Prakash Kolan
Abstract
Voice over IP (VoIP) is a key enabling technology for migration of circuit-switched PSTN (Public Switched Telephone Network) architectures to packet-based networks. One problem of the present VoIP networks is filtering spam calls referred to as SPIT (Spam over Internet Telephony). Unlike spam in e-mail systems, VoIP spam calls have to be identified in real time. Many of the techniques devised for e-mail spam detection rely upon content analysis, and in the case of VoIP, it is too late to analyze the content (voice) as the user would have already attended the call. Therefore, the real challenge is to block a spam call before the telephone rings. In addition, we believe it is imperative that spam filters integrate human behavioral aspects to gauge the legitimacy of voice calls. We know that, when it comes to receiving or rejecting a voice call, people use the social meaning of trust, reputation, friendship of the calling party and their own mood. In this article, we describe a multi-stage, adaptive spam filter based on presence (location, mood, time), trust, and reputation to detect spam in voice calls. In particular, we describe a closed-loop feedback control between different stages to decide whether an incoming call is spam. We further propose formalism for voice-specific trust and reputation analysis. We base this formal model on a human intuitive behavior for detecting spam based on the called party's direct and indirect relationships with the calling party. No VoIP corpus is available for testing the detection mechanism. Therefore, for verifying the detection accuracy, we used a laboratory setup of several soft-phones, real IP phones and a commercial-grade proxy server that receives and processes incoming calls. We experimentally validated the proposed filtering mechanisms by simulating spam calls and measured the filter's accuracy by applying the trust and reputation formalism. We observed that, while the filter blocks a second spam call from a spammer calling from the same end IP host and domain, the filter needs only a maximum of three calls---even in the case when spammer moves to a new host and domain. Finally, we present a detailed sensitivity analysis for examining the influence of parameters such as spam volume and network size on the filter's accuracy.
- Biever, C. 2004. Move over spam, make way for “spit”. http://www.newscientist.com/article.ns?id=dn6445Google Scholar
- Boykin, P.O. and Roychowdhury, V. 2004. Personal Email networks: An effective Anti-spam tool. Preprint, http://www.arxiv.org/abs/cond-mat/0402143Google Scholar
- Cahill, V., Shand, B., Gray, E., Dimmock, N., Twigg, A., Bacon, J., English, C., Wagealla, W., Terzis, S., Noxon, P., Bryce, C., Serugendo, G.M., Seigneurl, J. M., Carbone, M., Krukow, K., Jenson, C., Chen, Y., and Nielsen, M. 2003. Using trust for secure collaboration in uncertain environments. IEEE Pervas. Comput. 2, 3, 52--61. Google ScholarDigital Library
- Cohen, W. W. 1996. Learning rules that classify e-mail. In Proceedings of the AAAI Spring Symposium on Machine Learning in Information Access.Google Scholar
- Damiani, E., Vimercati, S. D. C., Paraboschi, S., and Samarati, P. 2004. P2P-Based collaborative spam detection and filtering. In Proceedings of 4th IEEE Conference on Peer-to-Peer Computing (P2P'04) (Zurich, Switzerland). IEE Computer Society Press, Los ALamitos, CA. Google ScholarCross Ref
- Dantu, R. and Kolan, P. 2004. Preventing Voice Spamming. In Proceedings of the IEEE GlobeComm Workshop on VoIP Security. IEE Computer Society Press, Los ALamitos, CA.Google Scholar
- Dantu, R. and Kolan P. 2005. Detecting spam in VoIP networks. In Proceedings of USENIX, SRUTI(Steps for Reducing Unwanted Traffic on the Internet) Workshop. Google ScholarDigital Library
- Dantu, R., Cangussu, J., and Yelimeli, A. 2004b. Dynamic control of worm propagation. In Proceedings of the IEEE International Conference on Information Technology (ITCC). Google ScholarDigital Library
- Evett, D. 2006. Spam Statistics 2006. http://spam-filter-review.toptenreviews.com/spam-statistics.html.Google Scholar
- Foukia, N., Zhou, L., and Neuman, C. 2006. Multilateral decisions for collaborative defense against unsolicited bulk e-mail. In Proceedings of the International Conference on Trust Management. Google ScholarDigital Library
- Goecks, J. and Mynatt E. D. 2002. Enabling privacy management in ubiquitous computing environments through trust and reputation systems. In Proceedings of the Workshop on Privacy in Digital Environments: Empowering Users. Proceedings of CSCW.Google Scholar
- Golbeck, J. and Hendler, J. 2004. Reputation network analysis for email filtering. In Proceedings of the IEEE conference on Email and Anti Spam. IEEE Computer Society Press, Los ALamitos, CA.Google Scholar
- Good, I. J. 1965. The estimation of probabilities: An essay on modern Bayesian methods. M.I.T Press, Cambridge, MA.Google Scholar
- Hepburn, M. and Wright, D. 2003. Execution contexts for determining trust in a higher-order π calculus. School of Computing, University of Tasmania Technical Report.Google Scholar
- Jøsang, A., Ismail, R., and Boyd, C. 2006. A survey of trust and reputation systems for online service provision. Decision Support Systems.Google Scholar
- Krukow, K. and Nielsen, M. 2006. From simulations to theorems: A position paper on research in the field of computational trust. In Proceedings of Formal Aspects in Security and Trust. Google ScholarDigital Library
- Lacy, S. 2006. Is your VoIP phone vulnerable? http://www.businessweek.com/technology/content/jun2006/tc20060613_799282.htmGoogle Scholar
- Lancaster, K. 2003. Resilient packet ring: Enabling VoIP delivery. Internet Telephony.Google Scholar
- Lei, H. and Shoja, G. C. 2005. A distributed trust model for e-commerce applications. IEEE International Conference on e-Technology, e-Commerce and e-Service. Google ScholarDigital Library
- Macintosh, R. and Vinokurov, D. 2005. Detection and mitigation of spam in IP telephony networks using signaling protocol analysis. In Proceedings of the IEEE Symposium on Advances in Wired and Wireless Communication. IEEE Computer Society Press, Los ALamitos, CA. 49--52.Google Scholar
- Marsh, S. 1994. Formalizing trust as a computational concept. Ph.D. dissertation. University of Stirling.Google Scholar
- Mui, L., Mohtashemi, M., and Halberstadt, A. 2002. A computational model of trust and reputation. In Proceedings of the 35th Hawaii International Conference on System Science. 280--287. Google ScholarDigital Library
- Niccolini, S., Tartarelli, S., Stiemerling, M., and Srivastava, S. 2006. SIP extensions for SPIT identification. IETF SIP draft, draft-niccolini-sipping-feedback-spit-02.Google Scholar
- Ono, K. and Schulzrinne, H. 2005. Trust path discovery. IETF Internet Draft.Google Scholar
- Orbaek, P. and Palsberg, J. 1997. Trust in the λ calculus. Funct. Prog. 7, 6, 557--591. Google ScholarDigital Library
- Palla, S. and Dantu, R. 2006. Detecting Phishing in Emails. Spam Conference, MIT.Google Scholar
- Rago, S. 2006. VoIP spells equipment oppurtunities now. Networking and Optical Communications---Q3 Topical Report, Isuppli.Google Scholar
- Rahman, A. A. and Hailes, S. 1998. A distributed trust model. In Proceedings of New Security Paradigms Workshop, ACM Press, New York, 48--60. Google ScholarDigital Library
- Ray, I. and Chakraborty, S. 2004. A vector model of trust for developing trustworthy systems. In Proceedings of 9th European Symposium on Research in Computer Security (ESORICS'04), (Sophia Antipolis, France).Google Scholar
- Rebahi, Y. and Sisalem, D. 2005. SIP service providers and the spam problem. In Proceedings of Voice over IP Secuity Workshop (Washington, DC).Google Scholar
- Rigoutsos, I. and Huynh, T. 2004. Chung-Kwei: A pattern discovery based system for the automatic identification of unsolicited e-mail messages. In Proceedings of the 1st Conference on E-mail and Anti-Spam.Google Scholar
- Rosenberg, J., Shulzrinne, H., Camerillo, G., Johnston, A., Peterson, J., Sparks, R., Handley, M., and Schooler, E. 2002. Session Initiation Protocol. RFC 3261Google Scholar
- Rosenberg, J., Jennings, C., and Peterson, J. 2006. The session initiation protocol (SIP) and spam. Spam Draft - draft-ietf-sipping-spam-02.txtGoogle Scholar
- Sabater, J. and Sierra, C. 2005. Review on computational trust and reputation models. Artifi. Intell. Rev. 24, 33--60. Google ScholarDigital Library
- Sahami, M., Dumais, S., Heckerman, D., and Horvitz, E. 1998. A Bayesian approach to filtering junk e-mail. Learning for Text Categorization---Papers from the AAAI Workshop, pp. 55--62, Madison, WI. AAAI Technical Report WS-98-05.Google Scholar
- Sakkis, G., Androutsopoulos, I., Paliouras, G., Karkaletsis, V., Spyropoulos, C. D., and Stamatopoulos, P. 2003. A memory-based approach to anti-spam filtering for mailing lists. Inf. Retrieval. Google ScholarDigital Library
- Seigneur, J. M., Dimmock, N., Bryce, C., and Jensen, C. D. 2004. Combating spam with TEA (Trustworthy email addresses). In Proceedings of the 2nd Annual Conference on Privacy, Security and Trust (PST'04) (Fredericton, New Brunswick, Canada). 47--58.Google Scholar
- Shin, D. and Shim, C. 2005. Voice spam control with gray leveling. In Proceedings of 2nd VoIP Security Workshop (Washington, DC).Google Scholar
- Soonthornphisaj, N., Chaikulseriwat, K., and Tang-On, P. 2002. Anti-spam filtering: A centroid based classification approach. In IEEE Proceedings ICSP. IEE Computer Society Press, Los ALamitos, CA.Google Scholar
- Wang, Y. and Vassileva, J. 2003a. Bayesian network-based trust model. In Proceedings of IEEE/WIC International Conference on Web Intelligence (WI 2003). IEE Computer Society Press, Los ALamitos, CA. Google ScholarDigital Library
- Wang, Y. and Vassileva, J. 2003b. Bayesian network-based trust model in peer-to-peer networks. In Proceedings of the Workshop on “Deception, Fraud and Trust in Agent Societies” at the Autonomous Agents and Multi Agent Systems (AAMAS-03) (Melbourne, Australia).Google Scholar
- Wattson, B. 2004. Beyond identity: Addressing problems that persist in an electronic mail system with reliable sender identification. In Proceedings of the 1st Conference on Email and Anti-Spam (CEAS).Google Scholar
- Yu, B. and Singh, M. P. 2002. An evidential model of distributed reputation management. In Proceedings of 1st International Joint Conference on Autonomous Agents and Multi-Agent Systems, Vol. 1, ACM, New York, 294--301. Google ScholarDigital Library
- Yu, B. and Singh, M. P. 2001. Towards a probabilistic model of distributed reputation management. In Proceedings of 4th Workshop on Deception, Fraud and Trust in Agent Societies (Montreal, Canada).Google Scholar
- Zacharia, G. and Maes, P. 2000. Trust management through reputation mechanisms. Appl. Artifi. Intell. 14, 9, 881--908.Google ScholarCross Ref
- Zacharia,G., Moukas, A. and Maes, P. 1999. Collaborative reputation mechanisms in electronic marketplaces. In Proceedings of 32nd Hawaii International Conference on System Sciences. Google ScholarDigital Library
- Zimmerman, P. R. 1995. The Official PGP User's Guide. MIT Press, Cambridge, MA. Google ScholarDigital Library
Index Terms
- Socio-technical defense against voice spamming
Recommendations
On the development of an internetwork-centric defense for scanning worms
Studies of worm outbreaks have found that the speed of worm propagation makes manual intervention ineffective. Consequently, many automated containment mechanisms have been proposed to contain worm outbreaks before they grow out of control. These ...
Spamming botnets: signatures and characteristics
In this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and ...
Spamming botnets: signatures and characteristics
SIGCOMM '08: Proceedings of the ACM SIGCOMM 2008 conference on Data communicationIn this paper, we focus on characterizing spamming botnets by leveraging both spam payload and spam server traffic properties. Towards this goal, we developed a spam signature generation framework called AutoRE to detect botnet-based spam emails and ...
Comments