Skip to main content
SpringerLink
Log in

Exploiting encrypted and tunneled multimedia calls in high-speed big data environment

  • Published:
Multimedia Tools and Applications Aims and scope Submit manuscript

Abstract

Due to the rapid increase in the speed as well as the number of users over the Internet, the rate of data generation is enormously grown. In addition, at the same rate, the multimedia transmission especially the usage of VoIP calls is rapidly growing due to its cost effectiveness, dramatic functionality over the traditional telephone network and its compatibility with public switched telephone network (PSTN). In most of the developing countries, internet service providers (ISPs) and telecommunication authorities are concerned in detecting such calls to either block or prioritize commercial VoIP. Signature-based, port-based, and pattern-based detection techniques are inaccurate due to the complex and confidential security and tunneling mechanisms used by VoIP. Therefore, in this paper, we proposed a generic, robust, efficient statistical analysis-based solution to identify encrypted and tunneled voice media flows. We extracted six statistical parameters, which are extracted for each flow and compared with threshold values while generating a number of rules to identify VoIP media calls. The paper also offers a complete architecture that can efficiently process high-speed traffic in order to detect VoIP flows at real-time. The proposed system, including the architecture and the algorithm, can be practically implemented in a real environment, such as ISP or telecommunication authority’s gateway. We implemented the system using the parallel environment of Hadoop ecosystem with Spark on the top of it to achieve the real-time processing. We evaluated the system by considering 1) the accuracy in terms of detection rate by computing the direct rate and false positive rate and 2) the efficiency in terms of processing power. The result shows that the system has 97.54% direct rate and .00015% false positive rate, which are quite high. The comparative study proved that the proposed system is more accurate than the existing techniques.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12

Similar content being viewed by others

References

  1. Adami D, Callegari C, Giordano S, Pagano M, Pepe T (2009) A Real-Time Algorithm for Skype Traffic Detection and Classification. 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and 2nd Conference on Smart Spaces, Postersburg

  2. Alshammari R, Nur Zincir-Heywood A (2010) An Investigation on the Identification of VoIP traffic: Case Study on Gtalk and Skype. In: 2010 International conference on network and service management (CNSM). Niagara Falls, Canada, pp 310–313

    Chapter  Google Scholar 

  3. Alshammari R, Zincir-Heywood N (2011) Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput Netw 55:1326–1350

    Article  Google Scholar 

  4. Bandre SR, Nandimath JN (2015) Design consideration of Network Intrusion detection system using Hadoop and GPGPU. 2015 International Conference on Pervasive Computing (ICPC), Pune, p 1–6

  5. Baset SA, Schulzrinne H (2006) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. 25th International Conference on Computer Communication (INFOCOM), Bercelona, p 1–11

  6. Birke R, Mellia M, Petracca M, Rossi D (2010) Experiences of VoIP traffic monitoring in a commercial ISP. Int J Netw Manag 20:339–359

    Article  Google Scholar 

  7. Bonfiglio D, Mellia M, Meo M, Ritacca N, Rossi D (2008) Tracking Down Skype Traffic. 27th IEEE International Conference on Computer Communication (INFOCOM), Pheonix, p 261–265

  8. Branch P, But J (2012) Rapid and Generalized Identification of Packetized Packetized Voice Traffic Flows. 37th IEEE Conference on Local Computer Networks (LCN12), Clearwater, October 2012

  9. Dusi M, Crotti M, Gringoli F, Salgarelli L (2009) Tunnel hunter: detecting application-layer tunnels with statistical fingerprinting. Comput Netw 53:81–97

    Article  Google Scholar 

  10. Emanuel P. Freire, Artur Ziviani and Ronaldo M. Salles, (2008) Detecting VoIP Calls Hidden in Web Traffic. IEEE transaction on network and service management, Vol no. 5, pp 210–214.

  11. Engen V (2010) Machine learning for network based intrusion. Ph.D. dissertation, Bournemouth Univ., Poole, UK

  12. Frey CA, Smyth B (2015) Efficient network traffic analysis using a hierarchical key combination data structure. U.S. Patent No. 9,014,034. 21 Apr. 2015

  13. Fusco F, Deri L (2010) High Speed Network Traffic Analysis with Commodity Multi-core Systems. Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, p 218–224, Nov. 2010

  14. Github (2016) Hadoop library to read packet capture (PCAP) files. [Online]. https://github.com/RIPE-NCC/hadoop-pcap, Accessed on Apr 1 2016.

  15. Idrees F, Khan UA (2008) A generic technique for voice over internet protocol (VoIP) traffic detection. IJCSNS International Journal of Computer Science and Network Security 8(2):52–59

    Google Scholar 

  16. Jeong HDJ, Hyun W, Lim J, You I (2012) Anomaly Teletraffic Intrusion Detection Systems on Hadoop-Based Platforms: A Survey of Some Problems and Solutions. 15th International Conference on Network-Based Information Systems (NBiS), Melbourne, VIC, pp. 766–770

  17. Jun L, Shunyi Z, Shidong L, Ye X (2007) Active P2P Traffic Identification Technique. 2007 International conference on computational intelligence and security, Harbin, China, p 37–41

  18. Leung C-M, Chan Y-Y (2007) Network Forensic on Encrypted Peer to-Peer VoIP Traffics and The Detection, Blocking, and Prioritization of Skype Traffics. 16th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Paris, p 401–408

  19. Bing Li, Shigang Jin, and Moade Ma, (2010a) “VoIP Traffic Identification Based on Host and Flow Behavior Analysis.” Journal of Network and Systems Management, Volume 19:111.

  20. Li B, Jin S, Ma M (2010b) VoIP Traffic Identification Based on Host and Flow Behavior Analysis. 2010 internationa conference on Wireless Communication Networking and Mobile Computing (WICOM), Chengdu, China, p 1–4

  21. Lin Y-D, Lu C-N, Lai Y-C, Peng W-H, Lin P-C (2009) Application classification using packet size distribution and port association. Journal of Networ and Computer Applications 32:1023–1030

    Article  Google Scholar 

  22. Lu F, Liu X-L, Ma Z-N (2010) Research on the characteristics and blocking realization of Skype protocol. 2010 I.E. international conference on electrical and control engineering (ICECE), Wuhan, China, pp 2964–2967

  23. Maiolini G, Molina G, Baiocchi A, Rizzi A (2009) On the fly application flows identification by exploiting K-means based classifiers. Journal of Information assurance and Security 4:142–150

    Google Scholar 

  24. Mazhar Rathore M, Ahmad A, Paul A (2016) Real time intrusion detection system for ultra-high-speed big data environments. J Supercomput 72(9):3489–3510

    Article  Google Scholar 

  25. Nguyen TTT, Armitage G (2008) Clustering to assist supervised machine learning for real-time IP traffic classification. IEEE International Conference on Communication, Beijing, China, pp 5857–5862

    Google Scholar 

  26. ofcom. (2016) Communications Market Report 2016: Bitesize. [Online]. https://www.ofcom.org.uk/research-and-data/cmr/cmr16/bitesize, Accessed on 10 Oct 2016

  27. Okabe T, Kitamura T, Shizuno T (2006) Statistical Traffic Identification Method Based on Flow-Level Behavior for Fair VoIP service. Proceeding of IEEE Workshop on VoIP Management and Security, p 35–40

  28. Paul A, Ahmad A, Rathore M, Jabbar S, Buddy S (2016) Defining Human Behavior Using Big Data Analytics in Social Internet of Things. IEEE Wireless Communication Magazine 23(5):68

    Article  Google Scholar 

  29. Peranyi M, Molnar S (2007) Enhanced Skype traffic identification, in: Value-Tools. Proceedings of the 2nd International Conference on Performance Evaluation Methodologies and Tools, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, p 1–9

  30. Prathibha PG, Dileesh ED (2013) Design of a hybrid intrusion detection system using snort and hadoop. International Journal of Computer Applications 73(10):5

    Article  Google Scholar 

  31. Renals P, Jacoby GA (2009) Blocking Skype through deep packet inspection. The 42nd Annual Hawaii International Conference on System Sciencs, HICSS’09, Big Island, HI

  32. Rossi D, Mellia M, Meo M (2008) A Detailed Measurement of Skype Network Traffic. Proceedings of the 7th international conference on Peer-to-peer systems, USENIX Association

  33. S. Sagiroglu, Sinanc D (2013) Big Data: a review. 2013 International Conference on Collaboration Technologies and Systems (CTS), p 42–47, IEEE

  34. Tstate (2016) Skype Traces. [Online]. http://tstat.tlc.polito.it/traces-skype.shtml, Accessed on 10 Oct 2016

  35. Wireshark (2016) SampleCaptures. [Online]. http://wiki.wireshark.org/SampleCaptures, Accessed on 10 Oct 2016

  36. Xindong Wu, Xingquan Zhu, Gong-Qing Wu, Wei Ding, (2014) "Data mining with Big Data," IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 1, pp. 97, 107.

  37. Taner Yildirim and PJ Radcliffe, (2010) “A Framework for Tunneled Traffic Analysis.” 12th International Conference on Advance Communication Technology (ICACT), Phoenix Park, Korea, vol 2, pp 1029–1034.

  38. Yildirim T, Radcliffe Dr PJ (2010) VoIP Traffic Classification in IPsec Tunnels. 2010. In: International conference on electronics and information engineering (ICEIE). Koyoto, Japan

    Google Scholar 

Download references

Acknowledgements

This study was supported by the Brain Korea 21 Plus project (SW Human Resource Development Program for Supporting Smart Life) funded by Ministry of Education, School of Computer Science and Engineering, Kyungpook National University, Korea (21A20131600005).

Author information

Authors and Affiliations

  1. School of Computer Science and Engineering, Kyungpook National University, Daegu, South Korea

    M. Mazhar Rathore, Awais Ahmad & Anand Paul

  2. Department of Media Software, Sungkyul University, Anyang, South Korea

    Seungmin Rho

Authors
  1. M. Mazhar Rathore
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Awais Ahmad
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Anand Paul
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Seungmin Rho
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Anand Paul.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Mazhar Rathore, M., Ahmad, A., Paul, A. et al. Exploiting encrypted and tunneled multimedia calls in high-speed big data environment. Multimed Tools Appl 77, 4959–4984 (2018). https://doi.org/10.1007/s11042-017-4393-7

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11042-017-4393-7

Keywords

Search

Navigation