Detecting near-duplicate SPITs in voice mailboxes using hashes

  • Authors:

  • Ge Zhang;Simone Fischer-Hübner

  • Affiliations:

  • Karlstad University, Karlstad, Sweden;Karlstad University, Karlstad, Sweden

  • Venue:
  • ISC'11 Proceedings of the 14th international conference on Information security
  • Year:
  • 2011

Quantified Score

Hi-index 0.00

Visualization

Abstract

Spam over Internet Telephony (SPIT) is a threat to the use of Voice of IP (VoIP) systems. One kind of SPIT can make unsolicited bulk calls to victims' voice mailboxes and then send them a prepared audio message. We detect this threat within a collaborative detection framework by comparing unknown VoIP flows with known SPIT samples since the same audio message generates VoIP flows with the same flow patterns (e.g., the sequence of packet sizes). In practice, however, these patterns are not exactly identical: (1) a VoIP flow may be unexpectedly altered by network impairments (e.g., delay jitter and packet loss); and (2) a sophisticated SPITer may dynamically generate each flow. For example, the SPITer employs a Text-To-Speech (TTS) synthesis engine to generate a speech audio instead of using a pre-recorded one. Thus, we measure the similarity among flows using local-sensitive hash algorithms. A close distance between the hash digest of flow x and a known SPIT suggests that flow x probably belongs the same bulk of the known SPIT. Finally, we also experimentally study the detection performance of the hash algorithms.