The Community for Technology Leaders
RSS Icon
Subscribe
Issue No.10 - Oct. (2013 vol.24)
pp: 2004-2014
Joao V. Gomes , University of Beira Interior, Portugal
Pedro R.M. Inacio , University of Beira Interior, Portugal
Manuela Pereira , University of Beira Interior, Portugal
Mario M. Freire , University of Beira Interior, Portugal
Paulo P. Monteiro , Nokia Siemens Networks Portugal, S. A. with University of Aveiro and Instituto de Telecomunicações
ABSTRACT
Voice over Internet Protocol (VoIP) applications based on peer-to-peer (P2P) communications have been experiencing considerable growth in terms of number of users. To overcome filtering policies or protect the privacy of their users, most of these applications implement mechanisms such as protocol obfuscation or payload encryption that avoid the inspection of their traffic, making it difficult to identify its nature. The incapacity to determine the application that is responsible for a certain flow raises challenges for the effective management of the network. In this paper, a new method for the identification of VoIP sessions is presented. The proposed mechanism classifies the flows, in real-time, based on the speech codec used in the session. To make the classification lightweight, the behavioral signatures for each analyzed codec were created using only the lengths of the packets. Unlike most previous approaches, the classifier does not use the lengths of the packets individually. Instead, it explores their level of heterogeneity in real time, using entropy to emphasize such feature. The results of the performance evaluation show that the proposed method is able to identify VoIP sessions accurately and simultaneously recognize the used speech codec.
INDEX TERMS
Payloads, Entropy, Protocols, Speech codecs, Phase change materials, packet-switching networks, Data communications, distributed applications, network communications, network management, network monitoring
CITATION
Joao V. Gomes, Pedro R.M. Inacio, Manuela Pereira, Mario M. Freire, Paulo P. Monteiro, "Identification of Peer-to-Peer VoIP Sessions Using Entropy and Codec Properties", IEEE Transactions on Parallel & Distributed Systems, vol.24, no. 10, pp. 2004-2014, Oct. 2013, doi:10.1109/TPDS.2012.316
REFERENCES
[1] K. Suh, D.R. Figueiredo, J. Kurose, and D. Towsley, "Characterizing and Detecting Skype-Relayed Traffic," Proc. 25th IEEE INFOCOM, pp. 1-12, Apr. 2006.
[2] E.P. Freire, A. Ziviani, and R.M. Salles, "Detecting VoIP Calls Hidden in Web Traffic," IEEE Trans. Network Service Management, vol. 5, no. 4, pp. 204-214, Dec. 2008.
[3] D. Bonfiglio, M. Mellia, M. Meo, and D. Rossi, "Detailed Analysis of Skype Traffic," IEEE Trans. Multimedia, vol. 11, no. 1, pp. 117-127, Jan. 2009.
[4] J.F. Ransome and J.W. Rittinghouse, "VoIP Security Risks," Voice over Internet Protocol (VoIP) Security, pp. 181-233, Digital Press, Nov. 2004.
[5] J. Seedorf, "Security Challenges for Peer-to-Peer SIP," IEEE Network, vol. 20, no. 5, pp. 38-45, Sept./Oct. 2006.
[6] R. Dantu, S. Fahmy, H. Schulzrinne, and J. Cangussu, "Issues and Challenges in Securing VoIP," Computers Security, vol. 28, no. 8, pp. 743-753, Nov. 2009.
[7] D.R. Kuhn, T.J. Walsh, and S. Fries, "Security Considerations for Voice over IP Systems," Technical Report 800-58, Nat'l Inst. of Standards and Technology, Gaithersburg, MA, Jan. 2005.
[8] T. Berson, "Skype Security Evaluation," Technical Report ALR-2005-031, Anagram Laboratories, Oct. 2005.
[9] J. Xin, "Security Issues and Countermeasure for VoIP," White Paper, SANS Inst., Information Security Reading Room, 2007.
[10] D. Bonfiglio, M. Mellia, M. Meo, D. Rossi, and P. Tofanelli, "Revealing Skype Traffic: When Randomness Plays with You," ACM SIGCOMM Computer Comm. Rev., vol. 37, no. 4, pp. 37-48, Oct. 2007.
[11] D. Adami, C. Callegari, S. Giordano, M. Pagano, and T. Pepe, "Skype-Hunter: A Real-Time System for the Detection and Classification of Skype Traffic," Int'l J. Comm. Systems, vol. 25, pp. 386-403, 2011.
[12] A.A. Khuther, "Performance Analysis of Voice Codec for VoIP," master's thesis, Universiti Teknologi Malaysia, Oct. 2008.
[13] J.V.P. Gomes, P.R.M. Inácio, M.M. Freire, M. Pereira, and P.P. Monteiro, "Analysis of Peer-to-Peer Traffic Using a Behavioural Method Based on Entropy," Proc. 27th IEEE Int'l Performance Computing and Comm. Conf. (IPCCC '08), pp. 201-208, Dec. 2008.
[14] J.V. Gomes, P.R.M. Inácio, M. Pereira, M.M. Freire, and P.P. Monteiro, "Exploring Behavioral Patterns through Entropy in Multimedia Peer-to-Peer Traffic," Computer J., vol. 55, no. 6, pp. 740-755, June 2012.
[15] B. Li, M. Ma, and Z. Jin, "A VoIP Traffic Identification Scheme Based on Host and Flow Behavior Analysis," J. Network Systems Management, vol. 19, no. 1, pp. 111-129, Mar. 2011.
[16] Y. Yu, D. Liu, J. Li, and C. Shen, "Traffic Identification and Overlay Measurement of Skype," Proc. Int'l Conf. Computational Intelligence and Security, pp. 1043-1048, Nov. 2006.
[17] S. Ehlert and S. Petgang, "Analysis and Signature of Skype VoIP Session Traffic," Technical Report NGNI-SKYPE-06b, Fraunhofer FOKUS, Berlin, Germany, July 2006.
[18] P. Svoboda, E. Hyytiä, F. Ricciato, M. Rupp, and M. Karner, "Detection and Tracking of Skype by Exploiting Cross Layer Information in a Live 3G Network," Proc. First Int'l Workshop Traffic Monitoring and Analysis (TMA '09), pp. 93-100, May 2009.
[19] F. Lu, X.-L. Liu, and Z.-N. Ma, "Research on the Characteristics and Blocking Realization of Skype Protocol," Proc. Int'l Conf. Electrical and Control Eng. (ICECE '10), pp. 2964-2967, June 2010.
[20] D. Zhang, C. Zheng, H. Zhang, and H. Yu, "Identification and Analysis of Skype Peer-to-Peer Traffic," Proc. Fifth Int'l Conf. Internet and Web Applications and Services (ICIW '10), pp. 200-206, May 2010.
[21] R. Dhamankar and R. King, "Protocol Identification via Statistical Analysis (PISA)," White Paper, Tipping Point, 2007.
[22] P. Dorfinger, G. Panholzer, B. Trammell, and T. Pepe, "Entropy-Based Traffic Filtering to Support Real-Time Skype Detection," Proc. Sixth Int'l Wireless Comm. and Mobile Computing Conf. (IWCMC '10), pp. 747-751, June/July 2010.
[23] J.-L. Costeux, F. Guyard, and A.-M. Bustos, "Detection and Comparison of RTP and Skype Traffic and Performance," Proc. IEEE GLOBECOM, pp. 1-5, Dec. 2006.
[24] L. Lu, J. Horton, R. Safavi-Naini, and W. Susilo, "Transport Layer Identification of Skype Traffic," Proc. Int'l Conf. Information Networking (ICOIN '07), pp. 465-481, Jan. 2007.
[25] S. Molnár and M. Perényi, "On the Identification and Analysis of Skype Traffic," Int'l J. Comm. Systems, vol. 24, no. 1, pp. 94-117, Jan. 2011.
[26] K.-T. Chen and J.-K. Lou, "Rapid Detection of Constant-Packet-Rate Flows," Proc. Third Int'l Conf. Availability, Reliability and Security (ARES '08), pp. 212-220, Mar. 2008.
[27] L. Jun, Z. Shunyi, X. Ye, and S. Yanfei, "Identifying Skype Traffic by Random Forest," Proc. Int'l Conf. Wireless Comm., Networking and Mobile Computing (WiCom '07), pp. 2841-2844, Sept. 2007.
[28] P.A. Branch, A. Heyde, and G.J. Armitage, "Rapid Identification of Skype Traffic Flows," Proc. 18th Int'l Workshop Network and Operating System Support for Digital Audio and Video (NOSSDAV '09), pp. 91-96, June 2009.
[29] R. Alshammari and A.N. Zincir-Heywood, "Unveiling Skype Encrypted Tunnels Using GP," Proc. IEEE Congress Evolutionary Computation (CEC '10), pp. 1-8, July 2010.
[30] C.-C. Wu, K.-T. Chen, Y.-C. Chang, and C.-L. Lei, "Detecting VoIP Traffic Based on Human Conversation Patterns," Proc. Int'l Conf. Principles, Systems and Applications of IP Telecomm. (IPTComm '08), pp. 280-295, July 2008.
[31] H. Zhang, Z. Gu, and Z. Tian, "Skype Traffic Identification Based SVM Using Optimized Feature Set," Proc. Int'l Conf. Information, Networking and Automation (ICINA '10), vol. 2, pp. 431-435, Oct. 2010.
[32] T. Yildirim and P.J. Radcliffe, "VoIP Traffic Classification in IPSec Tunnels," Proc. Int'l Conf. Electronics and Information Eng. (ICEIE '10), vol. 1, pp. 151-157, Aug. 2010.
[33] B. Xu, M. Chen, C. Xing, and G. Zhang, "A Network Traffic Identification Method Based on Finite State Machine," Proc. Fifth Int'l Conf. Wireless Comm., Networking and Mobile Computing (WiCom '09), pp. 1-4, Sept. 2009.
[34] N.M. Markovich and U.R. Krieger, "Statistical Analysis and Modeling of Skype VoIP Flows," Computer Comm., vol. 33, no. S1, pp. S11-S21, Nov. 2010.
[35] T. Okabe, T. Kitamura, and T. Shizuno, "Statistical Traffic Identification Method Based on Flow-Level Behavior for Fair VoIP Service," Proc. First IEEE Workshop VoIP Management and Security (VoIP MaSe '06), pp. 35-40, Apr. 2006.
[36] F. Liu, Z. Li, and J. Yu, "P2P Applications Identification Based on the Statistics Analysis of Packet Length," Proc. Int'l Symp. Information Eng. and Electronic Commerce (IEEC '09), pp. 160-163, May 2009.
[37] C.V. Wright, L. Ballard, S.E. Coull, F. Monrose, and G.M. Masson, "Spot Me If You Can: Uncovering Spoken Phrases in Encrypted VoIP Conversations," Proc. IEEE Symp. Security and Privacy (SP '08), pp. 35-49, May 2008.
[38] K.C. Claffy, H.-W. Braun, and G.C. Polyzos, "A Parameterizable Methodology for Internet Traffic Flow Profiling," IEEE J. Selected Areas Comm., vol. 13, no. 8, pp. 1481-1494, Oct. 1995.
[39] L7-Filter, Application Layer Packet Classifier for Linux, http:/l7-filter.sourceforge.net, 2013.
[40] Tools for L2-L7 Traffic Classification, http://netgroup.polito.it/research-projects l7-traffic-classification/, 2013.
[41] Tstat: TCP Statistic and Analysis Tool, http:/tstat.tlc.polito.it, 2013.
18 ms
(Ver 2.0)

Marketing Automation Platform Marketing Automation Tool