Muhammad Ajmal Azad

Decentralized privacy-aware collaborative filtering of smart spammers in a telecommunication network

Smart spammers and telemarketers circumvent the standalone spam detection systems by making low rate spam-ming activity to a large number of recipients distributed across many telecommunication operators. The collaboration among multiple telecommunication operators (OPs) will allow operators to get rid of unwanted callers at the early stage of their spamming activity. The challenge in the design of collaborative spam detection system is that OPs are not willing to share certain information about behaviour of their users/customers because of privacy concerns. Ideally, operators agree to share certain aggregated statistical information if collaboration process ensures complete privacy protection of users and their network data. To address this challenge and convince OPs for the collaboration, this paper proposes a decentralized reputation aggregation protocol that enables OPs to take part in a collaboration process without use of a trusted third party centralized system and without developing a predefined trust relationship with other OPs. To this extent, the collaboration among operators is achieved through the exchange of cryptographic reputation scores among OPs thus fully protects relationship network and reputation scores of users even in the presence of colluders. We evaluate the performance of proposed protocol over the simulated data consisting of five collaborators. Experimental results revealed that proposed approach outperforms standalone systems in terms of true positive rate and false positive rate.

Early identification of spammers through identity linking, social network and call features

Abstract Multiple identities are created to gain financial benefits by performing malicious activities such as spamming, committing frauds and abusing the system. A single malicious individual may have a large number of identities in order to make malicious activities to a large number of legitimate individuals. Linking identities of an individual would help in protecting the legitimate users from abuses, frauds, and maintains reputation of the service provider. Simply analyzing each identitys historical behavior is not sufficient to block spammers frequently changing identity because spammers quickly discards the identity and start using new one. Moreover, spammers may appear as a legitimate user on an initial analysis, for example because of small number of interactions from any identity. The challenge is to identify the spammer by analyzing the aggregate behavior of an individual rather than that of a single calling identity. This paper presents EIS (early identification of spammers) system for the early identification of spammers frequently changing identities. Specifically, EIS system consists of three modules and uses social call graph among identities. (1) An ID-CONNECT module that links identities that belongs to a one physical individual based on a social network structure and calling attributes of identities; (2) a reputation module that computes reputation of an individual by considering his aggregate behavior from his different identities; and (3) a detection module that computes automated threshold below which individuals are classified as a spammer or a non-spammer. We evaluate the proposed system on a synthetic data-set that has been generated for the different graph networks and different percentage of spammers. Performance analysis shows that EIS is effective against spammers frequently changing their identities and is able to achieve high true positive rate when spammers have high small overlap in target victims from their identities.

M2M-REP: Reputation of Machines in the Internet of Things

The Internet of Things (IoT) is the integration of a large number of autonomous heterogeneous devices that report information from the physical environment to the monitoring system for analytics and meaningful decisions. The compromised machines in the IoT network may not only be used for spreading unwanted content such as spam, malware, viruses etc, but can also report incorrect information about the physical world that might have a disastrous consequence. The challenge is to design a collaborative reputation system that calculates trustworthiness of machines in the IoT-based machine-to-machine network without consuming high system resources and breaching the privacy of participants. To address the challenge of privacy preserving reputation system for the decentralized IoT environment, this paper presents a novel M2M-REP (Machine to Machine Reputation) system that computes global reputation of the machine by aggregating the encrypted local feedback provided by machines in a fully decentralized and secure way. The privacy of participating machines is well protected such that machines or analyst would not learn any information about the feedback score provided by the participating machines other than the final aggregated statistical score. We present a decentralized reputation aggregation system for two scenarios: a semi-honest (honest-but-curious) setup where machines are trustworthy in providing feedback but are curious to learn sensitive information about the collaborating machines, and the malicious model where machines not only try to learn the sensitive information of participants but also do not follow the protocol specification in providing feedback. We analyzed the security and privacy properties of the M2M-REP system for different adversarial models.

A privacy-aware decentralized and personalized reputation system

Abstract Reputation systems enable consumers to evaluate the trustworthiness of business entities (retailers, sellers) over the marketplace. In electronic marketplaces, the reputation of an business entity (retailer, seller) is computed by aggregating the “trust-scores” assigned to her by the parties who have had transactions with her. Most reputation systems designed for online marketplaces use all the available trust-scores to compute the reputation of business entity. However, in some scenarios, the consumer may wish to compute the reputation of a business entity by considering the trust-scores from a set of trustworthy participants, however, she does not want to disclose the identities of the users she trusts. There are two privacy protection challenges in the design of this kind of personalized reputation system: 1) protecting the set of trusted users of participants, and 2) protecting the trust-scores assigned by the participants in the trusted set. In this paper, we present a novel framework for computing the personalized global reputation of a business entity by considering the trust-scores from a set of trusted participants without disclosing identities of participants in the trusted set and their trust-scores. To this extent, the participants share cryptograms of their trust-scores for the business entity to the decentralized public bulletin board or tally center. These encrypted trust-scores are then used by the requester to compute the personalized reputation score of the business entity without leaking private information of participants in the system. We have analyzed the security and privacy properties of the scheme for the malicious adversarial model. The protocol has a linear message complexity, which proves that the system can be deployed in a real setup where such personalized recommendations may be required in practice. Furthermore, the system ensures correctness, privacy and security of trust-scores of participants in the trusted set under the malicious adversarial model.

Clustering VoIP caller for SPIT identification

The number of unsolicited and advertisement telephony calls over traditional and Internet telephony has rapidly increased over recent few years. Every year, the telecommunication regulators, law enforcement agencies and telecommunication operators receive a very large number of complaints against these unsolicited, unwanted calls. These unwanted calls not only bring financial loss to the users of the telephony but also annoy them with unwanted ringing alerts. Therefore, it is important for the operators to block telephony spammers at the edge of the network so to gain trust of their customers. In this paper, we propose a novel spam detection system by incorporating different social network features for combating unwanted callers at the edge of the network. To this extent the reputation of each caller is computed by processing call detailed records of user using three social network features that are the frequency of the calls between caller and the callee, the duration between caller and the callee and the number of outgoing partners associated with the caller. Once the reputation of the caller is computed, the caller is then places in a spam and non-spam clusters using unsupervised machine learning. The performance of the proposed approach is evaluated using a synthetic dataset generated by simulating the social behaviour of the spammers and the non-spammers. The evaluation results reveal that the proposed approach is highly effective in blocking spammer with 2% false positive rate under a large number of spammers. Moreover, the proposed approach does not require any change in the underlying VoIP network architecture, and also does not introduce any additional signalling delay in a call set-up phase.

COLIDE: A collaborative intrusion detection framework for internet of things

Internet of Things (IoT) represent a network of resource-constrained sensor devices connected through the open Internet, susceptible to misuse by intruders. Traditional standalone intrusion detection systems (IDS) are tasked with monitoring device behaviours to identify malicious activities. These systems not only require extensive network and system resources but also cause delays in detecting a malicious actor due to unavailability of a comprehensive view of the intruders activities. Collaboration among IoT devices enables considering knowledge from a collection of host and network devices to achieve improved detection accuracy in a timely manner. However, collaboration introduces the challenge of energy efficiency and event processing which is particularly significant for resource-constrained devices. In this paper, we present a collaborative intrusion detection framework (COLIDE) for IoT leveraging collaboration among resource-constrained sensor and border nodes for effective and timely detection of intruders. The paper presents a detailed formal description of the proposed framework along with analysis to assess its effectiveness for a typical IoT system. We implemented the COLIDE framework with Contiki OS and conducted thorough experimentation to evaluate its performance. The evaluation demonstrates efficiency of COLIDE framework with respect to energy and processing overheads achieving effectiveness within an IoT system.

SOCIO-LENS: Spotting Unsolicited Caller Through Network Analysis

Spam and unwanted content has been a significant challenge for the Internet technologies (email, social networks, search engines, etc.) for decades. However, in recent years, the advent of modern and cheap telephony technologies and larger user base (more than six billion users) has attracted scammers to use telephony for distributing unwanted content via instant messaging and calls. Detection of unwanted caller in the telephony has become challenging because the content is available only after the call has already been answered by the recipients and thus is too late to block the unwanted caller after the call has already been established. One of the interesting possibilities is to develop a telephony blacklist database using social behaviour of users towards their friends and family circle by modelling call meta-data as a weighted network graph. In this chapter, we model user’s behaviour as a weighted call graph network and identify malicious users by analysing different network features of users. To this extent, we have identified a set of features that help represent malicious and non-malicious behaviour of users in a network. We have conducted rigorous experimentation of the proposed system via its implementation with data set collected by small-scale telecommunication operator. We present the outcomes of our evaluation highlighting the efficacy of the system’s performance and identifying possible directions for future work.

PrivBox: Verifiable decentralized reputation system for online marketplaces

Abstract In online marketplaces (e-commerce, cloud marketplaces), potential buyers/consumers do not have direct access to inspect the quality of products and services offered by retailers and service providers of marketplaces. Therefore, consumers have to trust the reputation system of the marketplace for making a meaningful decision whether they should have interaction with the particular service provider or not. Consumer’s feedback plays an important role while evaluating the trustworthiness of the service provider, but it brings challenges to security and the consumer’s privacy. Existing centralized reputation systems collect and process consumer’s feedback at the centralized trusted system but these systems could leak sensitive information of consumers (such as buying history, likes and dislikes). To ensure the privacy of consumers, in this paper, we present PrivBox, a privacy-preserving decentralized reputation system that computes reputation of retailers or service providers by leveraging feedback from users in a secure and private way. The PrivBox system uses primitives of a homomorphic cryptographic system and non-interactive zero-knowledge proof to achieve objectives of privacy-preservation and well-formedness. PrixBox performs its operations in a decentralized setting, and ensures the following characteristics. (1) It guarantees privacy of consumers without relying on any trusted setup or trusted third party system, (2) it ensures that the consumer’s feedback ratings remain within the prescribed range, and (3) it enables consumers and service providers to verify the computed statistics without relying on a trusted third party. To evaluate the performance, we have implemented operations of the PrivBox system. The results demonstrate that the proposed system has a small communication and computation overheads with the essential properties of privacy-preservation and decentralization.

M2M-REP: Reputation system for machines in the internet of things

Abstract In the age of IoT (Internet of Things), Machine-to-Machine (M2M) communication has gained significant popularity over the last few years. M2M communication systems may have a large number of autonomous connected devices that provide services without human involvement. Interacting with compromised, infected and malicious machines can bring damaging consequences in the form of network outage, machine failure, data integrity, and financial loss. Hence, users first need to evaluate the trustworthiness of machines prior to interacting with them. This can be realized by using a reputation system, which evaluates the trustworthiness of machines by utilizing the feedback collected from the users of the machines. The design of a reliable reputation system for the distributed M2M communication network should preserve user privacy and have low computation and communication overheads. To address these challenges, we propose an M2M-REP System (Machine to Machine REPutation), a privacy-preserving reputation system for evaluating the trustworthiness of autonomous machines in the M2M network. The system computes global reputation scores of machines while maintaining privacy of the individual participant score by using secure multi-party computation techniques. The M2M-REP system ensures correctness, security and privacy properties under the malicious adversarial model, and allows public verifiability without relying on a centralized trusted system. We implement a prototype of our system and evaluate the system performance in terms of the computation and bandwidth overhead.

Systems and methods for SPIT detection in VoIP: Survey and future directions

Abstract In recent years, VoIP (Voice over IP) telephony has shown a tremendous increase in the number of subscribers due to todays affordable telephony rates and flexible use of Internet technology for voice communication. At the same time, a proportional increase was exhibited in VoIP spamming and SPam over Internet Telephony (SPIT), which are forms of abuse and frauds that can have severe consequences and financial losses for both the service providers and subscribers. This paper surveys, reviews, and discusses the state-of-the-art detection and mitigation techniques and systems for VoIP spamming and SPIT. The paper highlights reasons and motivation behind such abuse and fraud, and it discusses the primary challenges in devising an effective and efficient anti-SPIT detection solutions. Moreover, the paper outlines shortcomings and limitations of existing solutions, and it identifies future research directions to aid in further improving and enhancing effectively and efficiently the detection and mitigation of SPIT and spamming.