Master Thesis Defense - September 18, 2017: Data-driven Approach for Automatic Telephony Threat Analysis and Campaign Detection

Houssem Eddine Bordjiba

Monday, September 18, 2017 at 3:00 p.m.
Room EV003.309

You are invited to attend the following M.A.Sc. (Information Systems Security) thesis examination.

Examining Committee

Dr. A. Youssef, Chair
Dr. M. Debbabi, Supervisor
Dr. C. Assi, CIISE Examiner
Dr. O. Ait-Mohamed, External Examiner (ECE)

Abstract

The growth of the telephone network and the availability of Voice over Internet Protocol (VoIP) have both contributed to the availability of a flexible and easy to use artifact for users, but also to a significant increase in cyber-criminal activity. These criminals use emergent technologies to conduct illegal and suspicious activities. For instance, they use VoIP’s flexibility to abuse and scam victims. A great deal of interest has been expressed into the analysis and assessment of telephony cyber-threats. A better understanding of these types of abuse is required in order to detect, mitigate, and attribute these attacks.

The purpose of this research work is to generate relevant and timely telephony abuse intelligence that can support mitigation and/or investigation activities. To achieve this objective, we present, in this thesis, the design and implementation of a Telephony Abuse Intelligence Framework (TAINT) that automatically aggregates, analyzes and reports on telephony abuse activities. Such a framework monitors and analyzes, in near-real-time, crowd-sourced telephony complaints data from various sources. We deploy our framework on a large dataset of telephony complaints, spanning over seven years, to provide in-depth insights and intelligence about emerging telephony threats. The framework presented in this thesis is of a paramount importance when it comes to the mitigation, the prevention and the attribution of telephony abuse incidents. We analyze the data and report on the complaint distribution, the used numbers and the spoofed callers’ identifiers. In addition, we identify and geo-locate the sources of the phone calls, and further investigate the underlying telephony threats. Moreover, we quantify the similarity between reported phone numbers to unveil potential groups that are behind specific telephony abuse activities that are actually launched as telephony abuse campaigns.