3 research outputs found
Building a Collaborative Phone Blacklisting System with Local Differential Privacy
Spam phone calls have been rapidly growing from nuisance to an increasingly
effective scam delivery tool. To counter this increasingly successful attack
vector, a number of commercial smartphone apps that promise to block spam phone
calls have appeared on app stores, and are now used by hundreds of thousands or
even millions of users. However, following a business model similar to some
online social network services, these apps often collect call records or other
potentially sensitive information from users' phones with little or no formal
privacy guarantees.
In this paper, we study whether it is possible to build a practical
collaborative phone blacklisting system that makes use of local differential
privacy (LDP) mechanisms to provide clear privacy guarantees. We analyze the
challenges and trade-offs related to using LDP, evaluate our LDP-based system
on real-world user-reported call records collected by the FTC, and show that it
is possible to learn a phone blacklist using a reasonable overall privacy
budget and at the same time preserve users' privacy while maintaining utility
for the learned blacklist.Comment: 15 pages, 10 figures, 7 algorithm
Towards Measuring the Effectiveness of Telephony Blacklists
Presented on February 9, 2018 at 12:00 p.m. in the Klaus Advanced Computing Building, Room 1116W.Sharbani Pandit is a Ph.D. student in the School of Computer Science at Georgia Tech.Runtime: 52:10 minutesThe convergence of telephony with the Internet has led to numerous new attacks that make use of phone calls to defraud victims. In response to the increasing number of unwanted or fraudulent phone calls, a number of call blocking applications have appeared on smartphone app stores, including a recent update to the default Android phone app that alerts users of suspected spam calls. However, little is known about the methods used by these apps to identify malicious numbers, and how effective these methods are in practice.
In this talk, Pandit will show the systematic investigation of multiple data sources that may be leveraged to automatically learn phone blacklists, and to explore the potential effectiveness of such blacklists by measuring their ability to block future unwanted phone calls. Specifically, four different data sources are considered: user-reported call complaints submitted to the Federal Trade Commission (FTC), complaints collected via crowd-sourced efforts (e.g., 800notes.com), call detail records (CDR) from a large telephony honeypot, and honeypot-based phone call audio recordings. Overall, the results show that phone blacklists are capable of blocking a significant fraction of future unwanted calls (e.g., more than 55%). Also, they have a very low false positive rate of only 0.01% for phone numbers of legitimate businesses. Pandit proposes an unsupervised learning method to identify prevalent spam campaigns from different data sources, and show how effective blacklists may be as a defense against such campaigns