Abstract
Spam over IP telephony (SPIT) is expected to become a serious problem as the use of voice over IP grows. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but there are still limited in some cases. Thus, in this paper, we propose a system to detect SPIT attacks through behavior-based approach. Our framework operates in three steps: (1) collecting significant calls attributes by exploring and analyzing network traces using OPNET environment; (2) applying sliding windows strategy to properly maintain the callers profiles; and (3) classifying caller (i.e., legitimate or SPITter) using ten supervised learning methods: NaïveBayes, BayesNet, SMO RBFKernel, SMO PolyKernel, MultiLayerPerceptron with two and three layers, NBTree, J48, Bagging and AdaBoostM1. The results of our experiments demonstrate the great performance of these methods. Our study, based on receiver operating characteristics curves, shows that the AdaBoostM1 classifier is more efficient than the other methods and achieve an almost perfect detection rate with acceptable training time.
Similar content being viewed by others
References
Kolan, P., Dantu, R.: Socio-technical defense against voice spamming. ACM Trans. Auton. Adapt. Syst. (TAAS) 2(1), 2 (2007)
Shin, D., Ahn, J., Shim, C.: Progressive multi gray-leveling: a voice spam protection algorithm. IEEE Netw. 20(5), 18–24 (2006)
Yan, H., Sripanidkulchai, K., Zhang, H., Shae, Z.Y., Saha, D.: Incorporating active fingerprinting into spit prevention systems. In: Third Annual Security Workshop (VSW), 2006
Schlegel, R., Niccolini, S., Tartarelli, S., Brunner, M.: Spit prevention framework. In: Proceedings of IEEE GLOBECOM, pp. 1–6, Dec. 2006
Nassar, M., Dabbebi, O., Badonnel, R., Festor, O.: Risk management in voip infrastructure using support vector machines. In: Proceedings of International Conference on Network and Service Management (CNSM), pp. 48–55, Oct. 2010
Nassar, M., State, R., Festor, O.: Monitoring sip traffic using support vector machines. In: Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 311–330, 2008
Wu, Y.S., Bagchi, S., Singh, N., Wita, R.: Spam detection in voice-over-ip calls through semi-supervised clustering. In: Proceedings of Dependable Systems Networks, pp. 307–316, 2009
Keromytis, A.D.: A comprehensive survey of voice over ip security research. IEEE Commun. Surv. Tutor. 14(2), 514–537 (2012)
Bai, Y., Su, X., Bhargava, B.: Adaptive voice spam control with user behavior analysis. In: Proceedings of IEEE International Conference on High Performance Computing and Communications (HPCC), pp. 354–361, Jun. 2009
Rosenberg, J., Jennnings, C.: The session initiation protocol and spam. In: IETF Draft, Feb. 2007
Hasen, M., Hansen, M., Moller, J., Rohwer, T., Tolkmit, C., Waack, H.: Developing a legally compliant reachability management system as a countermeasure against spit. In: VoIP Security Workshop, Berlin, Jun. 2006
Dantu, R., Kolan, P.: Detecting spam in voip networks. In: Proceedings of the Steps to Reducing Unwanted Traffic On the Internet Workshop, Cambridge, pp. 31–37, Jul. 2005
Radermacher, T.A.: Spam Prevention in Voice over IP Networks. Master’s thesis, University of Slazburg, Nov. 2005
Mathieu, B., Niccolini, S., Sisalem, D.: Sdrs: a voice-over-ip spam detection and reaction system. IEEE Secur. Priv. 6, 52–59 (2008)
Levine, B.N., Shields, C., Margolin, N.B.: A survey of solutions to the sybil attack. In: Technical Report 2006–052, University of Massachusetts Amherst, MA, Oct. 2006
Rebahi, Y., Sisalem, D.: Sip service providers and the spam problem. In: Workshop on Securing Voice over IP, Washington, DC, Jun. 2005
Patankar, P., Nam, G., Kesidisand, G., Das, C.: Exploring anti-spam models in large scale voip systems. In: Proceedings of International Conference on Distributed Computing Systems, China, Jun. 2008
Balasubramaniyan, V.A., Ahamad, M., Park, H.: Callrank: Combating spit using call duration, social networks and global reputation. In: Proceedings of Conference on Email and Anti-Spam, USA, Aug. 2007
Soupionis, Y., Gritzalis, D.: Aspf: Adaptive anti-spit policy-based framework. In: Proceedings of International Conference on Availability, Reliability and Security (ARES), Aug. 2011
Johansen, A.J.: Improvement of Spit Prevention Technique Based on Turing Test. PhD thesis, Mahanakorn University of Technology, 2010
Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting spit calls by checking human communication patterns. In: Proceedings of IEEE International Conference on Communications (ICC), pp. 1979–1984, 2007
Kusumoto, T., Chen, E.Y., Itoh, M.: Using call patterns to detect unwanted communication callers. In: Proceedings of International Symposium on Applications and the Internet (SAINT), 2009
Jabeur Ben Chikha, R., Abbes, T., Bouhoula, A.: A spit detection algorithm based on user’s call behavior. In: 21st International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Sept. 2013
Datar, M., Gionis, A., Indyk, P., Motwani, R.: Maintaining stream statistics over sliding windows. In: Proceedings of 13th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 635–644, Jan. 2002
Golab, L., Garg, S., Ozsu, M.T.: On indexing sliding windows over on-line data streams. In: Proceedings of International Conference on Extending Database Technology (EDBT), pp. 712–729, 2004
Bouckaert, R.: Bayesian Network Classifiers in Weka. Technical Report, Department of Computer Science, Waikato University, Hamilton, 2005
John, G.H., Langley, P.: Estimating continuous distributions in bayesian classifiers. In: Proceedings of 11th Conference on Uncertainty in Artificial Intelligence, pp. 338–345. Morgan Kaufman, San Mateo (1995)
Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, Oxford (1995)
Kohavi, R., Quinlan, J.R.: Decision-tree discovery. In: Klosgen, W., Zytkow, J.M. (eds.) Handbook of Data Mining and Knowledge Discovery, Chap. 16.1.3. pp. 267–276. Oxford University Press (2002)
Kohavi, R.: Scaling up the accuracy of naive-bayes classifiers: a decision-tree hybrid. In: Proceedings of 2nd International Conference on Knowledge Discovery and Data Mining (KDD), 1996
Vapnik, V.N.: The Nature of Statistical Learning Theory, 2nd edn. Springer, New York (1999)
Cristianini, N., Shawe-Taylor, N.J.: An introduction to support vector machines. Cambridge University Press, Cambridge (2000)
Vapnik, V.N.: Statistical Learning Theory. Wiley, New York (1998)
Joachims, T.: Making large-scale svm learning practical. In: Schokopf, B., et al. (eds.) Advances in Kernel Methods-Support Vector Learning. MIT Press, Cambridge (1999)
Platt, J.C.: Fast training of support vector machines using sequential minimal optimization. In: Schokopf, B., et al. (eds.) Advances in Kernel Methods: Support Vector Machines. MIT Press, Cambridge (1998)
Scholkopf, B., Smola, A.: Learning with Kernels: Support Vector Machines, Regularization, Optimization and Beyond. The MIT Press, Cambridge (2002)
Scholkopf, B., Kah-Kay, S., Burges, C., Girosi, F., Niyogi, P., Poggio, T., Vapnik, V.: Comparing support vector machines with gaussian kernels to radial basis function classifiers. In: Proceedings of Signal Processing, pp. 2758–2765, 1997
Kumar, R., Indrayan, A.: Receiver operating characteristic (roc) curve for medical researchers. Indian Pediatr. 48(4), 277–287 (2011)
Breiman, L.: Arcing classifiers. Ann. Stat. 26(3), 801–849 (1998)
Saber, E., Tekalp, A.M., Eschbach, R., Knox, K.: Automatic image annotation using adaptive color classification. Graphical Models Image Process. 58, 115–126 (1996)
Nori, F., Deypir, M., Sadreddini, M.H.: A sliding window based algorithm for frequent closed itemset mining over data streams. J. Syst. Softw. 86(3), 615–623 (2013)
OPNET Technologies Inc. 2012. URL: http://www.opnet.com/
Weka, Machine Learning Group at the University of Waikato. URL: http://www.cs.waikato.ac.nz/ml/weka/
Fawcett, T.: An introduction to roc analysis. Pattern Recogn. Lett. 27, 861–874 (2006)
Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recogn. 30, 1145–1159 (1997)
Wright, D.B.: Receiver operating characteristics curves. Encycl. Stat. Behav. Sci. 4, 1718–1721 (2005)
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Jabeur Ben Chikha, R., Abbes, T., Ben Chikha, W. et al. Behavior-based approach to detect spam over IP telephony attacks. Int. J. Inf. Secur. 15, 131–143 (2016). https://doi.org/10.1007/s10207-015-0281-1
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10207-015-0281-1