{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,9,29]],"date-time":"2025-09-29T08:08:57Z","timestamp":1759133337033,"version":"3.38.0"},"reference-count":47,"publisher":"SAGE Publications","issue":"3","license":[{"start":{"date-parts":[[2014,3,20]],"date-time":"2014-03-20T00:00:00Z","timestamp":1395273600000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/journals.sagepub.com\/page\/policies\/text-and-data-mining-license"}],"content-domain":{"domain":["journals.sagepub.com"],"crossmark-restriction":true},"short-container-title":["Journal of Computer Security"],"published-print":{"date-parts":[[2014,3,20]]},"abstract":"<jats:p> Spam over Internet Telephony (SPIT) is a potential source of disruption in Voice over IP (VoIP) systems. The use of anti-SPIT mechanisms, such as filters and audio CAPTCHA (Completely Automated Public Turing Test to Tell Computer and Humans Apart) can prevent unsolicited calls and lead to less unwanted traffic. In this paper, we present a game-theoretic model, in which the game is played between SPIT senders and internet telephony users. The game includes call filters and audio CAPTCHA, so as to classify incoming calls as legitimate or malicious. We show how the resulting model can be used to decide upon the trade-offs present in this problem and help us predict the SPIT sender\u2019s behavior. We also highlight the advantages in terms of SPIT call reduction of merely introducing CAPTCHA, and provide experimental verification of our results. <\/jats:p>","DOI":"10.3233\/jcs-140496","type":"journal-article","created":{"date-parts":[[2016,5,18]],"date-time":"2016-05-18T07:44:41Z","timestamp":1463557481000},"page":"383-413","update-policy":"https:\/\/doi.org\/10.1177\/sage-journals-update-policy","source":"Crossref","is-referenced-by-count":7,"title":["A game-theoretic analysis of preventing spam over Internet Telephony via audio CAPTCHA-based authentication"],"prefix":"10.1177","volume":"22","author":[{"given":"Yannis","family":"Soupionis","sequence":"first","affiliation":[{"name":"Information Security and Critical Infrastructure Protection Research Laboratory, Department of Informatics, Athens University of Economics & Business, Athens, Greece. E-mails:\u00a0,\u00a0"},{"name":"Joint Research Center, European Commission, Ispra Varese, Italy. E-mail:\u00a0"}]},{"given":"Remous-Aris","family":"Koutsiamanis","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Democritus University of Thrace, Xanthi, Greece. E-mails:\u00a0,\u00a0"}]},{"given":"Pavlos","family":"Efraimidis","sequence":"additional","affiliation":[{"name":"Department of Electrical and Computer Engineering, Democritus University of Thrace, Xanthi, Greece. E-mails:\u00a0,\u00a0"}]},{"given":"Dimitris","family":"Gritzalis","sequence":"additional","affiliation":[{"name":"Information Security and Critical Infrastructure Protection Research Laboratory, Department of Informatics, Athens University of Economics & Business, Athens, Greece. E-mails:\u00a0,\u00a0"}]}],"member":"179","published-online":{"date-parts":[[2014,3,20]]},"reference":[{"key":"ref001","unstructured":"I.\u00a0Androutsopoulos, E.\u00a0Magirou and D.\u00a0Vassilakis, A game theoretic model of spam e-mailing, in: Proc. of the 2nd Conference on Email and Anti-Spam, Stanford University, USA, 2005."},{"key":"ref002","unstructured":"V.\u00a0Balasubramaniyan, M.\u00a0Ahamad and H.\u00a0Park Callrank, Combating spit using call duration, social networks and global reputation, in: Proc. of the 4th Conference on Email and Anti-Spam, USA, August 2007."},{"issue":"2","key":"ref003","first-page":"391","volume":"84","author":"Basu K.","year":"1994","journal-title":"American Economic Review"},{"key":"ref004","doi-asserted-by":"crossref","unstructured":"D.\u00a0Braess, \u00dcber ein Paradoxon aus der Verkehrsplanung, Unternehmensforschung 12, 1968, pp.\u00a0258\u2013268.","DOI":"10.1007\/BF01918335"},{"key":"ref005","doi-asserted-by":"crossref","unstructured":"E.\u00a0Bursztein, S.\u00a0Bethard, C.\u00a0Fabry, J.\u00a0Mitchell and D.\u00a0Jurafsky, How good are humans at solving CAPTCHA? A large scale evaluation, in: Proc. of the 2010 IEEE Symposium on Security and Privacy, USA, 2010, pp.\u00a0399\u2013413.","DOI":"10.1109\/SP.2010.31"},{"key":"ref006","doi-asserted-by":"publisher","DOI":"10.1287\/deca.1040.0022"},{"key":"ref007","doi-asserted-by":"publisher","DOI":"10.1145\/1461928.1461951"},{"key":"ref008","doi-asserted-by":"publisher","DOI":"10.1016\/j.comcom.2008.10.004"},{"key":"ref009","unstructured":"Federal Communications Commission, FCC strengthens consumer protections against telemarketing robocalls, in: The Matter of Rules and Regulations Implementing the Telephone Consumer Protection Act of 1991, CG Docket No. 02-278, February 15, 2012."},{"key":"ref010","unstructured":"Federal Trade Commission, Do-Not-Call Implementation Act of 2003, Public Law No. 108-10, June 2003."},{"key":"ref011","unstructured":"Federal Trade Commission, National Do Not Call Registry Data Book for Fiscal Year 2012, October 2012."},{"key":"ref012","unstructured":"Federal Trade Commission, FTC Settles \u201cRachel\u201d Robocall Enforcement Case (http:\/\/www.ftc.gov\/opa\/2013\/07\/aplus.shtm, retrieved 23 October 2013)."},{"key":"ref013","unstructured":"D.\u00a0Graham-Rowe, A sentinel to screen phone calls technology, MIT Review (2006)."},{"key":"ref014","doi-asserted-by":"crossref","unstructured":"D.\u00a0Gritzalis, V.\u00a0Katos, P.\u00a0Katsaros, Y.\u00a0Soupionis, J.\u00a0Psaroudakis and A.\u00a0Mentis, The Sphinx enigma in critical VoIP infrastructures: Human or botnet? in: Proc. of the 4th International Conference on Information, Intelligence, Systems and Applications, IEEE Press, 2013.","DOI":"10.1109\/IISA.2013.6623704"},{"key":"ref015","doi-asserted-by":"publisher","DOI":"10.1007\/s10207-012-0159-4"},{"key":"ref016","doi-asserted-by":"publisher","DOI":"10.3233\/JCS-2010-0419"},{"key":"ref017","doi-asserted-by":"crossref","unstructured":"B.\u00a0Johnson, J.\u00a0Grossklags, N.\u00a0Christin and J.\u00a0Chuang, Are security experts useful? Bayesian Nash equilibria for network security games with limited information, in: Proc. of the 15th European Symposium on Research in Computer Security, Greece, September 2010, pp.\u00a0588\u2013606.","DOI":"10.1007\/978-3-642-15497-3_36"},{"key":"ref018","unstructured":"A.\u00a0Johnston, SIP: Understanding the Session Initiation Protocol, 2nd edn, Artech House, 2004."},{"key":"ref019","doi-asserted-by":"crossref","unstructured":"C.\u00a0Kanich, C.\u00a0Kreibich, K.\u00a0Levchenko, B.\u00a0Enright, G.\u00a0Voelker, V.\u00a0Paxson and S.\u00a0Savage, Spamalytics: An empirical analysis of spam marketing conversion, in: Proc. of the 15th ACM Conference on Computer and Communications Security, USA, October 2008, pp.\u00a03\u201314.","DOI":"10.1145\/1455770.1455774"},{"key":"ref020","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2010.87"},{"key":"ref021","doi-asserted-by":"publisher","DOI":"10.1109\/SURV.2011.031611.00112"},{"key":"ref022","doi-asserted-by":"publisher","DOI":"10.1080\/13504850500425287"},{"key":"ref023","unstructured":"D.\u00a0Lowd and C.\u00a0Meek, Good word attacks on statistical spam filters, in: Proc. of the 2nd Conference on Email and Anti-Spam, USA, 2005, pp.\u00a021\u201322."},{"key":"ref024","doi-asserted-by":"publisher","DOI":"10.1145\/2480741.2480742"},{"key":"ref025","unstructured":"J.\u00a0McKelvey, D.\u00a0Richard, A.\u00a0McLennan and T.\u00a0Turocy, Gambit: Software Tools for Game Theory, Version 0.2010.09.01, available at: http:\/\/www.gambit-project.org."},{"key":"ref026","unstructured":"R.B.\u00a0Myerson, Game Theory: Analysis of Conflict, Harvard Univ. Press, Cambridge, MA, 1991."},{"key":"ref027","unstructured":"S.\u00a0Niccolini, S.\u00a0Tartarelli, M.\u00a0Stiemerling and S.\u00a0Srivastava, SIP Extensions for SPIT Identification, Internet Draft, Network Working Group, 2007, draftniccolini-sipping-feedback-spit-03."},{"key":"ref028","doi-asserted-by":"crossref","unstructured":"N.\u00a0Nisan, T.\u00a0Roughgarden, E.\u00a0Tardos and V.V.\u00a0Vazirani, Algorithmic Game Theory, Cambridge Univ. Press, New York, NY, USA, 2007.","DOI":"10.1017\/CBO9780511800481"},{"key":"ref029","unstructured":"M.\u00a0Osborne, An Introduction to Game Theory, Oxford Univ. Press, 2003."},{"key":"ref030","unstructured":"M.\u00a0Osborne and A.\u00a0Rubinstein, A Course in Game Theory, The MIT Press, 1994."},{"key":"ref031","unstructured":"G.\u00a0Owen, Game Theory, Academic Press, 1982."},{"key":"ref032","doi-asserted-by":"crossref","unstructured":"C.H.\u00a0Papadimitriou, Algorithms, games, and the Internet, in: Proceedings of the 33rd ACM STOC, New York, NY, USA, 2001, pp.\u00a0749\u2013753.","DOI":"10.1145\/380752.380883"},{"key":"ref033","unstructured":"M.\u00a0Parameswaran, H.\u00a0Rui and S.\u00a0Sayin, A game theoretic model and empirical analysis of spammer strategies, in: Proc. of the Collaboration, Electronic Messaging, Anti-Abuse and Spam Conference, 2010."},{"key":"ref034","doi-asserted-by":"crossref","unstructured":"P.\u00a0Patankar, G.\u00a0Nam, G.\u00a0Kesidis and C.\u00a0Das, Exploring anti-spam models in large scale VOIP systems, in: Proc. of the 28th International Conference on Distributed Computing Systems, China, June 2008.","DOI":"10.1109\/ICDCS.2008.71"},{"key":"ref035","doi-asserted-by":"crossref","unstructured":"J.\u00a0Quittek, S.\u00a0Niccolini, S.\u00a0Tartarelli, M.\u00a0Stiemerling, M.\u00a0Brunner and T.\u00a0Ewald, Detecting SPIT calls by checking human communication patterns, in: Proc. of the IEEE International Conference on Communications, UK, 2007, pp.\u00a01979\u20131984.","DOI":"10.1109\/ICC.2007.329"},{"key":"ref036","doi-asserted-by":"crossref","unstructured":"J.\u00a0Rosenberg and C.\u00a0Jennings, The Session Initiation Protocol (SIP) and spam, Network Working Group, RFC 5039, January 2008.","DOI":"10.17487\/rfc5039"},{"key":"ref037","doi-asserted-by":"crossref","unstructured":"S.\u00a0Sawda and O.\u00a0Urien, SIP security attacks and solutions: A state-of-the-art review, in: Proc. of the IEEE International Conference on Information and Communication Technologies, April 2006, pp.\u00a03187\u20133191.","DOI":"10.1109\/ICTTA.2006.1684926"},{"key":"ref038","doi-asserted-by":"crossref","unstructured":"A.B.\u00a0Shahroudi, R.H.\u00a0Khosravi, H.R.\u00a0Mashhadi and M.\u00a0Ghorbanian, Full Survey on SPIT and prediction of how VoIP providers compete in presence of SPITTERS using Game-Theory, in: Proc. of the 2011 IEEE International Conference on Computer Applications and Industrial Electronics (ICCAIE), Abu Dhabi, 2011, pp.\u00a0402\u2013406.","DOI":"10.1109\/ICCAIE.2011.6162168"},{"key":"ref039","doi-asserted-by":"publisher","DOI":"10.1109\/MNET.2006.1705879"},{"key":"ref040","unstructured":"H.\u00a0Sinnreich and B.A.\u00a0Johnston, Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session, 2nd edn, Wiley Publishing, 2006."},{"key":"ref041","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Soupionis, S.\u00a0Dritsas and D.\u00a0Gritzalis, An adaptive policy-based approach to SPIT management, in: Proc. of the 13th European Symposium on Research in Computer Security, Springer, 2008, pp.\u00a0446\u2013460.","DOI":"10.1007\/978-3-540-88313-5_29"},{"key":"ref042","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2009.12.003"},{"key":"ref043","doi-asserted-by":"crossref","unstructured":"Y.\u00a0Soupionis and D.\u00a0Gritzalis, ASPF: An adaptive anti-SPIT policy-based framework, in: Proc. of the 6th International Conference on Availability, Reliability and Security, Austria, August 2011, pp.\u00a0153\u2013160.","DOI":"10.1109\/ARES.2011.29"},{"key":"ref044","doi-asserted-by":"crossref","unstructured":"M.\u00a0Tambe, M.\u00a0Jain, J.A.\u00a0Pita and A.X.\u00a0Jiang, Game theory for security: Key algorithmic principles, deployed systems, lessons learned, in: 50th Annual Allerton Conference on Communication, Control, and Computing, 2012, pp.\u00a01822\u20131829.","DOI":"10.1109\/Allerton.2012.6483443"},{"key":"ref045","unstructured":"D.\u00a0Vassilakis, I.\u00a0Androutsopoulos and E.\u00a0Mageirou, A game-theoretic investigation of the effect of human interactive proofs on spam e-mail, in: Proc. of the 4th Conference on Email and Anti-Spam, USA, 2007."},{"key":"ref046","doi-asserted-by":"publisher","DOI":"10.1109\/MSP.2005.62"},{"key":"ref047","unstructured":"T.\u00a0Wilson, Competition may be driving surge in botnets and spam, available at: www.darkreading.com\/security\/security-management\/208803799."}],"container-title":["Journal of Computer Security"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-140496","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/full-xml\/10.3233\/JCS-140496","content-type":"application\/xml","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/journals.sagepub.com\/doi\/pdf\/10.3233\/JCS-140496","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,3,11]],"date-time":"2025-03-11T07:37:45Z","timestamp":1741678665000},"score":1,"resource":{"primary":{"URL":"https:\/\/journals.sagepub.com\/doi\/10.3233\/JCS-140496"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2014,3,20]]},"references-count":47,"journal-issue":{"issue":"3","published-print":{"date-parts":[[2014,3,20]]}},"alternative-id":["10.3233\/JCS-140496"],"URL":"https:\/\/doi.org\/10.3233\/jcs-140496","relation":{},"ISSN":["0926-227X","1875-8924"],"issn-type":[{"type":"print","value":"0926-227X"},{"type":"electronic","value":"1875-8924"}],"subject":[],"published":{"date-parts":[[2014,3,20]]}}}