Voice over IP 52 PUBLISHED BY THE IEEE COMPUTER SOCIETY ■ 1540-7993/08/$25.00 © 2008 IEEE ■ IEEE SECURITY & PRIVACY SDRS: A Voice-over-IP Spam Detection and Reaction System BERTRAND MATHIEU Orange Labs SAVERIO NICCOLINI NEC Europe DORGHAM SISALEM Tekelec An expected surge in spam over Internet telephony (SPIT) requires a solution that incorporates multiple detection methods and reaction mechanisms, enabling greater lexibility and customization. I n general, “spam” describes information, often dubious in nature, sent to numerous recipients without their prior consent. Although the term typically refers to emails about hot stocks, revo- lutionary medicine, or adult content, spam can apply to all kinds of messages. Examples range from tele- marketing calls and short message service texts to bulk mail and faxes. Since the irst incident in the early ’90s, Internet spam has increased signiicantly. Of all exchanged mail, spam’s portion has risen from less than 10 per- cent in 2001 to more than 80 percent today, accord- ing to statistics from antispam organizations such as Spam-O-Meter.com. Session Initiation Protocol (SIP) 1 has established itself as the de facto standard for voice-over IP (VoIP) services in ixed and mobile environments. From a technological viewpoint, SIP-based VoIP services show a greater resemblance to email than to tradi- tional telephony systems. Hence, with SIP services gaining in popularity, spammers likely will misuse services as they do email—a practice known as spam over Internet telephony (SPIT). This probable exponential increase in spam re- quires mitigating SPIT in its early stages. Solutions are even more critical because of SPIT’s threat to us- ers’ trust in VoIP in general. Lack of conidence in secure and trusted infrastructures would slow down VoIP adoption. Our solution framework combines well-known detection schemes, such as blacklists and white lists, with methods based on statistical traic analysis, such as the number and duration of calls a user conducts. (For more on ex- isting detection schemes, see the “Related Work in Fighting VoIP Spam” sidebar on p. 57.) The SPIT Detection and Re- action System (SDRS) also takes into account users’ and operators’ preferences. Email vs. VoIP Spam Why the expected surge in SPIT? Compared with email, using voice calls ofers spammers a wider range of use scenarios: Passive marketing. Most spam email ofers fall into this category. With SPIT, a prerecorded voice or voice/video message presents the sales pitch. Once a recipient accepts a call, the system delivers the con- tent as a media stream. Interactive marketing. These are the standard telemar- keting calls in which a live caller tries to sell goods or services, such as insurance or inancial services, to a callee. Call back. In this method of fraud common to mobile networks, the fraudster calls a mobile phone number but hangs up just before the callee answers. Out of curiosity, the callee returns the call, unaware that it’s a premium phone number, and incurs a hefty charge. Although spammers can conduct these types of un- solicited calls using traditional public switched telephone network (PSTN) telephony services, SIP ofers advan- tages in cost, scope, identity hiding, and regulation. The diference between per-minute costs for VoIP and PSTN is vanishing in some countries, such as Ger- • • •