Open Access Peer-reviewed

Identification of Hidden VoIP (Grey Traffic)

Ch. M. Asim Rasheed1, Ayesha Khaliq1, Ammara Sajid1, Sana Ajmal2,

1National University of Science and Technology, Pakistan

2Centre for Advanced Studies in Engineering, Pakistan

Journal of Computer Networks. 2013, 1(2), 15-27. DOI: 10.12691/jcn-1-2-1
Published online: August 25, 2017


National Telecommunication Regulator in many countries around the world imposes call termination taxes on national calls as well as international calls landing in that country. In many third world countries, every year up to 90 % of the international traffic bypasses regulatory checks, causing a huge revenue loss to the country. The use of illegal gateways to bypass the Voice Clearing Houses to terminate international traffic using VoIP gateways, GSM / local line branch exchanges or other related equipment are the simplest means of Grey traffic. Use of the encryption and other network design techniques are the easiest methods to hide the VoIP traffic from any clearing house. We have proposed an architecture based on a mathematical model to detect, segregate and qualify VoIP traffic (Grey) into different categories. The proposed model identifies grey traffic, through traffic analysis techniques coupled with statistical anomaly based intrusion detection system and behavior analysis.


voice over internet protocol (VoIP), grey traffic, international clearing house (ICH), intrusion detection system (IDS), statistical analysis
[1]  Nabil Schear and Nikita Borisov “Preventing SSL Traffic Analysis with Realistic Cover Traffic (extended abstract)” 16th ACM Conference on Computer and Communications Security, CCS 2009.
[2]  Sen. Patrick Leahy “Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act of 2011”, 112th US Congress, 2011-2012.
[3]  PTA, “PTA ANNUAL REPORT 2008-09-10” Annual Reports Published by Pakistan Telecommunication Authority, online available on, 2010.
[4]  ITU “The Status of Voice over Internet Protocol (VoIP) Worldwide, 2006” Report published by International Telecommunication Union, The Future of Voice Document, January 2007.
[5]  Choudhary, M.A.; Aftab, H “Optimizing financial parameters to disincentives international grey traffic and rationalization of measures to curb illegal international telephony in Pakistan” IEEE International Technology Management Conference (ITMC), 2011.View Article
[6]  Toshiya Okabe, Tsutomu Kitamura, and Takayuki Shizuno. “Statistical traffic identification method based on flow-level behavior for fair VoIP service” 1st IEEE workshop on VoIP Management and Security (VoIP MaSe), April 2006.
[7]  Riyad Alshammari and A. Nur Zincir-Heywood “Unveiling Skype Encrypted Tunnels using GP” IEEE Congress on Evolutionary Computation (CEC), 2010.
[8]  Stephens, A., and P. J. Cordell. "SIP and H. 323—interworking VoIP networks." BT technology journal 19.2 (2001): 119-127.View Article
[9]  JPG Dalton Jr, SA Thomas “Clearinghouse server for Internet telephony and multimedia communications” US Patent 7,017,050, 2006.
[10]  Angelos D. Keromytis, “Survey of VoIP Security Research Literature” Voice over IP Security, Springer Briefs in Computer Science, 1, 27-55, 2011.View Article
[11]  Carlos Scott and Chez Ciechanowicz, “Covert channels of communication hidden inside legitimate networks cannot be eliminated but they can be significantly reduced by careful design and analysis”, Information Security Group at Royal Holloway, University of London, 2008.
[12]  Thomas Porter, C. I. S. S. P., and CCDA CCNP. Practical VoIP Security. Syngress, 2006.
[13]  Chou, W. “Strategies to Keep Your VoIP Network Secure” IEEE IT Professional September.-October. 2007.
[14]  Robert Birke, Marco Mellia, Michele Petracca, Dario Rossi “Experiences of VoIP traffic monitoring in a commercial ISP” International Journal of Network Management Special Issue: Traffic Monitoring and Network Measurements: from Theory to Practice, 20(5), 339-359, September/October 2010.
[15]  M. Dusi, M. Crotti, F. Gringoli and L. Salgarelli “Tunnel Hunter: Detecting Application-Layer Tunnels with Statistical Fingerprinting”, Elsevier, Journal of Computer Networks, 53, 81-97, 2009.View Article
[16]  Taner Yildirim and Dr. PJ Radcliffe “VoIP Traffic Classification in IPSec Tunnels”, International Conference on Electronics and Information Engineering (ICEIE 2010).
[17]  A. W. Moore and D. Zuev “Internet traffic classification using Bayesian analysis techniques”, In SIGMETRICS ’05: Proceedings of the 2005 ACM SIGMETRICS international conference on Measurement and modeling of computer systems, pages 50-60, New York, NY, USA, 2005. ACM Press.View Article
[18]  N. Williams, S. Zander, and G. Armitage “A preliminary performance comparison of five machine learning algorithms for practical IP traffic flow classification” SIGCOMM Computer. Communication. Rev., 36(5):5-16, 2006.View Article
[19]  E. Alpaydin “Introduction to Machine Learning” MIT Press, 2004.
[20]  J. Doucette and M. Heywood “Gp Classification under Imbalanced Data Sets: Active Sub-sampling and AUC Approximation”, In European Conference on Genetic Programming, volume. 4971 of Lecture Notes in Computer Science, pages 266-277, 2008.View Article
[21]  Chappell, Laura A. Wireshark Network Analysis: The Official Wireshark Certified Network Analyst Study Guide. Protocol Analysis Institute, Chappell University, 2010.
[22]  Caswell, Brian, Jay Beale, and Andrew Baker. Snort Intrusion Detection and Prevention Toolkit. Syngress, 2007.
[23]  Snex A/S “Application Visibility and Risk Report”, A report on Network Traffic by Paloalto Networks, April 19, 2011.
[24]  Bing Li, Zhigang Jin , Maode Ma, ”VoIP Traffic Identification Based on Host and Flow Behavior Analysis”, 6th International Conference on Wireless Communications Networking and Mobile Computing (WiCOM), 2010.
[25]  Pelaez, J.C.; Fernandez, E.B, “VoIP Network Forensic Patterns” Fourth International Multi-Conference on Computing in the Global Information Technology, 2009. ICCGI '09.
[26]  Venkatesha Prasad, R., et al. "Comparison of voice activity detection algorithms for VoIP." Computers and Communications, 2002. Proceedings. ISCC 2002. Seventh International Symposium on. IEEE, 2002.