An effective empirical approach to VoIP traffic classification

Authors: NAZAR ABBAS SAQIB, YAQOOT SHAKEEL, MOAZZAM ALI KHAN, HASAN MEHMOOD, MUHAMMAD ZIA

Abstract: It is beneficial for telecommunication authorities and Internet service providers (ISPs) to classify and detect voice traffic. It can help them to block unsubscribed users from using their services, which saves them huge revenues. Voice packets can be detected easily, but it becomes complicated when the application or port information in the packet header is hidden due to some secure mechanism such as encryption. This work provides effective voice packet classification and detection based on behavioral and statistical analysis, which is independent of any application, security protocol, or encryption mechanism. First we have made initial assessments through packet feature analysis followed by the implementation of a voice detection algorithm to perform statistical analysis for classifying traffic over IP networks. The proposed voice detection algorithm is executed in three phases: registering of packet flow traces, signature-based analysis, and voice classification. In the first phase, new packets are registered. In the second phase, registered packets are tested if they are already marked as detected. In the third phase, the voice detection algorithm works at distinguishing encrypted and nonencrypted voice flows by fine-tuning the parameters, which are chosen after a detailed statistical analysis of datasets on security protocols such as secure socket layer, secure session initiation protocol, and secure real-time transport protocol. Our results demonstrate a high true positive rate (TPR) and very low false alarm rate (FAR). The proposed methodology achieves a TPR of 93.6% for offline traces, 100% for the self-configured voice setups, and 95% for the online traffic. The FAR is 0.000084% for offline traces and 0.00020% for online traces, which shows that the proposed methodology is highly efficient and can be incorporated in contemporary telecommunication systems.

Keywords: Traffic classification, Voice over Internet Protocol, secure socket layer, encrypted and decrypted voice

Full Text: PDF