Abstract
Due to the rapid increase in the speed as well as the number of users over the Internet, the rate of data generation is enormously grown. In addition, at the same rate, the multimedia transmission especially the usage of VoIP calls is rapidly growing due to its cost effectiveness, dramatic functionality over the traditional telephone network and its compatibility with public switched telephone network (PSTN). In most of the developing countries, internet service providers (ISPs) and telecommunication authorities are concerned in detecting such calls to either block or prioritize commercial VoIP. Signature-based, port-based, and pattern-based detection techniques are inaccurate due to the complex and confidential security and tunneling mechanisms used by VoIP. Therefore, in this paper, we proposed a generic, robust, efficient statistical analysis-based solution to identify encrypted and tunneled voice media flows. We extracted six statistical parameters, which are extracted for each flow and compared with threshold values while generating a number of rules to identify VoIP media calls. The paper also offers a complete architecture that can efficiently process high-speed traffic in order to detect VoIP flows at real-time. The proposed system, including the architecture and the algorithm, can be practically implemented in a real environment, such as ISP or telecommunication authority’s gateway. We implemented the system using the parallel environment of Hadoop ecosystem with Spark on the top of it to achieve the real-time processing. We evaluated the system by considering 1) the accuracy in terms of detection rate by computing the direct rate and false positive rate and 2) the efficiency in terms of processing power. The result shows that the system has 97.54% direct rate and .00015% false positive rate, which are quite high. The comparative study proved that the proposed system is more accurate than the existing techniques.
Similar content being viewed by others
References
Adami D, Callegari C, Giordano S, Pagano M, Pepe T (2009) A Real-Time Algorithm for Skype Traffic Detection and Classification. 9th International Conference on Smart Spaces and Next Generation Wired/Wireless Networking and 2nd Conference on Smart Spaces, Postersburg
Alshammari R, Nur Zincir-Heywood A (2010) An Investigation on the Identification of VoIP traffic: Case Study on Gtalk and Skype. In: 2010 International conference on network and service management (CNSM). Niagara Falls, Canada, pp 310–313
Alshammari R, Zincir-Heywood N (2011) Can encrypted traffic be identified without port numbers, IP addresses and payload inspection? Comput Netw 55:1326–1350
Bandre SR, Nandimath JN (2015) Design consideration of Network Intrusion detection system using Hadoop and GPGPU. 2015 International Conference on Pervasive Computing (ICPC), Pune, p 1–6
Baset SA, Schulzrinne H (2006) An Analysis of the Skype Peer-to-Peer Internet Telephony Protocol. 25th International Conference on Computer Communication (INFOCOM), Bercelona, p 1–11
Birke R, Mellia M, Petracca M, Rossi D (2010) Experiences of VoIP traffic monitoring in a commercial ISP. Int J Netw Manag 20:339–359
Bonfiglio D, Mellia M, Meo M, Ritacca N, Rossi D (2008) Tracking Down Skype Traffic. 27th IEEE International Conference on Computer Communication (INFOCOM), Pheonix, p 261–265
Branch P, But J (2012) Rapid and Generalized Identification of Packetized Packetized Voice Traffic Flows. 37th IEEE Conference on Local Computer Networks (LCN12), Clearwater, October 2012
Dusi M, Crotti M, Gringoli F, Salgarelli L (2009) Tunnel hunter: detecting application-layer tunnels with statistical fingerprinting. Comput Netw 53:81–97
Emanuel P. Freire, Artur Ziviani and Ronaldo M. Salles, (2008) Detecting VoIP Calls Hidden in Web Traffic. IEEE transaction on network and service management, Vol no. 5, pp 210–214.
Engen V (2010) Machine learning for network based intrusion. Ph.D. dissertation, Bournemouth Univ., Poole, UK
Frey CA, Smyth B (2015) Efficient network traffic analysis using a hierarchical key combination data structure. U.S. Patent No. 9,014,034. 21 Apr. 2015
Fusco F, Deri L (2010) High Speed Network Traffic Analysis with Commodity Multi-core Systems. Proceedings of the 10th ACM SIGCOMM conference on Internet measurement, p 218–224, Nov. 2010
Github (2016) Hadoop library to read packet capture (PCAP) files. [Online]. https://github.com/RIPE-NCC/hadoop-pcap, Accessed on Apr 1 2016.
Idrees F, Khan UA (2008) A generic technique for voice over internet protocol (VoIP) traffic detection. IJCSNS International Journal of Computer Science and Network Security 8(2):52–59
Jeong HDJ, Hyun W, Lim J, You I (2012) Anomaly Teletraffic Intrusion Detection Systems on Hadoop-Based Platforms: A Survey of Some Problems and Solutions. 15th International Conference on Network-Based Information Systems (NBiS), Melbourne, VIC, pp. 766–770
Jun L, Shunyi Z, Shidong L, Ye X (2007) Active P2P Traffic Identification Technique. 2007 International conference on computational intelligence and security, Harbin, China, p 37–41
Leung C-M, Chan Y-Y (2007) Network Forensic on Encrypted Peer to-Peer VoIP Traffics and The Detection, Blocking, and Prioritization of Skype Traffics. 16th IEEE International Workshops on Enabling Technologies: Infrastructures for Collaborative Enterprises, Paris, p 401–408
Bing Li, Shigang Jin, and Moade Ma, (2010a) “VoIP Traffic Identification Based on Host and Flow Behavior Analysis.” Journal of Network and Systems Management, Volume 19:111.
Li B, Jin S, Ma M (2010b) VoIP Traffic Identification Based on Host and Flow Behavior Analysis. 2010 internationa conference on Wireless Communication Networking and Mobile Computing (WICOM), Chengdu, China, p 1–4
Lin Y-D, Lu C-N, Lai Y-C, Peng W-H, Lin P-C (2009) Application classification using packet size distribution and port association. Journal of Networ and Computer Applications 32:1023–1030
Lu F, Liu X-L, Ma Z-N (2010) Research on the characteristics and blocking realization of Skype protocol. 2010 I.E. international conference on electrical and control engineering (ICECE), Wuhan, China, pp 2964–2967
Maiolini G, Molina G, Baiocchi A, Rizzi A (2009) On the fly application flows identification by exploiting K-means based classifiers. Journal of Information assurance and Security 4:142–150
Mazhar Rathore M, Ahmad A, Paul A (2016) Real time intrusion detection system for ultra-high-speed big data environments. J Supercomput 72(9):3489–3510
Nguyen TTT, Armitage G (2008) Clustering to assist supervised machine learning for real-time IP traffic classification. IEEE International Conference on Communication, Beijing, China, pp 5857–5862
ofcom. (2016) Communications Market Report 2016: Bitesize. [Online]. https://www.ofcom.org.uk/research-and-data/cmr/cmr16/bitesize, Accessed on 10 Oct 2016
Okabe T, Kitamura T, Shizuno T (2006) Statistical Traffic Identification Method Based on Flow-Level Behavior for Fair VoIP service. Proceeding of IEEE Workshop on VoIP Management and Security, p 35–40
Paul A, Ahmad A, Rathore M, Jabbar S, Buddy S (2016) Defining Human Behavior Using Big Data Analytics in Social Internet of Things. IEEE Wireless Communication Magazine 23(5):68
Peranyi M, Molnar S (2007) Enhanced Skype traffic identification, in: Value-Tools. Proceedings of the 2nd International Conference on Performance Evaluation Methodologies and Tools, ICST (Institute for Computer Sciences, Social-Informatics and Telecommunications Engineering), ICST, Brussels, p 1–9
Prathibha PG, Dileesh ED (2013) Design of a hybrid intrusion detection system using snort and hadoop. International Journal of Computer Applications 73(10):5
Renals P, Jacoby GA (2009) Blocking Skype through deep packet inspection. The 42nd Annual Hawaii International Conference on System Sciencs, HICSS’09, Big Island, HI
Rossi D, Mellia M, Meo M (2008) A Detailed Measurement of Skype Network Traffic. Proceedings of the 7th international conference on Peer-to-peer systems, USENIX Association
S. Sagiroglu, Sinanc D (2013) Big Data: a review. 2013 International Conference on Collaboration Technologies and Systems (CTS), p 42–47, IEEE
Tstate (2016) Skype Traces. [Online]. http://tstat.tlc.polito.it/traces-skype.shtml, Accessed on 10 Oct 2016
Wireshark (2016) SampleCaptures. [Online]. http://wiki.wireshark.org/SampleCaptures, Accessed on 10 Oct 2016
Xindong Wu, Xingquan Zhu, Gong-Qing Wu, Wei Ding, (2014) "Data mining with Big Data," IEEE Transactions on Knowledge and Data Engineering, vol. 26, no. 1, pp. 97, 107.
Taner Yildirim and PJ Radcliffe, (2010) “A Framework for Tunneled Traffic Analysis.” 12th International Conference on Advance Communication Technology (ICACT), Phoenix Park, Korea, vol 2, pp 1029–1034.
Yildirim T, Radcliffe Dr PJ (2010) VoIP Traffic Classification in IPsec Tunnels. 2010. In: International conference on electronics and information engineering (ICEIE). Koyoto, Japan
Acknowledgements
This study was supported by the Brain Korea 21 Plus project (SW Human Resource Development Program for Supporting Smart Life) funded by Ministry of Education, School of Computer Science and Engineering, Kyungpook National University, Korea (21A20131600005).
Author information
Authors and Affiliations
Corresponding author
Rights and permissions
About this article
Cite this article
Mazhar Rathore, M., Ahmad, A., Paul, A. et al. Exploiting encrypted and tunneled multimedia calls in high-speed big data environment. Multimed Tools Appl 77, 4959–4984 (2018). https://doi.org/10.1007/s11042-017-4393-7
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-017-4393-7