Presentation is loading. Please wait.

Presentation is loading. Please wait.

Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,

Published byRoy Welch Modified over 8 years ago

Similar presentations

Presentation on theme: "Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,"— Presentation transcript:

1 Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication, 2005 IEEE/Sarnoff Symposium on April 18-19, 2005

2 2 Outline Introduction Problem description Voice Spam specifics Anonymity SPIT scenarios and implications for signaling Statistics for signaling Conclusion Reference

3 3 Introduction The proposed approach is based on the simple analysis of the VoIP signaling messages (set-up and termination requests). Once implemented on the call server, the method enables service providers or enterprises to block external spam sources targeting their voice networks.

4 4 Problem description Voice Spam specifics Spam over IP Telephony (SPIT) Unsolicited voice messages Combination of a telemarketing call and an email spam message Consists of two parts: signaling and media data Analyzing data content may be not only impractical but also not legal in many case Detect the call as spam before the actual call happen. ie: during signaling exchange stage.

5 5 Anonymity VoIP technology provides freedom for aliases and anonymity services. The incoming calls can be anonymous in that fact the recipient is unable to determine the actual caller.

6 6 Anonymity (cont) Spammer Proxy1 Proxy2 User SGW1SGW2 B2BUA SS7 Regular Header Field No CallerID, Contact:B2BUA From: random alias Contact: Session counterpart From: anonymized or non-displayed No CIN No CallerID, From: GW2, Contact: GW2 Via: ncnu.edu Contact: b2b@ncnu.edu Via: sell.com From: random Contact: spit@sell.com Via: sell.com Contact: spit@sell.com Via: gw2.carrier.net From: ua@gw2.carrier.net

7 7 SPIT scenarios and implications for signaling The detection of spam is based on three main constituent: Signaling routing data of the voice spam. Spam calls are unidirectional. Spam calls termination behavior is statistically consistent. Each call’s time and destination must be kept for further analysis

8 8 SPIT scenarios and implications for signaling (cont) Five states: Persistent telemarketer Call setup request go from the spammer to recipients, whereas termination request flow from recipients to the spammer. ie: Telephone polls Timer-conscious spammer The telemarketer tries to cover as many recipients as possible, and hangs up when he figures out that his offer is unlikely to be accepted. Call setup and termination requests go the same direction from the spammer to recipients Ue:Fax broadcasting falls into this category.

9 9 SPIT scenarios and implications for signaling (cont) Prerecorded message SPIT is being distributed by an automated calling engine as a played message. call setup and termination requests go the same direction from the spammer to recipients. Message deposited to the voice mailbox Can either leave the message or terminate the session as soon as presence of voice mailbox is detected. setup and termination requests go from the spammer to the recipient’s side

10 10 SPIT scenarios and implications for signaling (cont) Calls set by third party

11 11 Statistics for signaling Every VoIP signaling protocol has its specific session setup and termination requests. For SIP, these are INVITE and BYE respectively Detection statistics Reaction to detected SPIT Limitations of the identity-based statistics

12 12 Detection statistics Monitor the VoIP signaling traffic on the recipients’ access domain Call Server (CS) Spammer Local monitoring module Monitored network Call server user

13 13 Detection statistics (cont) Maintain four stateless counters for the number of times that set-up (SET) and termination (TER) requests passed out and into the monitored network for the calls

14 14 Detection statistics (cont)

15 15 Reaction to detected SPIT Warning display the text warning on the phone, use special ringing tone Call delay switch the caller to the recipient’s voice mail, reject the request and report the callerID and the call at a later time as a missed one Call cancellation drop the call setup on behalf of recipient

16 16 Limitations of the identity-based statistics Spammer can try to hide his real identity from the recipient. Spammer could be a temporarily assumed username. An assumption that could be made is that spammer is constant for a reasonable time period; however this is the most serious limitation for any approach based on statistics per user.

17 17 Conclusion The SPIT detection and blocking method presented in this paper has a number of technological advantages. It relies exclusively on the local policy of the service provider or enterprise protecting its voice network, and can be implemented as a stand-alone module in various elements of the voice network.

18 18 Reference Signaling system 7 (SS7) Encyclopedia of Technology Terms RFC 3515 The Session Initiation Protocol (SIP) Refer Method RFC 3398 Integrated Services Digital Network (ISDN) User Part (ISUP) to Session Initiation Protocol (SIP) Mapping B2BUA ( draft-marjou-sipping-b2bua-00 ) Requirements for a Session Initiation Protocol (SIP) Transparent Back- To-Back User-Agent (B2BUA)

Download ppt "Detection and Mitigation of Spam in IP Telephony Networks using Signaling Protocol Analysis MacIntosh, R Vinokurov, D Advances in Wired and Wireless Communication,"

Similar presentations

VoIP PRESENTATION BY HÜSEYİN SAVRAN 220702044. OUTLINE PSTN an brief history of telephone.

VoIP PRESENTATION BY HÜSEYİN SAVRAN OUTLINE PSTN an brief history of telephone.
1 IP Telephony (VoIP) CSI4118 Fall 2005. 2 Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.

1 IP Telephony (VoIP) CSI4118 Fall Introduction (1) A recent application of Internet technology – Voice over IP (VoIP): Transmission of voice.
Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,

Information-Centric Networks09c-1 Week 9 / Paper 3 VoCCN: Voice Over Content-Centric Networks –V. Jacobson, D. K. Smetters, N. H. Briggs, M. F. Plass,
July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.

July 20, 2000H.323/SIP1 Interworking Between SIP/SDP and H.323 Agenda Compare SIP/H.323 Problems in interworking Possible solutions Conclusion Q/A Kundan.
Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.

Tom Behrens Adam Muniz. Overview What is VoIP SIP Sessions H.323 Examples Problems.
ETSI Workshop on Quality Issues for IP Telephony 8-9 June 1999, Sophia Antipolis, France ETSI PROJECT TIPHON overview of QoS activities ETSI Workshop on.

ETSI Workshop on Quality Issues for IP Telephony 8-9 June 1999, Sophia Antipolis, France ETSI PROJECT TIPHON overview of QoS activities ETSI Workshop on.
Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.

Signalling Flows for the IP Multimedia Call Control in 3G Wireless Network Master’s Project By Sanjeev Kayath.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.

UNCW UNCW SIGGRAPH 2002 Topic #3: Continuous Media in Wired and Wireless Environments Ronald J. Vetter Department of Computer Science University of North.
Session Initiation Protocol (SIP) By: Zhixin Chen.

Session Initiation Protocol (SIP) By: Zhixin Chen.
Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.

Cmpe 491 Special Project In Computer Engineering SIP User Agent In JAVA Alp Eren YILMAZ & Serdar YALÇINKAYA.
A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University

A Generic Event Notification System Using XML and SIP Knarig Arabshian and Henning Schulzrinne Department of Computer Science Columbia University
A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.

A Study of Mobile IP Kunal Ganguly Wichita State University CS843 – Distributed Computing.
 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.

 3G is the third generation of tele standards and technology for mobile networking, superseding 2.5G. It is based on the International Telecommunication.
12/05/2000CS590F, Purdue University1 Sip Implementation Protocol Presented By: Sanjay Agrawal Sambhrama Mundkur.

12/05/2000CS590F, Purdue University1 Sip Implementation Protocol Presented By: Sanjay Agrawal Sambhrama Mundkur.
CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.

CSc 461/561 CSc 461/561 Multimedia Systems Part C: 2. SIP.
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.

Preventing Spam For SIP-based Sessions and Instant Messages Kumar Srivastava Henning Schulzrinne June 10, 2004.
Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.

Introduction to SIP Speaker: Min-Hua Yang Advisor: Ho-Ting Wu Date:2005/3/29.
Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Secure Telephony Enabled Middle-box (STEM) Maggie Nguyen Dr. Mark Stamp SJSU - CS 265 Spring 2003 STEM is proposed as a solution to network vulnerabilities,

Similar presentations

Ads by Google