Skip to main content
SpringerLink
Log in

Behavior-based approach to detect spam over IP telephony attacks

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Spam over IP telephony (SPIT) is expected to become a serious problem as the use of voice over IP grows. This kind of spam is appreciated by spammers due to its effectiveness and low cost. Many anti-SPIT solutions are applied to resolve this problem but there are still limited in some cases. Thus, in this paper, we propose a system to detect SPIT attacks through behavior-based approach. Our framework operates in three steps: (1) collecting significant calls attributes by exploring and analyzing network traces using OPNET environment; (2) applying sliding windows strategy to properly maintain the callers profiles; and (3) classifying caller (i.e., legitimate or SPITter) using ten supervised learning methods: NaïveBayes, BayesNet, SMO RBFKernel, SMO PolyKernel, MultiLayerPerceptron with two and three layers, NBTree, J48, Bagging and AdaBoostM1. The results of our experiments demonstrate the great performance of these methods. Our study, based on receiver operating characteristics curves, shows that the AdaBoostM1 classifier is more efficient than the other methods and achieve an almost perfect detection rate with acceptable training time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17

Similar content being viewed by others

References

  1. Kolan, P., Dantu, R.: Socio-technical defense against voice spamming. ACM Trans. Auton. Adapt. Syst. (TAAS) 2(1), 2 (2007)

    Article  Google Scholar 

  2. Shin, D., Ahn, J., Shim, C.: Progressive multi gray-leveling: a voice spam protection algorithm. IEEE Netw. 20(5), 18–24 (2006)

    Article  Google Scholar 

  3. Yan, H., Sripanidkulchai, K., Zhang, H., Shae, Z.Y., Saha, D.: Incorporating active fingerprinting into spit prevention systems. In: Third Annual Security Workshop (VSW), 2006

  4. Schlegel, R., Niccolini, S., Tartarelli, S., Brunner, M.: Spit prevention framework. In: Proceedings of IEEE GLOBECOM, pp. 1–6, Dec. 2006

  5. Nassar, M., Dabbebi, O., Badonnel, R., Festor, O.: Risk management in voip infrastructure using support vector machines. In: Proceedings of International Conference on Network and Service Management (CNSM), pp. 48–55, Oct. 2010

  6. Nassar, M., State, R., Festor, O.: Monitoring sip traffic using support vector machines. In: Proceedings of the International Symposium on Recent Advances in Intrusion Detection (RAID), pp. 311–330, 2008

  7. Wu, Y.S., Bagchi, S., Singh, N., Wita, R.: Spam detection in voice-over-ip calls through semi-supervised clustering. In: Proceedings of Dependable Systems Networks, pp. 307–316, 2009

  8. Keromytis, A.D.: A comprehensive survey of voice over ip security research. IEEE Commun. Surv. Tutor. 14(2), 514–537 (2012)

    Article  Google Scholar 

  9. Bai, Y., Su, X., Bhargava, B.: Adaptive voice spam control with user behavior analysis. In: Proceedings of IEEE International Conference on High Performance Computing and Communications (HPCC), pp. 354–361, Jun. 2009

  10. Rosenberg, J., Jennnings, C.: The session initiation protocol and spam. In: IETF Draft, Feb. 2007

  11. Hasen, M., Hansen, M., Moller, J., Rohwer, T., Tolkmit, C., Waack, H.: Developing a legally compliant reachability management system as a countermeasure against spit. In: VoIP Security Workshop, Berlin, Jun. 2006

  12. Dantu, R., Kolan, P.: Detecting spam in voip networks. In: Proceedings of the Steps to Reducing Unwanted Traffic On the Internet Workshop, Cambridge, pp. 31–37, Jul. 2005

  13. Radermacher, T.A.: Spam Prevention in Voice over IP Networks. Master’s thesis, University of Slazburg, Nov. 2005

  14. Mathieu, B., Niccolini, S., Sisalem, D.: Sdrs: a voice-over-ip spam detection and reaction system. IEEE Secur. Priv. 6, 52–59 (2008)

    Article  Google Scholar 

  15. Levine, B.N., Shields, C., Margolin, N.B.: A survey of solutions to the sybil attack. In: Technical Report 2006–052, University of Massachusetts Amherst, MA, Oct. 2006

  16. Rebahi, Y., Sisalem, D.: Sip service providers and the spam problem. In: Workshop on Securing Voice over IP, Washington, DC, Jun. 2005

  17. Patankar, P., Nam, G., Kesidisand, G., Das, C.: Exploring anti-spam models in large scale voip systems. In: Proceedings of International Conference on Distributed Computing Systems, China, Jun. 2008

  18. Balasubramaniyan, V.A., Ahamad, M., Park, H.: Callrank: Combating spit using call duration, social networks and global reputation. In: Proceedings of Conference on Email and Anti-Spam, USA, Aug. 2007

  19. Soupionis, Y., Gritzalis, D.: Aspf: Adaptive anti-spit policy-based framework. In: Proceedings of International Conference on Availability, Reliability and Security (ARES), Aug. 2011

  20. Johansen, A.J.: Improvement of Spit Prevention Technique Based on Turing Test. PhD thesis, Mahanakorn University of Technology, 2010

  21. Quittek, J., Niccolini, S., Tartarelli, S., Stiemerling, M., Brunner, M., Ewald, T.: Detecting spit calls by checking human communication patterns. In: Proceedings of IEEE International Conference on Communications (ICC), pp. 1979–1984, 2007

  22. Kusumoto, T., Chen, E.Y., Itoh, M.: Using call patterns to detect unwanted communication callers. In: Proceedings of International Symposium on Applications and the Internet (SAINT), 2009

  23. Jabeur Ben Chikha, R., Abbes, T., Bouhoula, A.: A spit detection algorithm based on user’s call behavior. In: 21st International Conference on Software, Telecommunications and Computer Networks (SoftCOM), Sept. 2013

  24. Datar, M., Gionis, A., Indyk, P., Motwani, R.: Maintaining stream statistics over sliding windows. In: Proceedings of 13th Annual ACM-SIAM Symposium on Discrete Algorithms (SODA), pp. 635–644, Jan. 2002

  25. Golab, L., Garg, S., Ozsu, M.T.: On indexing sliding windows over on-line data streams. In: Proceedings of International Conference on Extending Database Technology (EDBT), pp. 712–729, 2004

  26. Bouckaert, R.: Bayesian Network Classifiers in Weka. Technical Report, Department of Computer Science, Waikato University, Hamilton, 2005

  27. John, G.H., Langley, P.: Estimating continuous distributions in bayesian classifiers. In: Proceedings of 11th Conference on Uncertainty in Artificial Intelligence, pp. 338–345. Morgan Kaufman, San Mateo (1995)

  28. Bishop, C.: Neural Networks for Pattern Recognition. Oxford University Press, Oxford (1995)

    MATH  Google Scholar 

  29. Kohavi, R., Quinlan, J.R.: Decision-tree discovery. In: Klosgen, W., Zytkow, J.M. (eds.) Handbook of Data Mining and Knowledge Discovery, Chap. 16.1.3. pp. 267–276. Oxford University Press (2002)

  30. Kohavi, R.: Scaling up the accuracy of naive-bayes classifiers: a decision-tree hybrid. In: Proceedings of 2nd International Conference on Knowledge Discovery and Data Mining (KDD), 1996

  31. Vapnik, V.N.: The Nature of Statistical Learning Theory, 2nd edn. Springer, New York (1999)

    MATH  Google Scholar 

  32. Cristianini, N., Shawe-Taylor, N.J.: An introduction to support vector machines. Cambridge University Press, Cambridge (2000)

    MATH  Google Scholar 

  33. Vapnik, V.N.: Statistical Learning Theory. Wiley, New York (1998)

    MATH  Google Scholar 

  34. Joachims, T.: Making large-scale svm learning practical. In: Schokopf, B., et al. (eds.) Advances in Kernel Methods-Support Vector Learning. MIT Press, Cambridge (1999)

    Google Scholar 

  35. Platt, J.C.: Fast training of support vector machines using sequential minimal optimization. In: Schokopf, B., et al. (eds.) Advances in Kernel Methods: Support Vector Machines. MIT Press, Cambridge (1998)

    Google Scholar 

  36. Scholkopf, B., Smola, A.: Learning with Kernels: Support Vector Machines, Regularization, Optimization and Beyond. The MIT Press, Cambridge (2002)

    Google Scholar 

  37. Scholkopf, B., Kah-Kay, S., Burges, C., Girosi, F., Niyogi, P., Poggio, T., Vapnik, V.: Comparing support vector machines with gaussian kernels to radial basis function classifiers. In: Proceedings of Signal Processing, pp. 2758–2765, 1997

  38. Kumar, R., Indrayan, A.: Receiver operating characteristic (roc) curve for medical researchers. Indian Pediatr. 48(4), 277–287 (2011)

    Article  Google Scholar 

  39. Breiman, L.: Arcing classifiers. Ann. Stat. 26(3), 801–849 (1998)

    Article  MathSciNet  MATH  Google Scholar 

  40. Saber, E., Tekalp, A.M., Eschbach, R., Knox, K.: Automatic image annotation using adaptive color classification. Graphical Models Image Process. 58, 115–126 (1996)

    Article  Google Scholar 

  41. Nori, F., Deypir, M., Sadreddini, M.H.: A sliding window based algorithm for frequent closed itemset mining over data streams. J. Syst. Softw. 86(3), 615–623 (2013)

  42. OPNET Technologies Inc. 2012. URL: http://www.opnet.com/

  43. Weka, Machine Learning Group at the University of Waikato. URL: http://www.cs.waikato.ac.nz/ml/weka/

  44. Fawcett, T.: An introduction to roc analysis. Pattern Recogn. Lett. 27, 861–874 (2006)

    Article  Google Scholar 

  45. Bradley, A.P.: The use of the area under the ROC curve in the evaluation of machine learning algorithms. Pattern Recogn. 30, 1145–1159 (1997)

    Article  Google Scholar 

  46. Wright, D.B.: Receiver operating characteristics curves. Encycl. Stat. Behav. Sci. 4, 1718–1721 (2005)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Digital Security Research Unit, Higher School of Communication of Tunis (Sup’Com), University of Carthage, Cité El Ghazala, Tunisia

    Randa Jabeur Ben Chikha, Tarek Abbes & Adel Bouhoula

  2. SERCOM laboratory, Tunisia Polytechnic School, Carthage University, 2078, La Marsa, Tunisia

    Wassim Ben Chikha

Authors
  1. Randa Jabeur Ben Chikha
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tarek Abbes
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Wassim Ben Chikha
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Adel Bouhoula
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Randa Jabeur Ben Chikha.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Jabeur Ben Chikha, R., Abbes, T., Ben Chikha, W. et al. Behavior-based approach to detect spam over IP telephony attacks. Int. J. Inf. Secur. 15, 131–143 (2016). https://doi.org/10.1007/s10207-015-0281-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-015-0281-1

Keywords

Search

Navigation