Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers

Research Article

Call Behavioral Analysis to Thwart SPIT Attacks on VoIP Networks

Download
278 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-31909-9_31,
        author={Hemant Sengar and Xinyuan Wang and Arthur Nichols},
        title={Call Behavioral Analysis to Thwart SPIT Attacks on VoIP Networks},
        proceedings={Security and Privacy in Communication Networks. 7th International ICST Conference, SecureComm 2011, London, UK, September 7-9, 2011, Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2012},
        month={10},
        keywords={Voice Spam SPIT VoIP Behavioral Analysis},
        doi={10.1007/978-3-642-31909-9_31}
    }
    
  • Hemant Sengar
    Xinyuan Wang
    Arthur Nichols
    Year: 2012
    Call Behavioral Analysis to Thwart SPIT Attacks on VoIP Networks
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-31909-9_31
Hemant Sengar1,*, Xinyuan Wang2,*, Arthur Nichols1,*
  • 1: Windstream Communications
  • 2: George Mason University
*Contact email: Hemant.Sengar@windstream.com, xwangc@gmu.edu, Arthur.Nichols@windstream.com

Abstract

The threat of voice spam, commonly known as Spam over Internet Telephony (SPIT) is a real and contemporary problem. If the problem remains unchecked then it may become as potent as email spam today. In this paper, we present two approaches to detect and prevent SPITting over the Internet. Both of our approaches are based on the anomaly detection of the distributions of selected call features (i.e., day and time of calling, call durations etc.). The first approach uses as a summarization tool and it is able to reliably detect individual spam VoIP calls at a microscopic level. The second approach is designed to detect groups of (potentially collaborating) VoIP spam calls at a macroscopic level. By computing of call durations of groups of calls, we are able to build profile of normal calls and reliably detect the deviation from normal human call behavior that are caused by bulk spam calls. We empirically validate our VoIP spam call detection approaches with real VoIP call traces obtained from a VoIP service provider network. Our experimental results show that call feature distributions can be used to build a fairly general and effective anomalous call behavior detection framework.