROM {TIMIT} | NIST , 1993 .