An anomaly-based approach to the analysis of the social behavior of VoIP users

S. Chiappetta, C. Mazzariello, R. Presta, S.P. Romano
<span title="">2013</span> <i title="Elsevier BV"> <a target="_blank" rel="noopener" href="" style="color: black;">Computer Networks</a> </i> &nbsp;
In this paper we present the results of a study we recently conducted by analyzing a very large data set of call detail records, made available by an Italian operator. The objective of such study was twofold: (i) first of all, we wanted to be able to tell well-behaving users apart from potential malicious ones; (ii) once done with the first, coarse-grained, classification, we wanted to conduct an indepth analysis of the various anomalous behaviors characterizing the users who were classified as
potentially malicious after the first step. To the purpose, we leveraged an architecture which was conceived at the outset as a system capable to counter social threats in VoIP networks and which makes an extensive use of clustering techniques combined with a time-dependent, feature-based profiling algorithm. The paper shows how we can reliably identify behavioral patterns associated with the most common anomalous behaviors of VoIP users. It also demonstrates how relational graphs can be fruitfully exploited in order to both validate the results of the cluster-based analysis and ease their interpretation from human operators.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="">doi:10.1016/j.comnet.2013.02.009</a> <a target="_blank" rel="external noopener" href="">fatcat:dysjgzkssbh2na6forpxwecxme</a> </span>
