The Spam over Internet Telephony Era. Stelios Dritsas

The Spam over Internet Telephony Era Stelios Dritsas September 2008

ΟΙΚΟΝΟΜΙΚΟ ΠΑΝΕΠΙΣΤΗΜΙΟ ΑΘΗΝΩΝ ΤΜΗΜΑ ΠΛΗΡΟΦΟΡΙΚΗΣ ΔΙΑΤΡΙΒΗ για την απόκτηση Διδακτορικού Διπλώματος του Τμήματος Πληροφορικής Στέλιου Δρίτσα Ασφάλεια στη Διαδικτυακή Τηλεφωνία: Διαχείριση Περιστατικών SPIT (Spam over Internet Telephony) Εξεταστική Επιτροπή: Συμβουλευτική Επιτροπή: Επιβλέπων: Δημήτρης Γκρίτζαλης, Αναπληρωτής Καθηγητής Οικονομικό Πανεπιστήμιο Αθηνών Μέλη: Σωκράτης Κάτσικας, Καθηγητής Πανεπιστήμιο Πειραιώς Κώστας Λαμπρινουδάκης, Επίκουρος Καθηγητής Πανεπιστήμιο Αιγαίου Δημήτρης Γκρίτζαλης, Αναπληρωτής Καθηγητής, Πρόεδρος Οικονομικό Πανεπιστήμιο Αθηνών Θεόδωρος Αποστολόπουλος, Καθηγητής Οικονομικό Πανεπιστήμιο Αθηνών Σωκράτης Κάτσικας, Καθηγητής Πανεπιστήμιο Πειραιώς Πάνος Κωνσταντόπουλος, Καθηγητής Οικονομικό Πανεπιστήμιο Αθηνών Νικόλαος Μήτρου, Καθηγητής Εθνικό Μετσόβειο Πολυτεχνείο Αθηνών Ίων Ανδρουτσόπουλος, Επίκουρος Καθηγητής Οικονομικό Πανεπιστήμιο Αθηνών Αθήνα, Σεπτέμβριος 2008 Κώστας Λαμπρινουδάκης, Επίκουρος Καθηγητής Πανεπιστήμιο Αιγαίου

"Η έγκριση διδακτορικής διατριβής υπό του Τμήματος Πληροφορικής του Οικονομικού Πανεπιστημίου Αθηνών δεν υποδηλοί αποδοχή των γνωμών του συγγραφέως". (Ν. 5343/ 1932, αρθρ. 202) Οικονομικό Πανεπιστήμιο Αθηνών 3

ΠΡΟΛΟΓΟΣ ΕΥΧΑΡΙΣΤΙΕΣ Με το πέρας μιας ερευνητικής προσπάθειας, της οποία η συγγραφή αποτελεί το επιστέγασμα της όλης πορείας, ολοκληρώνεται, συνήθως, ένα μακρύ, επίπονο, και θέλω να ελπίζω δημιουργικό ταξίδι. Σε αυτό το μακρύ δρόμο οι εμπειρίες που αποκομίστηκαν ήταν ιδιαίτερα σημαντικές - άλλοτε θετικές και άλλοτε αρνητικές. Στο πλαίσιο αυτό, θα ήθελα να ευχαριστήσω τους συναδέλφους και φίλους, που υποστήριξαν, βοήθησαν και συμμετείχαν ο καθένας με τον τρόπο του στην όλη προσπάθεια. Πρώτα και κύρια, εκφράζω τις θερμές ευχαριστίες μου στον επιβλέποντα καθηγητή μου κ. Δημήτρη Γκρίτζαλη για την εμπιστοσύνη και τη συνεχή του στήριξή του όλα αυτά τα χρόνια. Πέρα από τις πολύτιμες γνώσεις και εμπειρίες, σχετικά με τα ζητήματα Ασφάλειας των Πληροφοριακών και Επικοινωνιακών Συστημάτων, το σημαντικότερο στοιχείο που αποκόμισα, όλα τα χρόνια της συνεργασίας, μας είναι ότι με έμαθε να βλέπω τη ζωή υπό διαφορετικό πρίσμα, να σκέφτομαι πάντα θετικά και το κυριότερο να στηρίζομαι στις δυνάμεις μου αυτενεργώντας και παίρνοντας πρωτοβουλίες, έστω και αν κάποιες από αυτές είχαν ιδιαίτερο ρίσκο. Στη μεταξύ μας σχέση, ειλικρινά με εκφράζει το εξής απόσπασμα: What the teacher is, is more important than what he teaches (Κ. Menninger). Η διακριτική στήριξη των μελών της Τριμελούς Επιτροπής παρακολούθησης της διατριβής, του Καθηγητή κ. Σωκράτη Κάτσικα και του Επίκουρου Καθηγητή κ. Κώστα Λαμπρινουδάκη, κυρίως, σε θέματα ερευνητικών κατευθύνσεων της διατριβής ήταν πολύτιμη και διαρκής. Επιπρόσθετα, θα ήθελα να ευχαριστήσω τον καθηγητή κ. Πάνο Κωνσταντόπουλο, για την ουσιαστική του βοήθεια σε ένα σημαντικό κομμάτι της παρούσας διατριβής. Από τον μακρύ κατάλογο των συναδέλφων και φίλων, που επηρέασαν την έκβαση της εργασίας αυτής δε θα μπορούσα να εξαιρέσω τα μέλη της ερευνητικής ομάδας της Ασφάλειας Πληροφοριών και Προστασίας Κρίσιμων Υποδομών του Οικονομικού Πανεπιστημίου. Ειδική μνεία γίνεται στους Βασίλη Τσούμα, Γιάννη Μάλλιο Βίκη Ντρίτσου Μαριάνθη Θεοχαρίδου και Γιάννη Σουπιώνη με τους οποίους η συνεργασία μας, όλα αυτά τα χρόνια, με επηρέασαν βαθιά, τόσο σε ερευνητικό και συνεργατικό όσο και φιλικό επίπεδο. Οι συζητήσεις μας ήταν πλούσιες και εποικοδομητικές, ενισχύοντας σε μεγάλο βαθμό τη μεταξύ μας συνέργεια. Περαιτέρω, θα ήθελα να ευχαριστήσω τους μεταπτυχιακούς και προπτυχιακούς φοιτητές με τους οποίους συνεργάστηκα και αρκετά τμήματα της διατριβής συν-υλοποιήθηκαν. Παράλληλα, θα ήθελα να ευχαριστήσω την οικογένειά μου για τα όσα μου έχουν προσφέρει μέχρι σήμερα, ο καθένας από τη δική του πλευρά και με τις δικές του δυνατότητες καθώς και τη σύντροφό μου, Φαλιά, για την αγάπη, και, κυρίως, την υπομονή και ανοχή της καθ όλη τη διάρκεια της ερευνητικής μου προσπάθειας. Τέλος, θα ήθελα να ευχαριστήσω το φίλο Χρήστο Μ., κυρίως λόγω του ότι μέσω των μεταξύ μας συζητήσεων, Οικονομικό Πανεπιστήμιο Αθηνών 4

διαφωνιών και αστείων αλληλο-βοηθηθήκαμε σε διάφορους τομείς της ζωής και καθημερινότητάς μας. Οικονομικό Πανεπιστήμιο Αθηνών 5

Στην οικογένεια μου. Life does not put things in front of you that you are unable to handle Anonymous Οικονομικό Πανεπιστήμιο Αθηνών 6

References 1. Abdul-Rahman A., Hailes S., Supporting Trust in Virtual Communities, in the Proc. of the 33rd Hawaii International Conference on System Sciences, 2000. 2. Agrawal D., Giles J., Lee K.-W., Lobo J., Policy Ratification. In Proc. of 6th IEEE International Workshop on Policies for Distributed Systems and Networks, Stockholm, Sweden, IEEE, June 2005. 3. von Ahn L., Blum M., Hopper N., Langford J., CAPTCHA: Using hard AI problems for security, in Proc. Of 22nd Annual International Conference on the Theory and Applications of Cryptographic Techniques (EuroCrypt03), pp. 294-311, Warsaw, Poland, May 2003. 4. von Ahn L., Blum M,, Langford J., Telling Humans and Computers Apart Automatically in the Communications of the ACM, V.47, No. 2, pp. 57-60, February 2004. 5. aicaptcha, Using AI to beat CAPTCHA and post comment spam, http://www.mperfect.net/aicaptcha/, Retrieved on December 2007. 6. Amaral F., Bazilio C., da Silva G., Rademaker A., Haeusler E. H., An Ontology-based Approach to the Formalization of Information Security Policies, in the Proc. of the 10th International Enterprise Distributed Object Computing Conference Workshops (EDOCW06), pp. 1, IEEE Computer Society, Hong Kong, China, 2006. 7. Androutsopoulos I., Paliouras G., Karkaletsis V., Sakkis G., Spyropoulos C.D., Stamatopoulos P., Learning to filter spam e-mail: A comparison of a naive bayesian and a memory based approach, in Proc. of the Workshop on Machine Learning and Textual Information Access, 4th European Conference on Principles and Practice of Knowledge Discovery in Databases (PKDD 2000), pp. 1 13, 2000. 8. Arboi M, The Nessus Attack Scripting Language Reference Guide, 2002. 9. Baird H. S., Bentley J. L., "Implicit CAPTCHAs," in the Proc. of the Conference on Document Recognition and Retrieval XII (DR&R2005), pp. 191-196, San Jose, CA, 2005. 10. Balopoulos T., Dritsas S., Gymnopoulos L., Karyda M., Kokolakis S., Gritzalis S., "Incorporating Security Requirements into the Software Development Process", in Proc. of the ECIW 2005 4 th European Conference on Information Warfare and Security, A. Jone, B. Hutchinson (Eds.), United Kingdom, July 2005. 11. V.A. Balasubramaniyan, M. Ahamad, H. Park, CallRank: Combating SPIT Using Call Duration, Social Networks and Global Reputation, in Proc. Of Fourth Conference on Email and Anti-Spam, August 2007, California, USA. 12. R. Baumann, S. Cavin, S. Schmid, Voice Over IP - Security and Spit, Swiss Army, FU Br 41, KryptDet Report, Univ. of Berne, September 2006. 13. Bemmel J., Dockhorn P., Widya I., Paradigm: Event-driven Computing, White paper, Lucent Technologies, CTIT, December 2004. 14. Berners-Lee T., Hendler J., Lassila O., The Semantic Web, In Scientific American. Available at : http://www.scientificamerican.com/article.cfm?articleid=00048144-10d2-1c70-84a9809ec588ef21&catid=2, 2001, (Accessed May 2008) Οικονομικό Πανεπιστήμιο Αθηνών 7

15. Berndtsson M., Calestam B., Graphical notations for active rules in UML and UML-A, in the ACM SIGSOFT Software Engineering Notes, Vol. 28,Issue 2, pp.2, ACM, 2003. 16. Black U., Voice Over IP, Prentice Hall, 1999. 17. Blum M. et al, The CAPTCHA Project, "Completely Automatic Public Turing Test to tell Computers and Humans Apart," Department of Computer Science, Carnegie-Mellon University, November 2000, http://www.captcha.net. 18. Brewer, D., Thirumalai, S., Gomadam, K., Li, K. Towards an Ontology Driven Spam Filter. In Proc. of the 22nd IEEE International Conference on Data Engineering Workshops (ICDEW 06), pp. 79, Atlanta, GA, USA, 2006,. 19. Brickley D., Guha R., Resource Description Framework (RDF) Schema Specification 1.0, W3C Recommendation, December 2004. 20. Burgess M., A Site Configuration Engine. USENIX Computing systems 8(3), 1995. 21. Camarillo G., SIP Demystified, Mc Graw Hill, 2002. 22. Secure Networks: Custom Attack Simulation Language (CASL), January 1998. 23. Chan T.Y., "Using a text-to-speech synthesizer to generate a reverse Turing test" in the Proc. of the 15th IEEE International Conference on Tools with Artificial Intelligence, pp. 226-232, Sacramento, USA, 2003. 24. Chew M., Tygar J.D., Image Recognition CAPTCHAs, in the Proc. of the 7th Annual Information Security Conference (ISC 04), pp. 268 279, Palo Alto, CA, September 2004. 25. Chellapilla K., Simard P., Using machine learning to break visual human interaction proofs, in Proc. of the Advances in Neural Information Processing Systems (NIPS) Conference, pp. 265-272, MIT Press, Canada, 2005. 26. Chellapilla K., Simard P., Czerwinski M., Computers beat humans at single character recognition in reading-based human interaction proofs (HIPs), in Proc. of the Second Conference on Email and Anti-Spam (CEAS), pp. XXX-XXX, Palo Alto, CA, July 2005 27. Chellapilla K., Larson K., Simard P., Czerwinski M., Building Segmentation Based Human friendly Human Interaction Proofs (HIPs), in Proc. of the Second International Workshop on Human Interactive Proofs (HIP2005), Lecture Notes in Computer Science 3517, pp. 1-26, Springer Verlag, Bethlehem PA, USA, May 2005. 28. Chen S., Tung B., Schnackenberg D., The Common Intrusion Detection Framework (CIDF), Position paper accepted to the Information Survivability Workshop, Orlando, Florida USA, October 1998. 29. Jaeduck Choi, Souhwan Jung, Yujung Jang, Yoojae Won, Youngduk Cho, Experiments on SPIT in the Commercial VoIP Services, Internet Draft, Network Working Group, 2007, draft-choi-sipping-experiments-spit-01 30. Clark, J., Koprinska, I. Poon J., A neural network based approach to automated e-mail classification, in. Proc. of the IEEE/WIC International Conference on Web Intelligence (WI03), pp. 702-705, 2003. 31. Coates A. L., Baird H. S., Fateman R., Pessimal Print: a Reverse Turing Test" in the Proc. of the 6th International Conference on Document Analysis and Recognition, pp. 1154-1158, Seattle, WA, September 2001. Οικονομικό Πανεπιστήμιο Αθηνών 8

32. Cohen, W., Carvalbo, V., Mitchell, T. Learning to Classify Email into Speech Acts, in Proc. of the Empirical Methods in Natural Language Processing (EMNLP 2004), pp. 309-316, Barcelona, Spain, 2004. 33. Cortes C., Vapnik V., Support-vector networks, in Machine Learning, Vol. 20 (3), pp. 273 297, 1995. 34. Costales B., Flynt M., sendmail Milters A Guide for Fighting Spam, Addison Wesley Professional, 2005 35. Cristiatnini N, Shawe-Taylor J, An introduction to Support Vector Machines and Other Kernel-Based Learning Methods, Technical Report, Cambridge University Press, 2003. 36. D. Crocker, V. Schryver, J. Levine, Technical Considerations for Spam Control Mechanisms, Internet Draft, Network Working Group, 2003, draft-crocker-spamtechconsider02 37. N. Croft, M. Olivier, "A Model for Spam Prevention in Voice over IP Networks using Anonymous Verifying Authorities," in Proc. of the 5th Annual Information Security South Africa Conference, South Africa, July 2005. 38. Cuppens F., Ortalo R., LAMBDA: A Language to Model a Database for Detection of Attacks:, in: Proc. of the Third International Workshop on Recent Advances in Intrusion Detection, LNCS 1907, pp. 1, Springer, Toulouse, France, 2000. 39. Damianou N., A Policy Framework for Management of Distributed Systems. Doctoral Thesis, Imperial College of Science, Technology and Medicine, University of London, London, 2002. 40. DAML, The DARPA Agent Markup Language Homepage, 2004 41. Dantu R., Loper K., Kolan P., "Risk Management Using Behavior Based Attack Graphs", in Proc. of the IEEE International Conference on Information Technology (ITCC04), pp. 445-450, IEEE Press, Las Vegas, USA, April 2004. 42. R. Dantu, P. Kolan, Detecting Spam in VoIP Networks, in Proc. of Steps to Reducing Unwanted Traffic on the Internet Workshop, July 2005, USA. 43. Davis, R., Shrobe, H., Szolovits P, What is in a Knowledge Representation?, in the AI Magazine, pp. 17-33, 1993. 44. G. Dawirs, T. Froment, H. Tschofenig, Authorization Policies for Preventing SPIT, Internet-Draft, Network Working Group, 2007, draft-froment-sipping-spit-authzpolicies-02 45. Dean M., et al., OWL Web Ontology Language Reference, W3C Recommendation, 2004 46. Decker S., et al., Ontobroker: Ontology based access to distributed and semistructured information, iin R. Meersman et al. (Eds.), DS-8: Semantic Issues in Multimedia Systems, Kluwer Academic Publishers, 1999. 47. Devlic A., Extending CPL with context ontology, in the Proc. of the Innovative Mobile Applications of Context Workshop (IMAC06), pp. xxx-xxx, Espoo, Finland, 2006. 48. Dhamija R., Tygar J.D., Phish and HIPs: Human Interactive Proofs to Detect Phising Attacks, in the Proc. of the 2 nd International Workshop on Human Interactive Proofs (HIP 05), eds. H. Baird, D. Lopresti, pp. 127-141, May 2005. Οικονομικό Πανεπιστήμιο Αθηνών 9

49. Ding L., Kolari P., Ding Z., Avancha S., Finin T., Joshi A., "Using Ontologies in the Semantic Web: A Survey", Technical Report TR-CS-05-07, UMBC, July 2005. 50. D. Malas, SIP End-to-End Performance Metrics, Internet Draft, Network Working Group, 2007, draft-malas-performance-metrics-07.txt 51. Internet Protocol Telephony and Voice Over Internet Protocol, Security Technical Implementation Guide, Report Developed by DISA for DoD, Ver. 2, Rel. 2, April 2006. 52. S. Dongwook, A. Jinyoung, S. Choon, Progressive Multi Gray-Leveling: A Voice Spam Protection Algorithm, IEEE Network, 20(5), pp. 18-24, Sept./Oct. 2006. 53. Dritsas S., Gymnopoulos L., Karyda M., Balopoulos T., Kokolakis S., Lambrinoudakis C., Gritzalis S., "Employing Ontologies for the Development of Security Critical Applications: The Secure e-poll Paradigm", in Proc. of the IFIP I3E International Conference on ebusiness, ecommerce, and egovernemnt, Funabashi M., Grzech A. (Eds.), pp. 187-201, Springer, Poland, October 2005. 54. Dritsas S., Mallios J., Gritzalis D., Labrinoudakis C., "Applicability of Privacy Enhancing Technologies in Ubiquitous Computing environments", in Proc. of the IEEE Workshop on Security, Privacy and Trust in Ubiquitous Computing (SecPerU-2005), pp. 61-70, IEEE Press, Greece, August 2005. 55. Dritsas S., Gritzalis D., Lambrinoudakis C., "Protecting privacy and anonymity in pervasive computing trends and perspectives", Telematics and Informatics Journal, Special Issue on Privacy and Anonymity in the Global Village, Vol. 23, No. 3, pp. 196-210, Elsevier Science, 2006 56. Dritsas S., Tsaparas J., Gritzalis D., "A Generic Privacy Enhancing Technology for Pervasive Computing Environments", in Proc. of the 3 rd International Conference on Trust, Privacy and Security in Digital Business (TrustBus 2006/DEXA 2006), Furnell S., et al. (Eds.), pp. 103-113, Lecture Notes in Computer Science (LNCS 4083), Springer, Poland, September 2006. 57. Dritsas S., Mallios J., Theoharidou M., Marias G., Gritzalis D., "Threat analysis of the Session Initiation Protocol regarding spam", in Proc. of the 3 rd IEEE International Workshop on Information Assurance (in conjunction with the 26 th IEEE International Performance Computing and Communications Conference (IPCCC-2007), pp. 426-433, IEEE Press, New Orleans, April 2007. 58. S. Dritsas, J. Soupionis, M. Theoharidou, J. Mallios, D. Gritzalis, "SPIT Identification Criteria Implementations: Effectiveness and Lessons Learned", in Proc. of the 23rd International Information Security Conference (SEC-2008), Samarati P.,et al. (Eds.), Springer, Milan, September 2008 (to appear) 59. S. Dritsas, V. Dritsou, B. Tsoumas, P. Constantopoulos, D. Gritzalis, OntoSPIT: SPIT management through ontologies, Computer Communications, March 2008. 60. Duan Z., Dong Y., Gopalan K., DMTP: Controlling spam through message delivery differentiation, in the Proc. of the 5th International IFIP-TC6 Networking Conference (Networking 06), Boavida, F.; Plagemann, Th.; Stiller, B.; Westphal, C.; Monteiro, E. (Eds.), Lecture Notes in Computer Science, Vol. 3976, Portugal, May 2006. Οικονομικό Πανεπιστήμιο Αθηνών 10

61. Duan Z., Gopalan K., Yuan X., Behavioral Characteristics of Spammers and Their Network Reachability Properties, in the Proc. of the IEEE International Conference on Communications (ICC '07), pp. 164-171, June 2007. 62. Dwork C., Naor M., Pricing via Processing or Combating Junk Mail, in the Proc. of the 22nd International Conference on cryptology (Crypto02), pp.139 147, Santa Barbara, California, USA, 1992. 63. Eckmann St. T.; Vigna, G.; Kemmerer, R. A.: STATL: an Attack Language for Statebased Intrusion Detection, in Proc. of the ACM Workshop on Intrusion Detection, pp. 2, Athens, Greece, November 2000. 64. Emigh A., Online Identity Theft: Phishing Technology, Chokepoints and Countermeasures, ITTC Report on Online Identity Theft Technology and Countermeasures, October 2005. 65. Feiertag R., Kahn C., Porras P., Schnackenberg D.,Chen S.S., Tung B.(Eds), A Common Intrusion Specification Language (CISL), available at www.gidos.org, 1998-2000. 66. Gambetta D., Trust: Making and Breaking Cooperative Relations, Oxford: Basil Blackwell, 1988. 67. Geneiatakis, D., Lambrinoudakis, C. An ontology description for SIP security flows. In Computer Communications, 2007, 30 (6) pp. 1367-1374. 68. Gehani N.H., Jagadish H. V., Shmueli O., Event specification in an active objectoriented database, in Proc. of the International Conference on Management of Data (SIGMOD), pp. 81-90, San Diego, California, 1992. 69. Glasmann J, Kellerer W., Müller H, Service Architectures in H.323 and SIP: A Comparison, in IEEE Communications Surveys and Tutorials, Vol. 5, No.2, 4 th Quarter 2003. 70. Gómez J.M., Bringas G., Sánz E. P., Content Based SMS Spam Filtering, in the Proc. of the ACM Symposium on Document Engineering (DocEng'06), Amsterdam, The Netherlands, October 2006. 71. Goodman J., Rounthwaite R, Stopping Outgoing Spam, in the Proc. of the ACM Conference on Electronic Commerce (EC'04), New York, USa, May 2004. 72. Gritzalis D., Mallios Y., "A SIP-based SPIT management framework", Computers & Security, 2008 (to appear). 73. Gruber T., Toward principles for the design of ontologies used for knowledge sharing, in Formal Ontology in Conceptual Analysis and Knowledge Representation, Kluwer Academic Publishers, 1993. 74. Guarino N, Formal ontology, conceptual analysis and knowledge representation, in the International Journal of Human-Computer Studies, Vol 43, pp.625-640, 1995. 75. Guarino N. Understanding, building and using ontologies, in the International Journal Of Human- Computer Studies, 46, (2-3), pp. 293-310, 1997. 76. Guha, R., Kumar R., Raghavan P., and Tomkins A., Propagation of trust and distrust. in the Proc. of the Thirteenth International World Wide Web Conference (WWW04), pp. 403-412, New York, USA, 2004. Οικονομικό Πανεπιστήμιο Αθηνών 11

77. Packet-Based Multimedia Communications Systems, ITU-T Recommendation H.323, 2003. 78. Hall R.V, CAPTCHA as a Web Security Control, Technical Report (2005-12-17), University of Houston-Victoria, Published at www.richhall.com, December 17, 2005. 79. M. Hansen, M. Hansen, J. Moller, Developing a Legally Compliant Reachability Management System as a Countermeasure against SPIT, in Proc. Of the Third Annual VoIP Security Workshop, June 2006, Berlin, Germany. 80. Haskins R., Nielsen D., Slamming Spam: A Guide for System Administrators, Addison Wesley Professional, 2004 81. Hayton R. J., Bacon J. M., Moody, K., Access Control in an Open Distributed Environment, In Proc. of the IEEE Symposium on Security and Privacy, Oakland, California, U.S.A., May 1998. 82. Heflin, J. (Editor), OWL Web Ontology Language Use Cases and Requirements, Web Ontology Working Group, W3C Recommendation, February 2004. 83. Heflin, J. (Editor), Web Ontology Working Group. (2004). OWL Web Ontology Language Use Cases and Requirements, W3C Recommendation 10 February 2004. Available at http://www.w3.org/tr/webont-req/ (Σεπτέμβριος 2006). 84. Helmer G., Wong J., Slagell M., Honavar V., Miller L., A Software Fault Tree Approach to Requirements Analysis of an Intrusion Detection System, in Proc. of the ACM Symposium on Requirements Engineering for Information Security, USA, 2001. 85. Holsapple C., Joshi K., A collaborative approach to ontology design, in Com. Of the ACM, 45(2):42-47, 2002. 86. Horrocks I., Patel-Schneider P., Boley H., Tabet S., Grosof B., Dean M., SWRL: A Semantic Web Rule Language Combining OWL and RuleML, The DARPA Agent Markup Language Homepage, November 2003. 87. Horrocks I., Patel-Schneider P. F., Boley H., Tabet S., Grosof B., Dean M., SWRL: A Semantic Web Rule Language Combining OWL and RuleML. W3C Recommendation, 2004. 88. Jaebum L., Policy Considerations of VOIP, Working Party on Telecommunication and Information Services Policies, ICCP Committee, March 2006. 89. Jajodia S., Samarati P., Sapino M. L., Subrahmanian, V. S., Flexible Support for Multiple Access Control Policies, ACM Transactions on Database Systems, 26(2), pp. 214-260, 2000. 90. C. Jennings, K. Ono, Example call flows using Session Initiation Protocol (SIP) security mechanisms, Internet Draft, Network Working Group, 2006, draft-ietf-sip-sec-flows- 01 91. C. Jennings, Computational Puzzles for SPAM Reduction in SIP, Internet Drafts, Network Working Group, 2007, draft-jennings-sip-hashcash-06 92. Jha S., Sheyner O., Wing J., Two Formal Analyses of Attack Graphs, in Proc. of the 15th IEEE Computer Security Foundations Workshop, pp. 49-63, IEEE Press, Canada, June 2002. 93. Johnston A., SIP: Understanding the Session Initiation Protocol, 2nd edition, Artech House, 2004. Οικονομικό Πανεπιστήμιο Αθηνών 12

94. Jøsang A., Ismail R., Boyd C., A Survey of Trust and Reputation Systems for Online Service Provision, in Decision Support Systems, 2007. 95. Kagal L., Finin T., Joshi, A., A policy language for a pervasive computing environment, In Proc. of the 4th IEEE International Workshop on Policies for Distributed Systems and Networks. 96. KHASNABISH B., Implementing Voice over IP, Wiley InterScience, 2003 97. A. Khorsi, Djillali Liabes, An Overview of Content-Based Spam Filtering Techniques, in the Informatica Journal, Vol. 31, pp. 269-277, (2007) 98. Kim, J., Dou, D., Liu, H., Kwak, D. Constructing A User Preference Ontology for Anti- Spam Mail Systems, in Proc. of the 20th Conference of the Canadian Society for Computational Studies of Intelligence, Canadian AI 2007, pp. 272-283, Montreal, Canada, 2007. 99. Konar A., Artificial Intelligence and Soft Computing: Behavioral and Congnitive Modeling of the Human Brain, CRC Press, 2000. 100. Kotapati K., Liu P., LaPorta T., CAT - A Practical Graph and SDL Based Toolkit for Vulnerability Assessment of 3G Networks, in Proc. of the 21st IFIP International Information Security Conference (SEC 2006), pp. 158-170, Springer, Sweden, May 2006. 101. Lan M., Zhou W., Spam Filtering Based on Preference Ranking, in the Proc. of the 5th International Conference on Computer and Information Technology (CIT 05), pp. 223 227, Dallas, USA, December 2005. 102. Lassila O.,Swick R, Resource Description Framework (RDF) Model and Syntax Specification, W3C Recommendation, Technical report, World Wide Web Consortium, 1999. 103. Lindqvist U., Porras P.A., Detecting computer and network misuse through the production-based expert system toolset (P-BEST), in Proc. of the IEEE Symposium on Security and Privacy, pp 2-4, Oakland, California 1999. 104. Lobo J., Bhatia R., Naqvi, S., A Policy Description Language, In Proc. of 16th National Conf. on Artificial Intelligence, Orlando, Florida, USA, 18-22 July 1999. 105. B. Madhosingh, The Design of a Differentiated SIP to Control VoIP Spam, Technical Report, Computer Science Department, Florida State University, 2006. 106. Mallios J., Dritsas S., Tsoumas B., Gritzalis D., "Attack modeling of SIP-oriented SPIT", in Proc. of the 2 nd IEEE-IFIP International Workshop on Critical Information Infrastructures Security (CRITIS '07), Spain, October 2007. 107. Mandujano S., Galvan A., Nolazco J.A., An Ontology-based Multiagent Architecture for Outbound Intrusion Detection, in Proc. of the 3rd ACS/IEEE International Conference on Computer Systems and Applications (AICCSA-05), pp. 94-101, Cairo, Egypt, January 2005. 108. Marias G., Dritsas S., Theoharidou M., Mallios J., Gritzalis D., "SIP vulnerabilities and antispit mechanisms assessment", in Proc. of the 16 th IEEE International Conference on Computer Communications and Networks (ICCCN '07), pp. 597-604, IEEE Press, Hawaii, August 2007. Οικονομικό Πανεπιστήμιο Αθηνών 13

109. B. Mathieu, et al., Spit Mitigation by a Network-Level Anti-Spit Entity, in Proc. of the 3rd Annual VoIP Security Workshop, June 2006, Germany. 110. Mauw S., Oostdijk M., Foundations of attack trees, in the Proc. of the 8th Annual International Conference on Information Security and Cryptology (ICISC 05), LNCS 3935, pp. 186 198, Korea, 2006. 111. McTaggart C., Kelly T., Reguraltory Aspects of IP Telephony, IP Telephony Workshop (IPTEL/03), ITU New Initiatives Programme, Strategies and Policy Unit (SPU), May 2000 112. Mehta V., Bartzis C., Zhu H., Clarke E., Wing J., Ranking Attack Graphs, in Proc. of Recent Advances in Intrusion Detection, pp. 127-144, Springer, Germany, September 2006. 113. Meier, M.; Bischof N.; Holz T, SHEDEL - A Simple Hierarchical Event Description Language for Specifying Attack Signatures,in Proc. of the 17th International Conference on Information Security, pp. 6-7, Kluwer, Seoul, South Korea, 2002. 114. Michel, C.; Me L., ADeLe: an Attack Description Language for Knowledge-based Intrusion Detection, in Proc. of the International Conference on Information Security,pp. 2-3, Kluwer, Seoul, South Korea, June 2001. 115. Middleton S. E.; Alani H.; Shadbolt N.; Roure D. D., Exploiting synergy between ontologies and recommender systems, in the Proc. of the International Workshop on the Semantic Web (WWW02), Frank, M.; Noy, N.; and Staab, S., eds., Vol. 55 of CEUR Workshop Proceedings, Hawaii, May, 2002. 116. Mori G., Malik J., Recognizing objects in adversarial clutter: Breaking a visual captcha, in the Proc. of the IEEE Computer Society Conference on. Computer Vision and Pattern Recognition (CVPR03), pp.134-141, Madison Wisconsin, June 2003. 117. Montaner M., López B., de la Rosa J. Ll., Developing Trust in Recommender Agents. In the Proc. of the First International Joint Conference on Autonomous Agents and Multiagent Systems Systems (AAMAS'02), Cristiano Castelfranchi and W., Lewis Johnson (Eds), ACM Press., Vol. 1, pp. 304-305, Bologna, Italy, July, 2002. 118. Montaner M., Lopez B., De La Rosa J. L., A taxonomy of recommender agents on the internet, in the Artificial Intelligence, Vol. 19, N. 4, pp. 285.330, Kluwer, 2003. 119. Moore A., Ellison R., Linger R., Attack modeling for information security and survivability, Software Engineering Institute Technical Report, CMU/SEI-2001, 2001. 120. Mori G., Malik J., Recognizing Objects in Adversarial Clutter: Breaking a Visual CAPTCHA, in the Proc. of the IEEE Computer Society Conference on Computer Vision and Pattern Recognition, IEEE Computer Society TCPAM, Madison, 2003. 121. Mui L., Mohtashemi M., Halberstad A., Notions of Reputation in Multi-Agents Systems: A Review, in the Proc. of the First International Joint Conference on Autonomous Agents and Multiagent Systems, pp. 280-287, 2002. 122. Naor M., Verification of a human in the loop or identification via the Turing test, Unpublished notes, September 1996. 123. S. Niccolini, S. Tartarelli, M. Stiemerling, Requirements and methods for SPIT identification using feedbacks in SIP, Internet-Draft, Network Working Group, 2006, draft-niccolini-sipping-feedback-spit-00 Οικονομικό Πανεπιστήμιο Αθηνών 14

124. S. Niccolini, S. Tartarelli, M. Stiemerling, S. Srivastava, SIP Extensions for SPIT Identification, Internet Draft, Network Working Group, 2007, draft-niccolini-sippingfeedback-spit-03. 125. S. Niccolini, J. Quittek, Signaling To Prevent SPIT (SPITSTOP) Reference Scenario, Internet Draft, Network Working Group, 2007, draft-niccolini-sipping-spitstop-00 126. S. Niccolini, Spit prevention: State of the art and research challenges, Network Laboratories, NEC Europe, Germany. 127. Ning P., Xu D., Learning attack strategies from intrusion alerts, in Proc. of the 10th ACM Conference on Computer and Communication Security, pp. 200-209, ACM Press, USA, October 2003. 128. D. Kuhn D., Walsh T., Fries S., Security Considerations for Voice Over IP Systems, Special Publication No. 800-58, NIST, USA, January 2005. 129. Noy, N. and Fergerson, R., Musen, M. The knowledge model of Protégé-2000: Combining interoperability and flexibility, in Proc. of the 12th International Conference on Knowledge Engineering and Knowledge Management (EKAW 2000), Juan-les-Pins, France, 2000. 130. Noy, N. and McGuiness, D.L. Ontology development 101: A guide to creating your first ontology (2001). Technical Report SMI-2001-0880, Stanford Medical Informatics, Stanford University, Stanford, CA 94305, 2001. 131. Oda T., White T., Developing an immunity to spam, in Proc. of the Genetic and Evolutionary Computation Conference (GECCO-2003), pp. 231 242, 2003. 132. OECD, Report of the the OECD Task Force on SPAM, Anti-SPAM toolkit of Recommended Policies and Measures, Task force Report on SPAM, April 2006. 133. DAML+OIL, Reference Description W3C Note 18, December 2001 134. K. Ono, S. Tachimoto, End-to-middle Security in the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007, draft-ietf-sip-e2m-sec-06. 135. Opel A., Design and Implementation of a Support Tool for Attack Trees, Internship Thesis, Otto-von-Guericke University Magdeburg, March 2005. 136. W3C Recommendation, The Ontology Web Language. 137. OWL. W3C Recommendation. (2004). The Ontology Web Language. Available at http://www.w3.org/tr/owl-features/ (August 2006) 138. W3C. (2004). W3C Recommendation (10-02-2004) OWL Guide. Available at http://www.w3.org/tr/owl-guide/ (August 2006) 139. Palau J, Montaner M, Lpez B, de la Rosa J, Collaboration Analysis in Recommender Systems Using Social Networks, in the Proc. of the Eighth International Workshop on Cooperative Information Agents (CIA 2004), Lecture Notes in Computer Science, LNCS 3191, pp.137-151, Erfurt, Germany, September 2004. 140. Park S., Kim J., Kang S., Analysis of applicability of traditional spam regulations to VoIP spam, in the Proc. of the 8th International Conference on Advanced Communication Technology (ICACT 06), Vol. 3, pp. 1215-1217, Korea, February 2006. 141. J. Peterson, C. Jennings, Enhancements for Authenticated Identity Management in the Session Initiation Protocol, RFC 4474, August 2006. Οικονομικό Πανεπιστήμιο Αθηνών 15

142. J. Peterson, C. Jennings, Enhancements for Authenticated Identity Management in the Session Initiation Protocol, RFC 4474, Network Working Group, August 2006. 143. Pitsilis C., Marshall L., A Proposal for Trust-enabled P2P Recommendation Systems, Technical Report Series (CS-TR-910), University of Newcastle upon Tyne, 2005. 144. Porter T. et al, Practical VoIP Security, Syngress, 2006. 145. Prince M.B., Holloway L., Keller A.M., Understanding How Spammers Steal Your E- Mail Address: An Analysis of the First Six Months of Data from Project Honey, in the Proc. of the Second Conference on Email and Anti-Spam (CEAS05), California, USA. July 2005. 146. Protégé Ontology Development Environment. (2005). Available at http://protege.stanford.edu/, (Accessed April 2008) 147. PWNtcha Decoder, PWNtcha CAPTCHA decoder, Retrieved on October 2007. 148. J. Quittek, S. Niccolini, S. Tartarelli, R. Schlegel, Prevention of Spam over IP Telephony (SPIT), NEC Technical Journal, Vol.1, No. 2, pp. 114-119, May 2006 149. J. Quittek, S. Niccolini, S. Tartarelli, M. Stiemerling, M. Brunner, T. Ewald, Detecting SPIT Calls by Checking Human Communication Patterns, in Proc. of the IEEE International Conference on Communications, pp. 1979-1984, IEEE Press, June 2007. 150. RACER reasoner. Available at http://www.racer-systems.com/,(accessed April 2008) 151. Ramachandran A., Feamster N. Understanding the Network-Level Behavior of Spammers, in the Proc. of the International Conference on the Special Interest Group on Data Communication (SIGCOMM 06), ACM Press, Vol. 36 Italy, 2006. 152. Ranum M.J., Landeld K., Stolarchuck M., Sienkiewicz M., Lambeth A., Wall E., Implementing a Generalized Tool for Network Monitoring, in the Proc. of the Eleventh Systems Administration Conference (LISA 97), pp. 5, San Diego. 153. Mounji A., Languages and Tools for Rule-Based Distributed Intrusion Detection, PhD thesis, Facultes Universitaires Notre-Dame de la Paix Namur, Belgium, September 1997. 154. Raskin V., Hempelmann C, Triezenberg K., Nirenburg S., Ontology in Information Security: A Useful Theoretical Foundation and Methodological Tool, In V. Raskin, et al. (Eds.), Proc. of the New Security Paradigms Workshop, ACM, New York, 2001. 155. Y. Rebahi, D. Sisalem, T. Magedanz,, SIP Spam Detection, in Proc. of the International Conference on Digital Telecommunications, pp. 29-31, August 2006, France. 156. Resnick P., Zeckhauser R., Trust among strangers in internet transactions: Empirical analysis of ebay s reputation system, Working Paper for the NBER workshop on empirical studies of electronic commerce, 2001. 157. S. Kent, R. Atkinson, Security Architecture for the Internet Protocol, Network Working Group, November 1998. 158. G. Lindberg, Anti-Spam Recommendations for SMTP MTAs, RFC 2505, Network Working Group, February 1999. 159. J. Rosenberg, et al., SIP: Session Initiation Protocol, RFC 3261, Network Working Group, June 2002. Οικονομικό Πανεπιστήμιο Αθηνών 16

160. J. Rosenberg, H. Schulzrinne, Session Initiation Protocol (SIP): Locating SIP Servers, RFC 3263, Network Working Group, June 2002. 161. T. Dierks, E. Rescorla, The TLS Protocol, Version 1.1, Network Working Group, April 2006. 162. J. Rosenberg, G. Camarillo, Requirements for Consent-Based Communications in SIP, RFC 4453, Network Working Group, April 2006. 163. J. Peterson, C. Jennings, Enhancements for Authenticated Identity Management in the Session Initiation Protocol (SIP), RFC 4474, Network Working Group, August 2006. 164. Debar H., Curry D., Feinstein B., The Intrusion Detection Message Exchange Format (IDMEF), RFC 4765, Network Working Group, March 2007. 165. J. Elwell, Connected Identity in the Session Initiation Protocol (SIP), RFC 4916, Network Working Group, June 2007 166. J. Rosenberg, C. Jennings, The Session Initiation Protocol (SIP) and Spam, RFC 5039, Network Working Group, January 2008. 167. J. Rosenberg, Rejecting Anonymous Requests in the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2006, draft-ietf-sip-acr-code-02 168. J. Rosenberg, G. Camarillo, Ed. Ericsson, D. Willis, A Framework for Consent-Based Communications in the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2006, draft-ietf-sip-consent-framework-01 169. J. Rosenberg, J. Peterson, The Session Initiation Protocol (SIP) and Spam, Internet Draft, Network Working Group, 2007, draft-ietf-sipping-spam-05. 170. J. Rosenberg, A Hitchhiker's Guide to the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007, draft-ietf-sip-hitchhikers-guide-04. 171. J. Rosenberg, Identification of Communications Services in the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007, draft-ietf-sippingservice-identification-00 172. Sakkis G., Androutsopoulos I., Paliouras G., Karkaletsis V., Spyropoulos C.D., Stamatopoulos P., A memory-based approach to antispam filtering for mailing lists, In Information Retrieval, Vol. 6, pp. 49 73, 2003. 173. El Sawda S., Urien P., SIP Security Attacks and Solutions: A state-of-the-art review, in Proc. of IEEE International Conference on Information & Communication Technologies:From Theory to Applications (ICTTA 06), Vol. 2, pp. 3187-3191, Syria, April 2006. 174. Schumacher M., Security Engineering with Patterns, PhD Thesis, in the Lecture Notes in Computer Science, LNCS 2754, Springer, 2003. 175. Schwartz A., SpamAssassin, O'Reilly, 2004. 176. D. Schwartz, B. Sterman,E. Katz, H. Tschofenig, SPAM for Internet Telephony (SPIT) Prevention using the Security Assertion Markup Language (SAML), Internet-Draft, Network Working Group, 2006, draft-schwartz-sipping-spit-saml-01 177. Schneier B., Attack Trees, in the Dr. Dobbs Journal, December 1999. 178. Schulzrinne H., Rosenberg J., Internet Telephony: Architecture and Protocols an IETF Perspective, in Computer Networks, Vol. 31, Issue 3, 237-255, Feb. 1999. Οικονομικό Πανεπιστήμιο Αθηνών 17

179. Secker A., Freitas A., Timmis J., Aisec: An artificial immune system for e-mail classification, in Proc. of the Congress on Evolutionary Computation, pp. 131 139, December 2003. 180. Sheyner O., Wing J., "Tools for Generating and Analyzing Attack Graphs", in Proc. of the Workshop on Formal Methods for Components and Objects, pp. 344-371, LNCS, Springer, The Netherlands, 2004. 181. Shirali-Shahreza M.H., Shirali-Shahreza M., Persian/Arabic Baffletext CAPTCHA, in the Journal of Universal, Computer Science (J.UCS), Vol. 12, N.12, pp. 1783-1796, December 2006. 182. Shiping C. S., Wang X., Jajodia S., On the anonymity and traceability of peer-to-peer VoIP calls, in the IEEE Network, Vol 20, Iss. 5, pp. 32-37, September/ October 2006. 183. Sinnreich H., Johnston B. A., Internet Communications Using SIP: Delivering VoIP and Multimedia Services with Session, Second Edition, Wiley Publishing Inc., 2006. 184. Sisalem D., Areas for SIP Enhancements, Next-GEN open Service Solution over IP (N- GOSSIP), Project Report, June 2002. 185. Sisalem D., Kuthan J., Ehlert S., Denial of Service Attacks Targeting a SIP VoIP Infrastructure: Attack Scenarios and Prevention Mechanisms, IEEE Network Journal, Vol. 20, No. 5, pp. 26-31, September-October 2006. 186. Sloman M. S., "Policy Driven Management for Distributed Systems.", in Journal of Network and Systems Management 2(4), pp. 333-360, 1994. 187. Smartfrog, Available at http://www.smartfrog.org/ (August 2006) 188. Smith B., Ontology, in the Blackwell guide to philosophy, information and computers, L. Floridi (ed.), pp. 155-166, Oxford Blackwell, 2003. 189. Soupionis Y., Dritsas S., Gritzalis D., "An adaptive policy-based approach to SPIT management", in Proc. of the 13th European Symposium on Research in Computer Security (ESORICS 2008), Lopez J., Jajodia S. (Eds.), Springer, Malaga, October 2008. 190. Spammer X., Inside the SPAM Cartel: Trade Secrets From the Dark Side, Syngress Publishing, 2004. 191. K. Srivastava, H. Schulzrinne, Preventing Spam For SIP-based Instant Messages and Sessions, Technical Report, University of Columbia, 2004. 192. Steffan J., Schumacher M., Collaborative Attack Modeling, in Proc. of the 2002 ACM Symposium on Applied Computing, pp. 253-259, ACM Press, Spain, March 2002. 193. Studer R., Benjamins V. R., Fensel D., Knowledge engineering, principles and methods, in the Data and Knowledge Engineering, Vol 25, (1-2), pp. 161 197, 1998. 194. Sure Y. (ed.), Gmez-Prez, A.; Daelemans, W.; Reinberger M.; Guarino, N.; Noy, N., Why Evaluate Ontology Technologies? Because It Works!,in IEEE Intelligent Systems 19 (4), pp. 1541-1672, 2004. 195. Taghva, K., Borsack, J., Coombs, J., Condit, A., Lumos, S., Nartker, T. Ontology-based Classification of Email (2003), in IEEE International Conference on Information Technology: Coding and Computing [Computers and Communications] (ITCC 2003), Las Vegas, NV, USA, pp. 194-198, 2003. 196. Theoharidou M., Marias G., Dritsas S., Gritzalis D., "The Ambient Intelligence Paradigm: A review of security and privacy strategies in leading economies", in Proc. Οικονομικό Πανεπιστήμιο Αθηνών 18

of the 2 nd IET International Conference on Intelligent Environments (IE '06), Kameas A., Papalexopoulos D. (Eds.), Vol. 2, pp. 213-219, July 2006, Athens. 197. H. Tschofenig, et al., Using SAML to Protect the Session Initiation Protocol, IEEE Network, 20 (5), pp. 14-17 September/October 2006. 198. H. Tschofenig, J. Hodges, J. Peterson, J. Polk, D. Sicker, SIP SAML Profile and Binding, Internet-Draft, Network Working Group, 2007, draft-ietf-sip-saml-03 199. H. Tschofenig, D. Wing, H. Schulzrinne, T. Froment, G. Dawirs, Anti-SPIT: A Document Format for Expressing Authorization Policies, Internet-Draft, Network Working Group, 2007, draft-tschofenig-sipping-spit-policy-02. 200. H. Tschofenig, H. Schulzrinne, D. Wing, J. Rosenberg, D. Schwartz, A Framework for Reducing Spam for Internet Telephony, Internet Draft, Network Working Group, 2007, draft-tschofenig-sipping-framework-spit-reduction-00 201. H. Tschofenig, E. Leppanen, Completely Automated Public Turing Test to Tell Computers and Humans Apart (CAPTCHA) based Robot Challenges for the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007, drafttschofenig-sipping-captcha-00 202. H. Tschofenig, G. Dawirs, T. Froment, D. Wing, H. Schulzrinne, Requirements for Authorization Policies to tackle Spam for Internet Telephony and Unwanted Traffic, Internet Draft, Network Working Group, 2007, draft-froment-sipping-spitrequirements-00 203. Tsoumas V., Dritsas S., Gritzalis D., "An ontology-based approach to information system security management", in Proc. of the 3rd International Conference on Mathematical Models, Methods and Architectures for Computer Network Security (MMM-2005), Gorodetsky V., et al. (Eds.), pp. 151-164, Springer, Russia, September 2005. 204. Tsoumas V., Papagiannakopoulos P., Dritsas S., Gritzalis D., "Security-by-Ontology: A knowledge-centric approach", in Proc. of the 21 st International Information Security Conference (SEC-2006), Runnenberg K., et al. (Eds.), pp. 99-110, Sweden, May 2006. 205. Undercoffer J, Joshi A, Pinkston J, Modeling Computer Attacks: An Ontology for Intrusion Detection, in Proc. of the Recent Advances in Intrusion Detection (RAID03), Lecture Notes in Computer Science, Vol. 2820,, pp. 113-135, Pittsburgh, PA, USA, 2003. 206. Uszok A., Bradshaw J., Jeffers R., Suri N., Hayes P., Breedy M., Bunch L., Johnson M., Kulkarni S., Lott J., KAoS Policy and Domain Services: Toward a Description-Logic Approach to Policy Representation, Deconfliction, and Enforcement. In Proc. of 4th IEEE Workshop on Policies for Networks and Distributed Systems (Policy 2003), Lake Como, Italy, IEEE, June 2003. 207. Vigna G., Eckmann S., Kemmerer R., Attack Languages, in Proc. of the IEEE Information Survivability Workshop, pp. 163-166, IEEE Press, USA, 2000. 208. VOIPSA, VoIP Security and Privacy Threat Taxonomy, October 2005 (available at:www.voipsa.org/activities/taxonomy.php). 209. Vorm J, Defeating audio (voice) CAPTCHAs,2006, Retrieved October 10, 2007 from http://vorm.net/captchas/ Οικονομικό Πανεπιστήμιο Αθηνών 19

210. Vorobiev A., Han J., Security Attack Ontology for Web Services, in Proc. of the Second International Conference on Semantics, Knowledge, and Grid (SKG'06), pp.42, IEEE Computer Society, Guilin, China, 2006. 211. Walter F., Battiston S., Schweitzer F., Impact of Trust on the Performance of a Recommendation System in a Social Network, in the Proc. of the Fifth International Joint Conference on Autonomous Agents and Multiagent System, (AAMAS 2006), Hakodate, Japan, May, 2006. 212. Wang, X., Chan, C. W., & Hamilton, H. J., Design of Knowledge-Based Systems with the Ontology-Domain-System Approach, in the Proc. of the 14th International Conference on Software Engineering and Knowledge Engineering (SEKE02), pp.233-236, Italy, 2002. 213. Wang L., Noel S., Jajodia S., Minimum-Cost Network Hardening Using Attack Graphs, in the Computer Communications, 29(18), pp. 3812-3824, November 2006. 214. Wang C. C., Chena S., Using header session messages to anti-spamming, in the Computers & Security Journal, Vol. 26, Is. 5, pp. 381-390, August 2007. 215. Wieringa R. J., Meyer J.-J. C.,. Applications of Deontic Logic in Computer Science: A Concise Overview. In Proc. of Practical Reasoning and Rationality (PRR 98), Brighton, UK, John Wiley & Sons, August 1998. 216. Wikipedia CAPTCHA. http://en.wikipedia.org/wiki/captcha, Retrieved on November 2007. 217. D. Willis, A. Allen, Requesting Answering Modes for the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007,draft-ietf-sip-answermode-04 218. Wojcik M.N., Proulx D., Baker, J., Roberge, R.J., Introduction to OVAL: A Language to Determine the Presence of Computer Vulnerabilities and Configuration Issues. 219. Xu. Yang, Retargeting Security in the Session Initiation Protocol (SIP), Internet Draft, Network Working Group, 2007, draft-xu-yang-retargeting-security-00 220. Yoke H.K., Tan Lawrence, Curbing SPAM via Technical Measures: An Overview, ITU World Summit on the Information Society (WSIS), ITU New Initiatives Programme, by the Strategy and Policy Unit (SPU), 2003. 221. Youn, S. and McLeod, D. Efficient Spam Email Filtering using Adaptive Ontology, in Proc. of the 4th IEEE International Conference on Information Technology (ITNG 07), pp. 249-254, Las Vegas, NV, 2007. 222. Zdziarski A. J, Ending Spam: Bayesian Content Filtering and the Art of Statistical Language Classification, No Starch Press, 2005. 223. Zhang D.Y., The Deployment of Features in Internet Telephony, Master thesis of Applied Science in EE, Carleton University, 2002. 224. Zhang L., Yao T., Filtering Junk Mail with A Maximum Entropy Model, in Proc. of the 20th International Conference on Computer Processing of Oriental Languages (ICCPOL2003), pp. 446-453, China, 2003. 225. Ziegler C.N., Semantic Web recommender systems, in the Proc. of the Joint ICDE/EDBT Ph.D. Workshop, W. Lindner and A. Perego, Eds. Crete University Press, Heraklion, Greece, 2004. Οικονομικό Πανεπιστήμιο Αθηνών 20

226. Katirai Η., Filtering junk e-mail: A performance comparison between genetic programming and naive bayes, 1999. 227. Y.J. Yon, Global IPv6 Summit, KISA, Korea, 2006. Οικονομικό Πανεπιστήμιο Αθηνών 21