Simulation of SPIT Filtering: Quantitative Evaluation of Parameter Tuning

A future where Internet telephony will constitute a target valuable to attack is not so unrealistic. E-mail spam botnets software can be updated to send voice spam (commonly referred to as SPIT, spam over Internet telephony) constituting a huge threat to VoIP-based applications and business. This paper tries to learn from one of the biggest lessons learnt from the e-mail world, i.e. "do not wait until is too late", and proposes a quantitative study, based on a simulation campaign, of SPIT filtering based on the analysis of the call setup protocols. After discussing attack scenarios based on dichotomic choices by the attacker, it presents how the SPIT filtering system can be optimized in order to self-tune parameters achieving high SPIT detection ratio and low false rates at the same time.