Abstract
Voice over IP (VoIP) is a very attractive technology. It is increasingly adopted by enterprises and consumers. VoIP inherits adjacent security issues to IP networks to which are added new specific problems. Spam over IP telephony (SPIT) is expected to become one of the VoIP problems. To resolve it, many anti-SPIT mechanisms are proposed but there are still limited in some cases. Indeed, these mechanisms can deteriorate the performances of the telephony service in terms of availability and quality of service. Thus, Risk management offers new perspectives regarding this dilemma. We adopt in this paper a risk management strategy to protect a VoIP infrastructure. To treat the risk, we employ in the first phase a set of combined countermeasures. In addition, we apply a known metric called "Return On Response Investment" (RORI) to provide the most optimal combination that reduces the risk without sacrificing the functionality of the system. The efficacy of our solution is demonstrated through a set of experimental results.