Home

V I AT User's Guide v0.3

1. G Grutzek J Strobl B Mainka F Kurth C Poerschmann and H Knospe A Perceptual Hash for the Identification of Telephone Speech in 2012 ITG Fachtagung Sprachkommunikation september 2012 3 D Lentzen G Grutzek H Knospe and C Poerschmann Content Based Detection and Prevention of Spam over IP Telephony System Design Prototype and First Results in JEEE International Conference on Communications ICC pp 251 252 june 2011 4 J Strobl F Kurth G Grutzek and H Knospe Effiziente Identifikation von Telefon Spam in Fortschritte der Akustik DAGA 2011 DEGA e V pp 251 252 2011 5 G Grutzek C Poerschmann and H Knospe Vergleich spektraler Merkmale zur Identifikation von Telefon SPAM in Fortschritte der Akustik DAGA 2010 DEGA e V pp 243 244 2010 6 H Knospe and C Poerschmann Ein neues Verfahren zur Identifikation und Ab wehr von Telefon SPAM in Scientific Reports of the Cologne University of Applied Sciences Proceedings des XXI Deutsch Polnischen Seminars pp 49 53 2009 7 a C Poerschmann and H Knospe Spectral Analysis of Audio Signals for the Identifi cation of Spam Over IP Telephony in Proceedings of the NAG DAGA 2009 DEGA e V pp 1027 1029 2009 8 C Poerschmann and H Knospe Analyse spektraler Parameter des Audiosignals zur Identifikation und Abwehr von Telefon SPAM in
2. December 2012 of the Cologne University of Applied Sciences project management in cooperation with the TU Braunschweig the Fraunhofer Institute for Communication Information Processing and Er gonomics FKIE and the companies IPTEGO GmbH and Sirrix AG The project is significantly financed by the Federal Ministry of Education and Research and supported by the involved companies Telephone SPAM is characterized by bulk unsolicited calls The SPAMer attempts to ini tiate a voice session and relays a prerecorded message if the callee answers The prevalent Voice over IP VoIP technology provides convenient tools and low priced possibilities to place a large number of SPAM calls This document is organized as follows In the next section we describe our released VirtualBox Appliance which is already configured and with which you can easily use and test our prototype You can even take your own audio material and create your own call scenarios After that the papers that we have written are listed 2 VirtualBox Appliance VIAT ova Asterisk A Kamailio Asterisk B eth0 0 10 0 0 10 5060 eth0 2 10 0 0 12 5060 eth0 1 10 0 0 11 5060 Blacklist check callX PostgreSQL ethO promiscuous mode Call data Blacklist data Fingerprints indexd featureX eth0 4 10 0 0 21 3000 eth0 3 10 0 0 20 3000 Figure 1 VIAT Testing Environment In figure 1 you can see the VIAT testing environment There are two Asterisk commu nication servers One
3. The libraries are needed by featureX 2 1 7 Asterisk A and B Communication Servers We have two Asterisk servers in our testing environment One for call generation Asterisk A and one for call termination Asterisk B see figure 1 so that we can simulate a full call flow http framewave sourceforge net Each Asterisk server needs its own network interface so that we can passively extract the SIP and RTP data callx Therefore we created two virtual network interfaces The interface eth0 0 is for Asterisk A and the interface eth0 1 is for Asterisk B see figure 1 and listing 1 To start two instances of the asterisk software we have two modified start scripts etc init d asta and etc init d astb Furthermore we removed the default start script and added our two modified ones This way you always have the Asterisk A and Asterisk B running at startup For every instance we have new directories for the running directory drwxr xr x 2 viat viat var run astb drwxr xr x 2 viat viat var run asta and the configuration directory drwxr xr x 2 viat viat etc astb drwxr xr x 2 viat viat etc asta Finally we created two new executables usr sbin astb usr sbin asta and you can connect to the specific instance by passing the r argument 2 1 8 Directories All directories are owned by viat The configuration files of our software can be found in
4. etc viat logging output is in var log viat and pid files are in var run viat The configuration files of the Asterisk instances can be found in etc asta and etc astb logging output in var log asta and var log astb and the pid files in var run asta and var run astb The transferred audio material wav can be found in the directories var spool asta and var spool astb 2 2 Usage When starting the image two things will automatically open On the one hand a couple of terminals with which you can control our environment see figure 3 In the top section you can see the console of Asterisk A and Asterisk B Theses are just for output Later we will see our call flow and blocked calls here In the middle section is the output of indexd If you are interested in the search algorithm you will get some information in 1 The bottom section is for actually control our system We have prepared some scripts for you to get our system easily running One the other hand you see the PostgreSQL administration tool opened in a browser see figure 4 Username and password are both viat In the beginning the database is empty After running our system a little while interesting tables are matchlist where you can see the search output about similar calls the call table with metadata about all calls and of course the caller_blacklist where the SER Kamailio gets its information about blocking certain callers Ast
5. for call generation called Asterisk A and one for call termination called Asterisk B The SIP Express Router SER Kamailio transfers the calls between these servers if the caller is not on the Blacklist From a copy of the network stream the audio data is extracted callX and the audio fingerprint is computed featureX After that the fingerprints are compared against all previous fingerprints indexd and the information about possible equal or similar audio data is stored in the PostgreSQL database With this information the Blacklist in the database is filled Not yet integrated The call extraction is handled by a perl script which monitors the folder var spool asterisk monitor It writes the call metadata to the database and passes the audio material to featureX The script is at script vmfd pl 2 1 Debian GNU Linux 64 Bit The virtual machine is a Debian GNU Linux 64 Bit system In the following we describe the changes we have made to a fresh debian 6 0 5 installation Security updates have been installed on November 2 2012 2 1 1 User Accounts We have two users On the hand the standard superuser root and an additional user viat which should be taken to control the virtual machine and our system The password for both accounts is viat 2 1 2 Network Configuration We modified the network configuration to reach the scenario described in figure 1 You can see the changes in listing 1 2 1 3 Additional Package
6. in new stack Spawn extension asta_incoming 9652 20 exited n zero on SIP ser 00000001 i1 CLI gt lt SIP astb 00000001 gt Playing home viat data min imal SPIT_01_d100_n20p slin language en lt SIP astb 00000000 gt Playing home viat data min Figure 5 Call flow from Asterisk A left to Asterisk B right get a similarity between these two calls see figure 6 The result says that the actual mismatches are 60 and since the fingerprint length of each call is 100 the two calls have 40 features in the right distance in common We can also see this information in the database table matchlist With this information the table caller_blacklist is filled Since we require a similarity of at least 15 see etc viat mld conf ER tail f var log viat indexd log 7fffffff 10 180000000 27 180000001 10 180000002 8 180000003 3 180000004 0 union_n 2012 Nov 14 03 03 09 185914 trace src SearchModule cpp 320 17ffffffc 1 17ffffffd 4 17ffffffe 9 1 7fffffff 10 180000000 27 180000001 10 180000002 8 180000003 3 180000004 0 2012 Nov 14 03 03 09 185942 trace src Query cpp 50 Memory freed 2012 Nov 14 03 03 09 200857 debug src DBConnection cpp 80 Result Call ID 2 Matched Call ID 1 Quer y Length 100 Offset 0 Actual Mismatches 60 2012 Nov 14 03 03 09 200950 trace src Result cpp 43 Result destroyed Figure 6 Partial output of index
7. Fachhochschule Koln Cologne University of Applied Sciences VIAT User s Guide vO 3 Verfahren zur Identifikation und Abwehr von Telefon SPAM Translation Method for the Identification and Blocking of Telephone SPAM Prof Dr Heiko Knospe M Sc Dirk Lentzen Dipl Ing FH Gary Grutzek Institute of Communications Engineering Department of IT Security November 27 2012 Prof Dr Christoph P rschmann M Sc Julian Strobl Dipl Ing FH Bernhard Mainka SPONSORED BY THE FR Federal Ministry of Education and Research Project Partners PIPTEGO acme epacket Sirrix AG nn A gt security technologies In cooperation with Acknowledgments A part of this work was carried out during an internship with Fraunhofer Institute for Communication Information Processing and Ergonomics FKIE Wachtberg Germany We would especially like to thank Frank Kurth for his support For more information visit http viat fh koeln de Contents 1 Introduction 2 VirtualBox Appliance VIAT ova 2 1 2 2 Debian GNU Linux 64 Bi ua dl Zt VSS ACCOUn Gis sen 2 1 2 Network Configuration 0 02 c cece ee ccc eect n nee ene eee e need 2 1 3 Additional Package ers Nacken dia 2 1 4 Boost Library v1 48 with Boost Log v1 1 2 2 ccecsccce 2 1 5 PostgreSQL v8 4 Database 0 c cece cee eee cee eee eeeneee 2 1 6 Brame Wave Noci 4 4 nf cea a e Ei 2 1 7 Asterisk A and B Communicat
8. Sicherheit 2008 Lecture Notes in Informatics Proceedings Sicherheit 2008 Gesellschaft f r Informatik vol P 128 pp 551 555 2008 9 C Poerschmann and H Knospe Analysis of Spectral Parameters of Audio Signals for the Identification of Spam Over IP Telephony in The Fifth Conference on Email and Anti Spam pp 551 555 2008
9. av Monitor The Packets We installed Wireshark for you Just start it as root e g gksudo wireshark and monitor the loopback device lo To get the VoIP traffic only set the filter oo outkrvom sip or rtp and hit Apply 2 2 2 Clear The Blacklist If you just want to clear the blacklist but not restart our system you can use the PostgreSQL Administration Tool see figure 4 Just click caller_blacklist and then Empty Done 2 2 3 Create Your Own Call Scenarios Create Call Files First of all we need a configuration file similar to the example you see in listing 2 Listing 2 Example configuration for callfiles home viat scenario minimal config make callfiles demo pl inpath home viat data minimal outpath home viat scenario minimal callfiles callfilename gt minimal template gt home viat scenario template call 1 1 media_ files wav mp3 gsm mincaller gt 2211000 maxcaller gt 2211010 mincallee gt 9100 maxcallee gt 9999 Finally we change in the script directory and run the following command create callfiles pl configfile home viat scenario minimal config make callfiles demo pl 10 ONANAN WWNNNN NM NNN MDND HH KR H PHP RR e FOU ANDOBRWNFOHOANODATBRWNH OWO Starting Calls We need a configuration file to simulate our call flow fitting our needs You can se
10. c B Servers B J PostgreSQL gt R Tables Views Sequences 3 postgres E viat Table Owner Tablespace Estimated row count call viat O Browse S E Schemas callee viat O Browse Se 2 amp public callee_whitelist viat 0 Browse Sk Tables I caller viat O Browse St H Il caller_blacklist viat 0 Browse S we E Se caller_whitelist viat O Browse 5 H callee config viat 0 Browse S F H callee whitelist matchlist viat 1 Browse S ra Sel caller Actions on multiple lines Figure 4 PostgreSQL administration tool opened in web browser 2 2 1 A Basic Example To get you started very fast we provide an example called minimal Just run from the script directory and see what happens make calls sh home viat scenario minimal demo Two calls are transmitted In the top section you see the call flow from Asterisk A to Asterisk B see figure 5 When the calls are finished the search is performed and we Asterisk A Asterisk B Executing 9652 asta_incoming 17 r 00 r in new stack Executing 9652 asta_incoming 18 in new stack Executing 9652 asta_incoming 19 SIF eee AN H I H jup 2 in new s in new stack Executing s spitcall 4 in new stack Executing s spitcall 5 name inii new stack xecuting s spitcall 5 ig home viat data minimal in new stac Executing 9652 asta_incoming 20 k 2
11. d log with a similarity of 40 between the two calls Note Although the audio material came from different callers our system recognizes the similarity and is able to block both callers We can now try to make the two calls again but now we are blocked see figure 7 Even EP Asterisk A R Asterisk B Using SIP RTP CoS mark 5 Executing 9652 asta_incoming 17 Si Got SIP response 603 no SPIT allowed back from IP se 0000001 in new stack 10 0 0 12 Executing 9652 asta_incoming 18 Nov 14 03 06 30 2716 pbx_spool c 339 attempt 9900000 in new stack thread Call failed to go through reason 5 Remote e Executing 9652 asta_incoming 19 SI nd is Busy 000001 warte Sekunden bis Hangup 18 12 in new s Got SIP response 603 no SPIT allowed back from 10 0 0 12 Executing 9652 asta_incoming 20 Nov 14 03 06 30 2715 pbx_spool c 339 attempt 1 18 12 in new stack thread Call failed to go through reason 5 Remote e Spawn extension asta_incoming 9652 nd is Busy on zero on SIP ser 00000001 E viat il CLI gt viat il CLI gt Figure 7 Information about blocked caller in Asterisk A left if we would take other call files we wouldn t get through Play The Audio Files Play the audio files and observe that they only differ in noise levels and a little delay of 100 ms totem home viat data minimal SPIT_01_1 wav totem home viat data minimal SPIT_01_d100_n20p w
12. e an example in listing 3 Listing 3 Example configuration for calls home viat scenario minimal config make calls demo pl inpath home viat scenario minimal callfiles tmppath gt home viat scenario minimal tmp outpath gt var spool asta outgoing 0 play each file just once l replays are possible mitzuruecklegen gt 0 file extension of callfiles call_files call start time of simulation starttime 2010 03 28T11 00 00 seconds of simulated time slice ticktime gt 5 time of time slice reality ticklength gt 5 maximum number of calls per tick call_ max gt 15 minimal number of calls per tick call_min gt 5 level of debug output verbose gt hour_loads gt 1 1 1 1 1 00 00 05 59 1 1 1 1 1 06 00 11 59 1 1 1 1 1 12 00 17 59 1 1 1 1 1 18 00 24 00 I number of calls per tick in busyhour busyhour_calls gt 2 Influence of randomness 10 equals to 5 rand_ factor gt 0 play callfiles randomly 0 play callfiles in order 1 play randomly random gt 0 From the script directory just run make calls sh home viat scenario minimal demo 11 References 1 J Strobl G Grutzek B Mainka and H Knospe An Efficient Search Method for the Content Based Identification of Telephone SPAM in IEEE International Conference on Communications ICC pp 2656 2660 june 2012 7 2
13. erisk A J Asterisk B Asterisk 1 6 2 9 2 squeeze8 Copyright C 1999 2010 HAsterisk 1 6 2 9 2 squeeze8 Copyright C 1999 2010 Created by Mark Spencer lt markster digium com gt Created by Mark Spencer lt markster digium com gt Asterisk comes with ABSOLUTELY NO WARRANTY type core Asterisk comes with ABSOLUTELY NO WARRANTY type core is is free software with components licensed under t This is free software with components licensed under t version 2 and other licenses you are welcome t License version 2 and other licenses you are welcome t conditions Type cor li i in conditions Parsing Jetc astaloxtconti A N Found F A Found Connected to Asterisk 1 6 2 9 2 squeeze8 currently runn Connected to Asterisk 1 6 2 9 2 squeeze8 currently runn Verbosity is at least 3 Verbosity is at least 3 viat il CLI gt viat il CLI gt O R tail f var log viat indexd log 20 988078 info src Index cpp 151 Memory allocation succeeded 20 983759 info src TCPServer cpp 175 Acceptor ready at 10 0 0 21 3000 21 069193 info src DBConnection cpp 121 Connection as user viat to database 127 0 un viat viat il script 113x6 il script m Figure 3 VIAT Testing Environment opened in terminal phpPgAdmin PostgreSQL 8 4 13 running on localhost 5432 You are logged in as user phpkgAdmin SR pnpeoadmin m PostgreSQL viat publi
14. ion Servers 0see eee eeee 2 1 8 Direetorles was corsa torsade sn ars tee eee ak NG Dose 22 1 A Basic Example sense a 2 959 Clear Thev Blacklist 2 22 33 2 lim 2 2 3 Create Your Own Call Scenarios 0 0000 c ccc ccc cece cece eee m COON DO TOR BP ww wwN m References il List of Figures Dork WHY m VIAT Testing Environment sank VIAT Database Schemie iai sac casiewies dan eed a a a Wea teal VIAT Testing Environment opened in terminal eee ee eee eee PostgreSQL administration tool opened in web browser Call flow from Asterisk A left to Asterisk B right Partial output of indexd log with a similarity of 40 between the two Calls cabin peal aka Dar Rip Information about blocked caller in Asterisk A left 9 Cc CON OF LY List of Listings Network configuration etc network interfaces cece eee 4 Example configuration for callfiles home viat scenario minimal config make callfiles demo pl 00 cece ccc c eee e eee e eee eee eee tee eee ne eee eens 10 Example configuration for calls home viat scenario minimal config make Calls demo pl wa en ae a his es 11 1 Introduction VIAT means Verfahren zur Identifikation und Abwehr von Telefon SPAM which trans lates to Method for the Identification and Blocking of Telephone SPAM VIAT is a re search project period of time July 2009
15. loper s Guide In figure 2 you can see which information is stored in the database v_caller_blacklist caller caller_blacklist from caller blacklist caller id not in select caller id from caller whitelist AND caller blacklist caller id caller id where v_callee_whitelist call_id callee callee whitelist from callee whitelist callee_id callee id where lt gt call_id integer matched_call_id matched_call_id integer lt gt i length_query smallint not null actual_ mismatches smallint not null offset_position smallint not null processed smallint 1 id serial caller_blacklist caller id caller id integer not nu caller id integer i call_id integer 1 lt gt t old_call_id integer caller id timestamp timestamp lt gt t reason varchar 50 Dl processed smallint indexed smallint 0 id serial name varchar 60 turi varchar 100 4id caller id caller_whitelist caller id integer EEE i erial gt callee id integer uri varchar 100 lt gt Figure 2 VIAT Database Scheme 2 1 6 FrameWave 1 3 1 Framewave is a free and open source collection of popular image and signal processing routines designed to accelerate application development debugging multi threading and optimization on x86 class processor platforms The shared libraries object can be found at usr lib starting with fw
16. s Some additional packages have been installed openssh server postgresql libpq5 libpq dev asterisk libdatetime format iso8601 perl The openssh server is for an easy connection e g via terminal to the virtual machine The packages postgresql libpq5 and libpq dev are for the PostgreSQL database where the last one is needed for compiling our sources The last two packages asterisk and libdatetime format iso8601 perl are for the open source telephony software Asterisk see section 2 1 7 OAnNoa 1kwWNn m NNWNNNNMNNNRPRP RP HERP RRP PRL NOOR WNMNrF OKO AN DOK WNrH OY Listing 1 Network configuration etc network interfaces allow hotplug eth0 iface ethO0 inet dhcp auto eth0 0 iface eth0 0 inet static address 10 0 0 10 netmask 255 255 255 0 auto eth0 1 iface eth0 1 inet static address 10 0 0 11 netmask 255 255 255 0 auto eth0 2 iface eth0 2 inet static address 10 0 0 12 netmask 255 255 255 0 auto eth0 3 iface eth0 3 inet static address 10 0 0 20 netmask 255 255 255 0 auto eth0 4 iface eth0 4 inet static address 10 0 0 21 netmask 255 255 255 0 2 1 4 Boost Library v1 48 with Boost Log v1 1 The libraries are stored in usr lib and have the format libboost_ also The header files are in a new directory in usr include boost 2 1 5 PostgreSQL v8 4 Database For further information about the installation process the created database tables and users see the Deve

V I AT User's Guide v0.3

Contents

Download Pdf Manuals

Related Search

Related Contents