Ph.D. thesis by Muhammad Ajmal Azad

Author: Muhammad Ajmal Azad

Date: June 20, 2016

PhD Committee:

Aurélio Campilho, Full Professor, Faculty of Engineering of the University of Porto (President);
Paulo Alexandre Simões, Assistant Professor, Faculty of Sciences and Technology, University of Coimbra;
André Ventura Zúquete, Assistant Professor, Electronics and Tecommunications Department, University of Aveiro;
Luís Filipe Antunes, Associate Professor, Faculty of Sciences of the University of Porto;
Ana Cristina Aguiar, Assistant Professor, Faculty of Engineering of the University of Porto;
Ricardo Santos Morla, Assistant Professor, Faculty of Engineering of the University of Porto (Supervisor).


Voice over Internet Protocol (VoIP) is the technology that allows people to make cheap telephone calls over the Internet. As VoIP uses the same Internet infrastructure for the transport of signaling and voice, it is subject to all security threats already effecting the Internet. One such threat is voice spam (termed as SPIT in VoIP), which is similar to e-mail spam but has more severe consequences than the email spam because voice call requires real-time response from the call recipient. In order to increase productivity of users of this technology and preventing losses due to fraud and spamming, it is extremely important to identify and block spam before it affects and displease a potentially large number of users of the technology.

The challenge in a design of standalone SPIT detection system is to simultaneously use call and social network features that are difficult to be circumvented by spammers. To address this challenge, this thesis presents the standalone SPIT detection system called Caller-REP that consists of two modules. 1) A reputation module – that computes reputation of the user by collectively using call duration of the user, call-rate of the user and total number of unique recipients the user called. The computation of reputation in this way would assign small reputation scores to spammers because of their unbalanced calling networks and high reputation scores to legitimate users. 2) A detection module – that computes automated threshold using reputation scores below which the user is classified as a spammer.

Spammers and telemarketers target a very large number of recipients usually dispersed across many Service Providers (SPs). The standalone detection systems consider locally recorded information of users while differentiating spammers from the legitimate users. Obviously, collaboration among SPs would improve the detection accuracy and detection time, but this depends on the amount of information shared between SPs. SPs are reluctant in exchanging information to other SPs because they are business competitor and are worried about privacy of their customers and operational data. SPs can be convinced with the exchange of summarized information to the centralized trusted system so to protect their privacy. To achieve the objective of privacy-aware collaboration among SPs, this thesis proposes COSDS (Collaborative SPIT detection System) that require collaboration between SP and the centralized repository with the exchange of reputation scores. The Centralized Repository (CR) computes global reputation (GR) of users by aggregating their local reputation scores and responds back SPs with decision and GR scores. The adversary on the CR would be in a more difficult position to obtain private information about the users and service providers.

Spammers and telemarketers would have multiple calling identities to circumvent the SPIT detection system. The linking of identities that belongs to one physical user is important for early identification of spammers and for characterizing the complete behavior of legitimate users having more than one calling identity. The challenge in this regard is twofold: first linking of identities and secondly a computation of reputation scores for individual by combing information from all his identities. To address this challenge, thesis presents a system called EIS (Early identification of Spammer) that uses social network and call features for connecting similar identities that belong to one individual. The reputation is then computed for the individual rather than for the identity and individual is classified as spammer if his reputation is less than automated threshold. The identity linking would not only help in early detection of spammer frequently change identities but would also provide effectiveness in detecting criminal rings. All approaches proposed in this thesis can together have a significant impact on the early identification of spammer in a VoIP network without being intrusive to end-users and without requiring any change in the VoIP network semantics and architecture.