Final Report Summary - SPIDER (Spam in Internet Telephony Detection Services)
Interest in voice over IP (VoIP) has risen substantially in recent times, both from service providers and from consumers' point of view. While the concept of transferring voice over data networks like the Internet is known already for a long time, only now this technology has become a major counterpart to the classic Public Switched Telephone Network (PSTN). With VoIP, calls being offered for free or for a flat rate, Spam over Internet Telephony (SPIT) has at least the same potential to become a major annoyance for users worldwide, as it is the current situation with e-mail spam.
From a technological point of view, both communication methods have many similarities. For example, calling a huge user base through a VoIP solution can be very cost effective for any sender; it can also be easily personalised. While such a development would naturally be annoying to individual users, a large spread of SPIT would reduce the attractiveness of VoIP in general and slow down its further commercial development.
The SPIDER project aimed to deliver a solution for the participating SMEs to detect and prevent unsolicited VoIP calls and instant messages. This solution was not only designed to achieve a high detection rate, but it was optimised to be resource efficient as well. Without such balance, SPIT prevention will introduce high deployment costs and large processing delays, hence reducing the incentives for providers and users to actually deploy such tools.
The design of the SPIDER SPIT prevention tools was based on two aspects. On the one side, benefiting from well-known SPAM prevention technologies, such as white and black lists or filtering algorithms. On the other side, novel approaches, which are derived from the VoIP technology itself, such as inter-provider peering mechanisms or security enhancements for the used signalling protocols, will be also investigated and developed.
Thereby, in the context of SPIDER, a set of tools and mechanisms were designed, developed and extensively tested, so as to enable the participating partners to roll out products and services for anti-SPIT. These tools and technologies were based not only on the latest technologies and innovative research solutions, but also strengthened with the practical experience gained through the deployment of those tools and technologies during the project period.
The SPIDER platform uses a modular architecture, where several discrete and complementary components are integrated to contribute to SPIT mitigation. Each of the modules may conclude and characterise a call as SPIT independently, or under the coordination of a backplane component, named 'Decision point' module. This document discusses the technical implementation of each sub-component that contributes on the identification of a SPIT call. It also discusses integration issues towards a unified SPIDER architecture and possible data flow between the modules in a real-life scenario.
Multiple application scenarios were examined considering the online versus offline use and combination of the modules, especially regarding the voice analysis module, which can also be used offline, i.e. to filter calls that have been recorded in a voicemail box. This deliverable also defines and discusses evaluation criteria, both quantitative and qualitative, of the overall platform, as well as of the individual components. We provide a comprehensive set of the efficacy parameters for the evaluation of the anti-SPIT platform.
The evaluation, actually, is two-fold. On the first hand, performance issues should be considered, such as the number of calls per time unit that the platform is able to handle. On the other hand, anti-SPIT related parameters should be measured, such as number of false positives or negatives. Such tests were performed for each individual module and for the framework as a whole, in lab and in real life conditions, with satisfactory results.
Finally, we can conclude that the SPIDER infrastructure can prevent and handle the SPIT phenomenon in a more efficient and holistic way than the other proposed techniques. Every module can partially prevent the SPIT calls but SPIDER relies highly on the cooperation between all modules, which leads to a system that can defend most of the known SPIT attacks in a reliable and effective way.
From a technological point of view, both communication methods have many similarities. For example, calling a huge user base through a VoIP solution can be very cost effective for any sender; it can also be easily personalised. While such a development would naturally be annoying to individual users, a large spread of SPIT would reduce the attractiveness of VoIP in general and slow down its further commercial development.
The SPIDER project aimed to deliver a solution for the participating SMEs to detect and prevent unsolicited VoIP calls and instant messages. This solution was not only designed to achieve a high detection rate, but it was optimised to be resource efficient as well. Without such balance, SPIT prevention will introduce high deployment costs and large processing delays, hence reducing the incentives for providers and users to actually deploy such tools.
The design of the SPIDER SPIT prevention tools was based on two aspects. On the one side, benefiting from well-known SPAM prevention technologies, such as white and black lists or filtering algorithms. On the other side, novel approaches, which are derived from the VoIP technology itself, such as inter-provider peering mechanisms or security enhancements for the used signalling protocols, will be also investigated and developed.
Thereby, in the context of SPIDER, a set of tools and mechanisms were designed, developed and extensively tested, so as to enable the participating partners to roll out products and services for anti-SPIT. These tools and technologies were based not only on the latest technologies and innovative research solutions, but also strengthened with the practical experience gained through the deployment of those tools and technologies during the project period.
The SPIDER platform uses a modular architecture, where several discrete and complementary components are integrated to contribute to SPIT mitigation. Each of the modules may conclude and characterise a call as SPIT independently, or under the coordination of a backplane component, named 'Decision point' module. This document discusses the technical implementation of each sub-component that contributes on the identification of a SPIT call. It also discusses integration issues towards a unified SPIDER architecture and possible data flow between the modules in a real-life scenario.
Multiple application scenarios were examined considering the online versus offline use and combination of the modules, especially regarding the voice analysis module, which can also be used offline, i.e. to filter calls that have been recorded in a voicemail box. This deliverable also defines and discusses evaluation criteria, both quantitative and qualitative, of the overall platform, as well as of the individual components. We provide a comprehensive set of the efficacy parameters for the evaluation of the anti-SPIT platform.
The evaluation, actually, is two-fold. On the first hand, performance issues should be considered, such as the number of calls per time unit that the platform is able to handle. On the other hand, anti-SPIT related parameters should be measured, such as number of false positives or negatives. Such tests were performed for each individual module and for the framework as a whole, in lab and in real life conditions, with satisfactory results.
Finally, we can conclude that the SPIDER infrastructure can prevent and handle the SPIT phenomenon in a more efficient and holistic way than the other proposed techniques. Every module can partially prevent the SPIT calls but SPIDER relies highly on the cooperation between all modules, which leads to a system that can defend most of the known SPIT attacks in a reliable and effective way.
