Ricardo Morla

Caller-REP: Detecting unwanted calls with caller social strength

Voice over IP (VoIP) is a cost effective mechanism for telemarketers and criminals to generate bulk spam calls. A challenge in managing a VoIP network is to detect spam calls without user involvement or content analysis. In this paper we present a novel content independent, non-intrusive approach based on caller trust and reputation to block spam callers in a VoIP network. Our approach uses call duration, interaction rate, and caller out-degree distribution to establish a trust network between VoIP users and computes the global reputation of a caller across the network. Our approach uses historical information for automatically determining a global reputation threshold below which a caller is declared as socially non-connected and as a spammer. No VoIP data-set is available for testing the detection mechanism. We verify the accuracy of our approach with synthetic data that we generate by randomly varying the call duration, call rate, and out-degree distributions of spammers and legitimate users. This evaluation shows that our approach can automatically detect spam callers in a network. Our approach achieves a false positive rate of less than 10% and true positive rate of almost 80% in the first two days even in the presence of a significant number of spammers. This increases to a true positive rate of 99% and drops a false positive rate to less than 2% on the third day. In a network with no spammers, our approach achieves a false positive rate of less than 10%. In a network heavily saturated with more than 60% of spam callers, our approach achieves a true positive rate of 98% and no false positives. We compare the performance of our approach with a closely related spam detection approach named Call-Rank. The results show that our approach outperforms Call-Rank in terms of detection accuracy and detection time.

Improving P2P video streaming in wireless mesh networks

P2P Video Streaming has become a reliable and efficient solution for distributing video on the Internet. Similarly to regular P2P file-sharing, all the participating nodes exchange information. Wireless Mesh Networks, in turn, can be seen as a cost-effective solution to extend Internet access networks. In this paper we propose improvements to P2P Video Streaming. These improvements can provide gains in scenarios where the service is deployed over Wireless Mesh Networks and the nodes are simultaneously peers and packet forwarders. By using cross-layer interactions between application and network layers, we show that the proposed improvements reduce substantially the amount of traffic in the network.

Mitigating SPIT with Social Strength

SPIT (Spam over Internet Telephony) is unsolicited, unwanted phone calls made for advertising products or voice phishing. The real time nature of voice calls makes traditional email anti-spam techniques un-applicable to SPIT detection in a VoIP (Voice over Internet Protocol) network. The VoIP users have social network with colleagues, friends, family members, and other acquaintances. Various social reputation approaches have been proposed but these were mainly based on average call duration or require user feedback to assign reputation score. We believe that the computation of reputation should be two fold; firstly it should not involve user feedback and secondly it considers other network features in addition to call duration. In this paper, we propose a social strength for detecting SPIT callers. We analyze how similarities and social ties among VoIP users effect SPIT detection. The local social strength among users are computed considering more features like out-degree, number of repetitive calls, reciprocity and interaction rate. The global strength of the caller is computed using the Eigen trust algorithm and represents the strength of a caller as whole in a network. The global strength values are then compared with the automated threshold value for finally classifying a caller as legitimate and non-legitimate. A distinct feature of our approach is that it does not involve users for feedback and can be easily deployed in real VoIP network without any change in architecture and SIP protocol stack. We evaluate our social strength approach on different types of random network data and shows that the system detects SPIT callers with false positive rate less then 10% and true positive rate of 99% for all type of underlying random networks.

Second life in-world action traffic modeling

Massive multiplayer online games (MMOGs) are increasingly popular because they can provide entertainment, numerous opportunities for socialization, and the ability for end users to earn money. Cornerstone to MMOGs is the underlying network traffic between MMOG clients and servers; understanding this traffic is important for application developers trying to improve game performance and for ISPs trying to provide a better quality of service for their customers. In this paper we present fine-grained approaches at modeling SL client-server traffic. Our approaches differ from existing modeling work as they focus on the analysis of specific in-world actions, on the decomposition of the collected samples in subsets of packets with the same size, and on modeling the dependencies between packets in the sample. We compare our different approaches between them and with the original collected sample using the Kolmogorov-Smirnov (KS) test statistic on packet size and inter-arrival time. We observed over one order of magnitude improvement of our models in the KS statistic for packet size and three time improvement for packet inter-arrival time compared to a bivariate 2-component Gaussian mixture model.

Early identification of spammers through identity linking, social network and call features

Abstract Multiple identities are created to gain financial benefits by performing malicious activities such as spamming, committing frauds and abusing the system. A single malicious individual may have a large number of identities in order to make malicious activities to a large number of legitimate individuals. Linking identities of an individual would help in protecting the legitimate users from abuses, frauds, and maintains reputation of the service provider. Simply analyzing each identitys historical behavior is not sufficient to block spammers frequently changing identity because spammers quickly discards the identity and start using new one. Moreover, spammers may appear as a legitimate user on an initial analysis, for example because of small number of interactions from any identity. The challenge is to identify the spammer by analyzing the aggregate behavior of an individual rather than that of a single calling identity. This paper presents EIS (early identification of spammers) system for the early identification of spammers frequently changing identities. Specifically, EIS system consists of three modules and uses social call graph among identities. (1) An ID-CONNECT module that links identities that belongs to a one physical individual based on a social network structure and calling attributes of identities; (2) a reputation module that computes reputation of an individual by considering his aggregate behavior from his different identities; and (3) a detection module that computes automated threshold below which individuals are classified as a spammer or a non-spammer. We evaluate the proposed system on a synthetic data-set that has been generated for the different graph networks and different percentage of spammers. Performance analysis shows that EIS is effective against spammers frequently changing their identities and is able to achieve high true positive rate when spammers have high small overlap in target victims from their identities.

Predicting short 802.11 sessions from RADIUS usage data

The duration of 802.11 user sessions has been widely studied in the context of analyzing user behavior and mobility. Short (smaller-than-5-minutes) sessions are never used or characterized in these analyses as they are unrelated to user behavior and considered as artifacts introduced by the wireless network. In this paper we characterize short 802.11 sessions as recorded through RADIUS authentication. We show that 50% of access points have 70% of smaller than 5 minutes sessions in a 5 months trace from the Eduroam academic wireless network in the University of Porto. Exactly because they are artifacts introduced by the network, short sessions are an important indicator for network management and the quality of the wireless access. Network managers typically do not collect and process session information but rely on SNMP to provide summaries of 802.11 usage data. We develop a modeling framework to provide predictions for the number of short sessions from SNMP data. We model the data stream of each access point using two methods of regression and one classification technique. We evaluate these models based on short session prediction accuracy. The models are trained on the 5 months data and the best results show prediction accuracy of 95.27% in polynomial regression at degree of 3.

Abrupt ending of 802.11 AP connections

Wireless 802.11 users often experience connectivity problems while using 802.11 networks. The task of diagnosing and fixing these problems by looking at usage patterns is one of the major challenges that campus and corporate 802.11 network administrators face. In this paper we identify a usage pattern that we name “abrupt ending“ of 802.11 connections and that happens when a large number of sessions in the same access point (AP) end within a one second window. We observe up to 40 sessions ending at the same second and over 150k abrupt endings in a two and a half year period from 2006 to 2009 in the Faculty of Engineering of the University of Porto. We describe the data set and identify anomaly-related patterns such as AP halt/crash, AP overload, interference, interference across the vicinity of an AP, and AP persistent interference as well as user authentication failure and intermittent connectivity. We validate our analysis by density clustering of the abrupt ending data. In addition we crosscheck the existence of abrupt endings on a 2011 data set of the same location in Porto and on 2011 data from the University of Minho, which was deployed and is managed independently from the one in Porto.

Benchmarking IoT middleware platforms

Middleware is being extensively used in Internet of Things (IoT) deployments and is available in a variety of flavors — from general-purpose community-driven middleware and telco-developed Machine-to-Machine (M2M) middleware to middleware targeting specific deployments. Despite this extensive use and diversity, little is known about the benefits, disadvantages, and performance of each middleware platform and how the different platforms compare with each other. This comparison is especially relevant to help the design and dimensioning of IoT infrastructure. In this paper, we propose a set of qualitative dimensions and quantitative metrics that can be used for bench-marking IoT middleware. We use the publication-subscription of a large dataset as use case inspired by a smart city scenario to compare two middleware platforms. The methodology enables us to systematically compare the two middleware platforms. Further, we are able to use our approach to identify inefficiencies in implementations and to characterize performance variations throughout the day, showing that the metrics may also be used for monitoring.

QoE Driven Server Selection for VoD in the Cloud

In commercial Video-on-Demand (VoD) systems, users Quality of Experience (QoE) is the key factor for user satisfaction. In order to improve users QoE, VoD providers replicate popular videos in geo-distributed Cloud and deploy cache servers close to users. Generally, the VoD provider selects a server for the user request according to the users location. Usually geographically closely located servers would provide lower network delay. However, the performance of VoD servers deployed in cloud virtual machines (VM) depends not only on the network delay but also resource contention due to other VMs and highly dynamic user demands. Thus, QoE offered by the server varies greatly over time as user demands and network traffic fluctuate regardless of the location. Selecting a server close to users sometimes reduces the network delay but cannot guarantee QoE in general. We believe that end users have the best perception of server performance in terms of their QoE rather than the servers themselves. What user perceives incorporate performance of all elements, such as network delay and server response time in VoD service. We propose VoD server selection schemes that dynamically select servers according to users QoE feedback. We integrate our server selection schemes with Dynamic Adaptive Streaming over HTTP (DASH) clients and evaluate our system both in simulation and in Google Cloud. Results show our system improves user QoE up to 20% compared to existing solutions.

Motion Flow Tracking in Unconstrained Videos for Retail Scenario

We present a complete and modular framework that extract trajectories in a real and complex retail scenario, under unconstrained video conditions. Two motion tracking algorithms that combine features from crowd motion detection and multiple tracking are presented to build motion patterns and understand customer’s behavior. Their evaluation across several datasets show promising results.