Sandra Tartarelli

Detecting SPIT Calls by Checking Human Communication Patterns

SPam over Internet Telephony (SPIT) is expected to become a very serious issue in the next years. The threat is going to spin out from the well known email spam problem by bot nets being re-programmed to initiate not just spam emails but also Voice over IP (VoIP) calls. Preventing SPIT is a new problem, because many well-established methods for blocking email spam cannot be applied. Currently, several SPIT prevention methods are being proposed but SPIT prevention research is still at a very early stage. In this paper, we propose an innovative way to detect SPIT calls by comparing applying hidden Turing tests that compare them with typical human communication patterns. For passing these tests, significant resource consumptions at the SPIT generating bot nets would be required which contradicts the spammers objective of placing as many SPIT calls as possible, The proposed method has several advantages compared to other methods that also interact with the caller. We validated its feasibility with a prototype implementation that we integrated into our modular VoIP security system called VoIP SEAL.

On Spam over Internet Telephony (SPIT) Prevention

Spam over IP telephony (SPIT) is expected to become a serious problem in the near future. One of the main requirements for a SPIT prevention system is to avoid the involvement of the callee in the SPIT detection process, because this implies disturbing the callee each time an unclassified potential SPIT call arrives. Further requirements include adaptability to different deployment scenarios and flexibility to quickly react to new kinds of SPIT that bypass existing prevention systems. This article analyzes the requirements for SPIT prevention, provides a systematic classification of currently known SPIT prevention methods, and introduces a reference model for SPIT prevention systems. As an instance of the reference model, we designed and implemented an advanced SPIT prevention system, composed of methods that avoid unnecessary callee interaction and adaptive in order to be customized for different scenarios.

ISE03-2: SPam over Internet Telephony (SPIT) Prevention Framework

SPam over Internet telephony (SPIT) is expected to become a threat inhibiting the delivery of voice services over the Internet in the near future both because of its technical and economical characteristics. Experiences with email SPAM and its analogies with SPIT suggest that SPIT will be difficult to detect with a single detection method. Moreover, personalized management of detection strategies will be needed to increase effectiveness and to adapt the methods to special environments. This paper presents a modular framework for SPIT prevention designed to be easily manageable and extensible. Additionally, the framework makes use of a two-stage architecture in order to exploit the knowledge coming both from the signaling and from the media flows while still allowing real-time delivery of the media content to the user. Following the experience gained with our prototype implementation we also present the most important design issues we encountered and suggest solutions to these issues.

Self-sizing and optimization of high-speed multiservice networks

We consider the network design and optimization of high-speed multiservice networks. Meeting different service requirements is facilitated by dividing the network into virtual bands. A band corresponds to a service type. To achieve high transport efficiency, bands should be reconfigured frequently to track the varying traffic. Our work aims at developing a self-sizing system which can allocate network capacity automatically and adaptively using on-line traffic data. We study the optimization problem for band partitioning for high-speed multiservice networks. A two-step optimization approach is presented. An optimization model is developed to partition bandwidth among bands to minimize total system cost under capacity constraints while the QoS at call level and cell level are guaranteed. An online traffic measurement system allows the network to automatically detect the amount of bandwidth necessary to satisfy the QoS requirements at cell level. To this end our system exploits the notion of effective bandwidth. To meet the requirement of frequent band partitioning, a fast algorithm based on simulated annealing is presented to solve the model. Simulation results are reported to demonstrate the effectiveness of the optimization approach.

Random early marking: improving TCP performance in DiffServ assured forwarding

In the context of active queue management, intelligent dropping algorithms have been proposed to achieve a better link utilization with TCP. We apply this research to the problem of achieving a better utilization of a customers contracted throughput when it is sending a TCP traffic aggregate. We propose a scheme, random early marking (REM), that improves the throughput of a TCP aggregate by early marking some packets as out. The proper configuration of REM has been analyzed from a control theoretical standpoint. Simulation results show that REM leads to a significant improvement in a wide range of environments.

Analyzing Telemarketer Behavior in Massive Telecom Data Records

Regulations for the limitation of telemarketing calls are becoming increasingly strict for most industrialized countries. Despite this, telemarketing calls represent a growing trustworthiness issue in today’s telephone networks. This calls for systems able to efficiently detect telemarketers, so that adequate countermeasures can be taken. In this paper we first present Voice over IP Secure Application Level firewall (VoIP SEAL), an anomaly detection system with particular focus on telemarketers. VoIP SEAL algorithms are based on measurements performed at the application level. The richness of such information is fundamental for the user characterization. We then provide an overview of the results obtained by using VoIP SEAL to analyze massive sets of telephone data obtained from three European telephone operators. Our results allow quantifying the relevance of telemarketers in today’s networks.

Lessons learned on the usage of call logs for security and management in IP telephony

Telephone network operation and management tasks rely on the collection of data logs to effectively troubleshoot problems and observe trends. As operators try to streamline their investments in monitoring systems, data logs collected for other purposes represent a valuable and handy source of information for these tasks. A common example for both traditional public switched telephone and IP telephony networks ones are call detail records (also termed call data records). These contain detailed information about telephone calls such as the identities of sources and destinations, the duration of each call, and reply codes. Unfortunately, the way CDRs are collected and their formats can vary significantly among different operators. Without careful consideration of the basic principles and requirements outlined in this article, the use of any type of data logs for traffic management, security, and engineering purposes can become quite cumbersome and even result in misleading conclusions. The intention of this article is to support other researchers and practitioners working with telephony logs. Therefore, we provide an overview of the most relevant lessons we have learned when dealing with massive amounts of CDRs from different operators, such as how to handle different non-standard logging formats across operators and understanding common sources of call log analysis errors.

Configuration rule and performance evaluation for DiffServ parameters

The Internet is becoming an important communication infrastructure of the society, and thus it is no longer sufficient to simply be able to provide connections: a higher quality of service (QoS) in communications is increasingly being required. As a new framework for providing QoS services, DiffServ is undergoing a speedy standardization process at the IETF. DiffServ not only can offer tiered levels of services, but can also provide guaranteed QoS to a certain extent. In this paper, we examine a single DiffServ node model which utilizes a token bucket as the policing mechanism, and propose a way of configuring various control parameters in order to accommodate various UDP/TCP traffic. Then, through simulation, we evaluate the throughput characteristics in various cases where TCP and UDP are mixed or separated in different queues, and study the appropriateness of the configurations. The results indicate that the throughputs can be maintained as specified in the Service Level Agreements (SLA) over a considerably wide range of bucket sizes and discard thresholds in the QoS control mechanism.

Configuration of DiffServ routers for high-speed links

The Internet is now widely expected to become an important communication infrastructure of society, and therefore it is no longer sufficient to simply be able to provide connections. A higher quality of service (QoS) in communications is increasingly being required. As a new framework for providing QoS services, DiffServ is undergoing a speedy standardization process at the IETF. DiffServ not only can offer a tiered level of services, but can also provide guaranteed QoS to a certain extent. In order to provide this QoS, however, DiffServ must be properly configured; to determine this proper configuration, a deeper understanding of DiffServ and its interaction with the different traffic types (specially TCP) is required. However, while much work in the past has focused on understanding the behavior of DiffServ with low-speed links, much less work has been invested for high-speed links. In this paper, we take up the subject of configuring high-speed DiffServ routers. We reuse previous work of the authors on DiffServ configuration and run an exhaustive set of simulations with high-speed links. We observe substantial differences in the resulting behavior with respect to previous work for low-speed links.

Efficient estimation of the cell loss probability in a two-buffer PGPS scheduler

A key feature of integrated services networks is their ability to provide a variety of quality of service (QoS) guarantees to different applications. To this end scheduling systems can be employed. A primary QoS parameter is the cell loss probability (CLP), whose typical values are very small and difficult to estimate by means of standard simulation schemes. We propose an application of the importance sampling (IS) technique to efficiently estimate the CLP of an ideal two-queue generalized processor sharing (GPS) scheduling discipline. We subsequently apply this algorithm to simulate a realistic scheme, namely the packet-by-packet generalized processor sharing (PGPS). We model input traffic as Markov arrival processes (MAPs). The algorithm we present is based on large deviation results, which provide the asymptotic decay rate of per-session queue length tail distributions.