iVisher: Real‐Time Detection of Caller ID Spoofing

  title={iVisher: Real‐Time Detection of Caller ID Spoofing},
  author={Jaeseung Song and Hyoungshick Kim and Athanasios Gkelias},
  journal={Etri Journal},
Voice phishing (vishing) uses social engineering, based on people's trust in telephone services, to trick people into divulging financial data or transferring money to a scammer. [...] Key Method We propose a system named iVisher for detecting a concealed incoming number (that is, caller ID) in Session Initiation Protocol-based Voice-over-Internet Protocol initiated phone calls. Our results demonstrate that iVisher is capable of detecting a concealed caller ID without significantly impacting upon the overall…Expand

Figures and Tables from this paper

CEIVE: Combating Caller ID Spoofing on 4G Mobile Phones Via Callee-Only Inference and Verification
CEIVE (Callee-only inference and verification), an effective and practical defense against caller ID spoofing, is proposed, a victim callee only solution without requiring additional infrastructure support or changes on telephony systems. Expand
End-to-End Detection of Caller ID Spoofing Attacks
An SMS-based and a timing-based version of CallerDec that works with existing combinations of landlines, cellular and VoIP networks and can be deployed at the liberty of the users are designed. Expand
Abusing Phone Numbers and Cross-Application Features for Crafting Targeted Attacks
A novel system that takes a potential victim's phone number as an input, leverages information from applications like Truecaller and Facebook about the victim and his / her social network, checks the presence of phone number's owner (victim) on the attack channels, and targets the victim on the chosen channel is demonstrated. Expand
A Mechanism to Authenticate Caller ID
This work proposes a mechanism that can authenticate certified caller IDs, which can be authentic or legitimately-spoofed, and involves caller, receiver of the call, and a third-party to exchange short information. Expand
Data-driven approach for automatic telephony threat analysis and campaign detection
The design and implementation of a Telephony Abuse Intelligence Framework (TAINT) is presented that automatically aggregates, analyzes and reports on telephony abuse activities and deploys on a large dataset of telephony complaints, spanning over seven years, to provide in-depth insights and intelligence about emerging telephony threats. Expand
Nascent: Tackling Caller-ID Spoofing in 4G Networks via Efficient Network-Assisted Validation
Nascent, Network-assisted caller ID authentication, is proposed to validate the caller-ID used during call setup which may not match the previously-authenticated ID, and significantly reduces overhead compared to the state-of-the-art, without sacrificing effectiveness. Expand
Identifying and mitigating cross-platform phone number abuse on social channels
This work aims to detect cybercriminals / spammers that use phone numbers to spread spam on OSNs, and focuses on understanding various ways in which spammers can attack OTT messaging application users by leveraging information from OSNs. Expand
Host-based intrusion detection system for secure human-centric computing
This work proposes a malware detection method based on the behavior information of a process on the host PC that overcomes the limitations of the existing signature-based intrusion detection systems. Expand
Detecting malware with similarity to Android applications
This paper proposes the detection system for android malicious application using static analysis along with malicious feature similarity, which can block installing malicious application on smartphone and also analyze fast and accurately. Expand
Discovering emergency call pitfalls for cellular networks with formal methods
A formal model of emergency call systems with proper granularity is built and two new attacks leveraging the privileges of emergency calls are found. Expand


Are the Con Artists Back? A Preliminary Analysis of Modern Phone Frauds
  • F. Maggi
  • Computer Science
  • 2010 10th IEEE International Conference on Computer and Information Technology
  • 2010
This paper describes a form of phishing where the scammers exploit the phone channel to ask for sensitive information, rather than sending e-mails and cloning trustworthy websites, and analyzes to what extent the criminals rely on automated responders to streamline the vishing campaigns. Expand
Voice pharming attack and the trust of VoIP
Investigating the trust issues of currently deployed VoIP systems and their implications to the VoIP users shows that enforcing TLS or IPSEC between the SIP phone and SIP servers could be an effective first step toward mitigation. Expand
On Spam over Internet Telephony (SPIT) Prevention
An advanced SPIT prevention system is designed and implemented, composed of methods that avoid unnecessary callee interaction and adaptive in order to be customized for different scenarios, and a reference model for SPit prevention systems is introduced. Expand
Authenticating displayed names in telephony
A framework that allows each call participant to authenticate the displayed name of other parties via public name registries and International Telecommunication Union Telecom Standardization Sector (ITU-T) X.509 certificates is presented. Expand
Voice phishing detection technique based on minimum classification error method incorporating codec parameters
The authors propose an effective voice phishing detection algorithm based on a Gaussian mixture model (GMM) employing the minimum classification error (MCE) technique and the experimental results show that the proposed method is effective in discriminating between true statements and lies. Expand
A secure and efficient SIP authentication scheme for converged VoIP networks
This paper demonstrates that recently proposed SIP authentication schemes are insecure against attacks such as off-line password guessing attacks, Denning-Sacco attacks and stolen-verifier attacks. Expand
Holistic VoIP intrusion detection and prevention system
It is shown in this paper, how different and complementary conceptual approaches can jointly provide an in depth defense for VoIP architectures. Expand
PrivaSIP: Ad-hoc identity privacy in SIP
The most significant advantage of this method is that it can assure user ID protection even when SIP messages are transmitted through untrusted SIP domains before reaching the Home Domain of the user or another trusted domain. Expand
SIPA: generic and secure accounting for SIP
This paper substantially improves previous work by providing the required Diameter application namely SIP-Accounting (SIPA) that enables the use of the authors' accounting scheme for Session Initiation Protocol (Sip) services and implementing an add-on mechanism referred to as SIPA+ to combat attacks targeting the core accounting functions and the integrity of the respective accounting messages. Expand
Network overload and congestion: A comparison of ISUP and SIP
A comparison of SIP and ISUP congestion control functions as well as an analysis of mechanisms that could be deployed in SIP networks to enable them to achieve parity with ISUP networks are provided. Expand