Multimedia Tools and Applications

, Volume 77, Issue 4, pp 4959–4984 | Cite as

Exploiting encrypted and tunneled multimedia calls in high-speed big data environment

  • M. Mazhar Rathore
  • Awais Ahmad
  • Anand Paul
  • Seungmin Rho


Due to the rapid increase in the speed as well as the number of users over the Internet, the rate of data generation is enormously grown. In addition, at the same rate, the multimedia transmission especially the usage of VoIP calls is rapidly growing due to its cost effectiveness, dramatic functionality over the traditional telephone network and its compatibility with public switched telephone network (PSTN). In most of the developing countries, internet service providers (ISPs) and telecommunication authorities are concerned in detecting such calls to either block or prioritize commercial VoIP. Signature-based, port-based, and pattern-based detection techniques are inaccurate due to the complex and confidential security and tunneling mechanisms used by VoIP. Therefore, in this paper, we proposed a generic, robust, efficient statistical analysis-based solution to identify encrypted and tunneled voice media flows. We extracted six statistical parameters, which are extracted for each flow and compared with threshold values while generating a number of rules to identify VoIP media calls. The paper also offers a complete architecture that can efficiently process high-speed traffic in order to detect VoIP flows at real-time. The proposed system, including the architecture and the algorithm, can be practically implemented in a real environment, such as ISP or telecommunication authority’s gateway. We implemented the system using the parallel environment of Hadoop ecosystem with Spark on the top of it to achieve the real-time processing. We evaluated the system by considering 1) the accuracy in terms of detection rate by computing the direct rate and false positive rate and 2) the efficiency in terms of processing power. The result shows that the system has 97.54% direct rate and .00015% false positive rate, which are quite high. The comparative study proved that the proposed system is more accurate than the existing techniques.


VoIP Big data Tunneling Hadoop Spark 



This study was supported by the Brain Korea 21 Plus project (SW Human Resource Development Program for Supporting Smart Life) funded by Ministry of Education, School of Computer Science and Engineering, Kyungpook National University, Korea (21A20131600005).


  1. 1.
    Adami D, Callegari C, Giordano S, Pagano M, Pepe T (2009) A Real-Time Algorithm for Skype Traffic Detection and Classification. 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and 2nd Conference on Smart Spaces, PostersburgGoogle Scholar
  2. 2.
    Alshammari R, Nur Zincir-Heywood A (2010) An Investigation on the Identification of VoIP traffic: Case Study on Gtalk and Skype. In: 2010 International conference on network and service management (CNSM). Niagara Falls, Canada, pp 310–313CrossRefGoogle Scholar
  3. 3.
    Alshammari R, Zincir-Heywood N (2011) Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput Netw 55:1326–1350CrossRefGoogle Scholar
  4. 4.
    Bandre SR, Nandimath JN (2015) Design consideration of Network Intrusion detection system using Hadoop and GPGPU. 2015 International Conference on Pervasive Computing (ICPC), Pune, p 1–6Google Scholar
  5. 5.
    Baset SA, Schulzrinne H (2006) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. 25th International Conference on Computer Communication (INFOCOM), Bercelona, p 1–11Google Scholar
  6. 6.
    Birke R, Mellia M, Petracca M, Rossi D (2010) Experiences of VoIP traffic monitoring in a commercial ISP. Int J Netw Manag 20:339–359CrossRefGoogle Scholar
  7. 7.
    Bonfiglio D, Mellia M, Meo M, Ritacca N, Rossi D (2008) Tracking Down Skype Traffic. 27th IEEE International Conference on Computer Communication (INFOCOM), Pheonix, p 261–265Google Scholar
  8. 8.
    Branch P, But J (2012) Rapid and Generalized Identification of Packetized Packetized Voice Traffic Flows. 37th IEEE Conference on Local Computer Networks (LCN12), Clearwater, October 2012Google Scholar
  9. 9.
    Dusi M, Crotti M, Gringoli F, Salgarelli L (2009) Tunnel hunter: detecting application-layer tunnels with statistical fingerprinting. Comput Netw 53:81–97CrossRefGoogle Scholar
  10. 10.
    Emanuel P. Freire, Artur Ziviani and Ronaldo M. Salles, (2008) Detecting VoIP Calls Hidden in Web Traffic. IEEE transaction on network and service management, Vol no. 5, pp 210–214.Google Scholar
  11. 11.
    Engen V (2010) Machine learning for network based intrusion. Ph.D. dissertation, Bournemouth Univ., Poole, UKGoogle Scholar
  12. 12.
    Frey CA, Smyth B (2015) Efficient network traffic analysis using a hierarchical key combination data structure. U.S. Patent No. 9,014,034. 21 Apr. 2015Google Scholar
  13. 13.
    Fusco F, Deri L (2010) High Speed Network Traffic Analysis with Commodity Multi-core Systems. Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, p 218–224, Nov. 2010Google Scholar
  14. 14.
    Github (2016) Hadoop library to read packet capture (PCAP) files. [Online]., Accessed on Apr 1 2016.
  15. 15.
    Idrees F, Khan UA (2008) A generic technique for voice over internet protocol (VoIP) traffic detection. IJCSNS International Journal of Computer Science and Network Security 8(2):52–59Google Scholar
  16. 16.
    Jeong HDJ, Hyun W, Lim J, You I (2012) Anomaly Teletraffic Intrusion Detection Systems on Hadoop-Based Platforms: A Survey of Some Problems and Solutions. 15th International Conference on Network-Based Information Systems (NBiS), Melbourne, VIC, pp. 766–770Google Scholar
  17. 17.
    Jun L, Shunyi Z, Shidong L, Ye X (2007) Active P2P Traffic Identification Technique. 2007 International conference on computational intelligence and security, Harbin, China, p 37–41Google Scholar
  18. 18.
    Leung C-M, Chan Y-Y (2007) Network Forensic on Encrypted Peer to-Peer VoIP Traffics and The Detection, Blocking, and Prioritization of Skype Traffics. 16th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Paris, p 401–408Google Scholar
  19. 19.
    Bing Li, Shigang Jin, and Moade Ma, (2010a) “VoIP Traffic Identification Based on Host and Flow Behavior Analysis.” Journal of Network and Systems Management, Volume 19:111.Google Scholar
  20. 20.
    Li B, Jin S, Ma M (2010b) VoIP Traffic Identification Based on Host and Flow Behavior Analysis. 2010 internationa conference on Wireless Communication Networking and Mobile Computing (WICOM), Chengdu, China, p 1–4Google Scholar
  21. 21.
    Lin Y-D, Lu C-N, Lai Y-C, Peng W-H, Lin P-C (2009) Application classification using packet size distribution and port association. Journal of Networ and Computer Applications 32:1023–1030CrossRefGoogle Scholar
  22. 22.
    Lu F, Liu X-L, Ma Z-N (2010) Research on the characteristics and blocking realization of Skype protocol. 2010 I.E. international conference on electrical and control engineering (ICECE), Wuhan, China, pp 2964–2967Google Scholar
  23. 23.
    Maiolini G, Molina G, Baiocchi A, Rizzi A (2009) On the fly application flows identification by exploiting K-means based classifiers. Journal of Information assurance and Security 4:142–150Google Scholar
  24. 24.
    Mazhar Rathore M, Ahmad A, Paul A (2016) Real time intrusion detection system for ultra-high-speed big data environments. J Supercomput 72(9):3489–3510CrossRefGoogle Scholar
  25. 25.
    Nguyen TTT, Armitage G (2008) Clustering to assist supervised machine learning for real-time IP traffic classification. IEEE International Conference on Communication, Beijing, China, pp 5857–5862Google Scholar
  26. 26.
    ofcom. (2016) Communications Market Report 2016: Bitesize. [Online]., Accessed on 10 Oct 2016
  27. 27.
    Okabe T, Kitamura T, Shizuno T (2006) Statistical Traffic Identification Method Based on Flow-Level Behavior for Fair VoIP service. Proceeding of IEEE Workshop on VoIP Management and Security, p 35–40Google Scholar
  28. 28.
    Paul A, Ahmad A, Rathore M, Jabbar S, Buddy S (2016) Defining Human Behavior Using Big Data Analytics in Social Internet of Things. IEEE Wireless Communication Magazine 23(5):68CrossRefGoogle Scholar
  29. 29.
    Peranyi M, Molnar S (2007) Enhanced Skype traffic identification, in: Value-Tools. Proceedings of the 2nd International Conference on Performance Evaluation Methodologies and Tools, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, p 1–9Google Scholar
  30. 30.
    Prathibha PG, Dileesh ED (2013) Design of a hybrid intrusion detection system using snort and hadoop. International Journal of Computer Applications 73(10):5CrossRefGoogle Scholar
  31. 31.
    Renals P, Jacoby GA (2009) Blocking Skype through deep packet inspection. The 42nd Annual Hawaii International Conference on System Sciencs, HICSS’09, Big Island, HIGoogle Scholar
  32. 32.
    Rossi D, Mellia M, Meo M (2008) A Detailed Measurement of Skype Network Traffic. Proceedings of the 7th international conference on Peer-to-peer systems, USENIX AssociationGoogle Scholar
  33. 33.
    S. Sagiroglu, Sinanc D (2013) Big Data: a review. 2013 International Conference on Collaboration Technologies and Systems (CTS), p 42–47, IEEEGoogle Scholar
  34. 34.
    Tstate (2016) Skype Traces. [Online]., Accessed on 10 Oct 2016
  35. 35.
    Wireshark (2016) SampleCaptures. [Online]., Accessed on 10 Oct 2016
  36. 36.
    Xindong Wu, Xingquan Zhu, Gong-Qing Wu, Wei Ding, (2014) "Data mining with Big Data," IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 1, pp. 97, 107.Google Scholar
  37. 37.
    Taner Yildirim and PJ Radcliffe, (2010) “A Framework for Tunneled Traffic Analysis.” 12th International Conference on Advance Communication Technology (ICACT), Phoenix Park, Korea, vol 2, pp 1029–1034.Google Scholar
  38. 38.
    Yildirim T, Radcliffe Dr PJ (2010) VoIP Traffic Classification in IPsec Tunnels. 2010. In: International conference on electronics and information engineering (ICEIE). Koyoto, JapanGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  • M. Mazhar Rathore
    • 1
  • Awais Ahmad
    • 1
  • Anand Paul
    • 1
  • Seungmin Rho
    • 2
  1. 1.School of Computer Science and EngineeringKyungpook National UniversityDaeguSouth Korea
  2. 2.Department of Media SoftwareSungkyul UniversityAnyangSouth Korea

Personalised recommendations