An Adaptive Policy-Based Approach to SPIT Management

  • Yannis Soupionis
  • Stelios Dritsas
  • Dimitris Gritzalis
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5283)


Voice over IP (VoIP) is a key enabling technology, which provides new ways of communication. VoIP technologies take advantage of existing data networks to provide inexpensive voice communications world-wide as a promising alternative to the traditional telephone service. At the same time, VoIP provides the means for transmitting bulk unsolicited calls, namely SPam over Internet Telephony (SPIT). SPIT is, up to a given extend, similar to email spam. However, it is expected to be more frustrating because of the real-time processing requirements of voice calls. In this paper we set the foundations of an adaptive approach that handles SPIT through a policy-based management approach (aSPM). aSPM incorporates a set of rules for SPIT attacks detections, together with appropriate actions and controls that should be enforced so as to counter these attacks. Furthermore, the policy is formally described through an XML schema, which refers to both, the attack detection rules, and the corresponding defense actions.


VoIP SPIT Attack Graphs Attack Trees Policy Rules Actions 


  1. 1.
    Rosenberg, J., et al.: Session Initiation Protocol (SIP), RFC 3261 (June 2002)Google Scholar
  2. 2.
    El Sawda, S., Urien, P.: SIP security attacks and solutions: A state-of-the-art review. In: Proc. of IEEE International Conference on Information and Communication Technologies: From Theory to Applications (ICTTA 2006), April 2006, vol. 2, pp. 3187–3191 (2006)Google Scholar
  3. 3.
    Rosenberg, J., Jennings, C.: The Session Initiation Protocol (SIP) and Spam, RFC 5039, Network Working Group (January 2008)Google Scholar
  4. 4.
    Tschofenig, H., Wing, D., Schulzrinne, H., Froment, T., Dawirs, G.: A document format for expressing authorization policies to tackle spam and unwanted communication for Internet Telephony (draft-tschofenig-sipping-spit-policy-02.txt)Google Scholar
  5. 5.
    Lennox, J., Wu, X., Schulzrinne, H.: Call Processing Language(CPL): A Language for User Control of Internet Telephony Services. RFC 3880, Columbia University (October 2004)Google Scholar
  6. 6.
    Quittek, J., et al.: Prevention of Spam over IP Telephony (SPIT). NEC Technical Journal 1(2), 114–119 (2006)Google Scholar
  7. 7.
    Sloman, M., Lupu, E.: Security and management policy specification. IEEE Network, Special Issue on Policy-Based Networking 16(2), 10–19 (2002)Google Scholar
  8. 8.
    Cisco Systems, Session Initiation Protocol gateway call flows and compliance information SIP messages and methods overview,
  9. 9.
  10. 10.
    Dritsas, S., Mallios, J., Theoharidou, M., Marias, G., Gritzalis, D.: Threat analysis of the Session Initiation Protocol regarding spam. In: Proc. of the 3rd IEEE International Workshop on Information Assurance (WIA 2007), April 2007, pp. 426–433. IEEE Press, USA (2007)Google Scholar
  11. 11.
    Marias, G.F., Dritsas, S., Theoharidou, M., Mallios, J., Gritzalis, D.: SIP vulnerabilities and antiSPIT mechanisms assessment. In: Proc. of the 16th IEEE International Conference on Computer Communications and Networks (ICCCN 2007), Hawaii, August 2007, pp. 597–604. IEEE Press, Los Alamitos (2007)CrossRefGoogle Scholar
  12. 12.
    Mehta, V., Bartzis, C., Zhu, H., Clarke, E., Wing, J.: Ranking Attack Graphs. In: Proc. of Recent Advances in Intrusion Detection, September 2006, pp. 127–144. Springer, Germany (2006)CrossRefGoogle Scholar
  13. 13.
    Schneier, B.: ’Attack trees’, in Secrets & Lies: Digital Security in a Networked World, pp. 318–333. Wiley, Chichester (2000)Google Scholar
  14. 14.
    Mallios, Y., Dritsas, S., Tsoumas, S., Gritzalis, D.: Attack modeling of SIP-oriented SPIT. In: Proc. of the 2nd International Workshop on Critical Information Infrastructure Security (CRITIS 2007), October 2007, Springer, Spain (to appear, 2007)Google Scholar
  15. 15.
    Bertino, E., Castano, S., Ferrari, E.: On specifying security policies for web documents with an XML-based language. In: Proc. of the 6th ACM Symposium on Access Control Models and Technologies, pp. 57–65 (2001)Google Scholar
  16. 16.
    SIP Express Router (SER),,
  17. 17.
  18. 18.
    Guang-Yu, H., Ying-Youm, W., Hong, Z.: SPIT Detection and Prevention Method in VoIP Environment. In: The Third International Conference on Availability, Reliability and Security, pp. 473–478 (2008)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Yannis Soupionis
    • 1
  • Stelios Dritsas
    • 1
  • Dimitris Gritzalis
    • 1
  1. 1.Information Security and Critical Infrastructure Protection Research Group, Dept. of InformaticsAthens University of Economics and BusinessAthensGreece

Personalised recommendations