Anonymization of traffic patterns over communication networks

US 10,298,473 B2
Filed: 11/28/2017
Issued: 05/21/2019
Est. Priority Date: 10/07/2015
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method of obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer-implemented method comprising:

accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device;

accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;

generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device;

generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and

re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer-implemented method of obfuscating communication traffic patterns may include detecting, at a first communications device, data communication sessions with a second communications device via the computer server using a network protocol. At the first device, a first traffic pattern is accessed based on the data communication sessions over a first predefined time period. At the first communications device, a second traffic pattern is accessed based on the data communication sessions over a second predefined time period that occurs after the first predefined time period. At the first communications device, based on a randomization process, a dummy data communication pattern is generated for transmission to the second communication devices, whereby the dummy data communication pattern is appended to the second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern at the computer server used to establish the communication sessions.

23 Citations

20 Claims

1. A computer-implemented method of obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer-implemented method comprising:
- accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device;
  
  accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
  
  generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device;
  
  generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and
  
  re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The computer-implemented method of claim 1, wherein the accessing of the first traffic pattern at the first communication device comprises accessing the first traffic pattern from a telecommunication application executing on the first communication device.
  - 3. The computer-implemented method of claim 1, wherein the first and the second computer servers used to establish the first communication sessions each comprises one of:
    - a software as a service (SaaS) cloud service, a platform as a service (PaaS) cloud service, and an infrastructure as a service cloud service.
  - 4. The computer-implemented method of claim 1, further comprising:
    - applying statistical analysis and learning to the first traffic pattern, wherein based on the statistical analysis, a determination corresponding to a second re-routing to the second computer server is made.
  - 5. The computer-implemented method of claim 1, further comprising:
    - determining, at the first communications device, third data communication sessions with the second communications device via the second computer server using the network protocol; and
      
      accessing, at the first communications device, a second information content threshold value associated with the third data communication sessions between the first and the second communications devices.
  - 6. The computer-implemented method of claim 5, further comprising:
    - accessing, at the first communications device, a third traffic pattern based on the third data communication sessions, the third traffic pattern determining communication occurrences between the first and the second communication devices over a second predefined time period; and
      
      determining, at the first communications device, a second information content value associated with the accessed third traffic pattern.
  - 7. The computer-implemented method of claim 6, further comprising:
    - re-routing, using the network protocol, the third data communication sessions via the second computer server to a fourth data communication session between the first communications device and the second communications device via the first computer server, wherein the fourth data communication session is established based on a detection of the second information content value associated with the accessed third traffic pattern exceeding the second information content threshold value.

8. A computer program product for obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer program product comprising:
- one or more non-transitory computer-readable storage devices and program instructions stored on at least one of the one or more non-transitory storage devices, the program instructions executable by a processor, the program instructions comprising;
  
  instructions to access, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device;
  
  instructions to access, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
  
  instructions to generate, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device;
  
  instructions to generate a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and
  
  instructions to re-route, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The computer program product of claim 8, wherein the instructions to access the first traffic pattern at the first communication device comprises instructions to access the first traffic pattern from a telecommunication application executing on the first communication device.
  - 10. The computer program product of claim 8, wherein the first computer server comprises one of:
    - a software as a service (SaaS) cloud service, a platform as a service (PaaS) cloud service, and an infrastructure as a service cloud service.
  - 11. The computer program product of claim 8, wherein the second computer server comprises one of:
    - a software as a service (SaaS) cloud service, a platform as a service (PaaS) cloud service, and an infrastructure as a service cloud service.
  - 12. The computer program product of claim 8, further comprising:
    - instructions to detect, at the first communications device, third data communication sessions with the second communications device via the second computer server using the network protocol; and
      
      instructions to access, at the first communications device, a second information content threshold value associated with the third data communication sessions between the first and the second communications devices.
  - 13. The computer program product of claim 12, further comprising:
    - instructions to access, at the first communications device, a third traffic pattern based on the third data communication sessions, the third traffic pattern determining communication occurrences between the first and the second communication devices over a second predefined time period;
      
      instructions to determine, at the first communications device, a second information content value associated with the accessed third traffic pattern; and
      
      instruction to re-route, using the network protocol, the third data communication sessions via the second computer server to a fourth data communication session between the first communications device and the second communications device via the first computer server, wherein the fourth data communication session is established based on a detection of the second information content value associated with the accessed third traffic pattern exceeding the second information content threshold value.

14. A computer system for obfuscating communication traffic patterns occurring over a cloud-based communication infrastructure including a plurality of computer servers, the computer system comprising:
- one or more processors, one or more computer-readable memories, one or more non-transitory computer-readable storage devices, and program instructions stored on at least one of the one or more non-transitory storage devices for execution by at least one of the one or more processors via at least one of the one or more memories, wherein the computer system is capable of performing a method comprising;
  
  accessing, at a first communications device, an information content threshold value associated with first data communication sessions between the first communications device and a second communications device;
  
  accessing, at the first communications device, a first traffic pattern based on the first data communication sessions, the first traffic pattern determining communication occurrences between the first and the second communication devices over a first predefined time period;
  
  generating, at the first communications device, based on a randomization process, a dummy data communication pattern for transmission to the second communications device;
  
  generating a second traffic pattern for obfuscating a traffic pattern change between the first and the second traffic pattern, wherein the second traffic pattern is generated by appending the dummy data communication pattern to the first traffic pattern; and
  
  re-routing, using the network protocol, the first data communication sessions via the first computer server to a second data communication session having the second traffic pattern between the first communications device and the second communications device via a second computer server, wherein the second data communication session is established based on a detection of an information content value associated with the accessed first traffic pattern exceeding the information content threshold value.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The computer system of claim 14, wherein the accessing of the first traffic pattern at the first communication device comprises accessing the first traffic pattern from a telecommunication application executing on the first communication device.
  - 16. The computer system of claim 14, wherein the first computer server used to establish the communication sessions comprises one of:
    - a software as a service (SaaS) cloud service, a platform as a service (PaaS) cloud service, and an infrastructure as a service cloud service.
  - 17. The computer system of claim 14, wherein the second computer server used to establish the communication sessions comprises one of:
    - a software as a service (SaaS) cloud service, a platform as a service (PaaS) cloud service, and an infrastructure as a service cloud service.
  - 18. The computer system of claim 14, further comprising:
    - detecting, at the first communications device, third data communication sessions with the second communications device via the second computer server using the network protocol; and
      
      accessing, at the first communications device, a second information content threshold value associated with the third data communication sessions between the first and the second communications devices.
  - 19. The computer system of claim 18, further comprising:
    - accessing, at the first communications device, a third traffic pattern based on the third data communication sessions, the third traffic pattern determining communication occurrences between the first and the second communication devices over a second predefined time period; and
      
      determining, at the first communications device, a second information content value associated with the accessed third traffic pattern.
  - 20. The computer system of claim 19, further comprising:
    - re-routing, using the network protocol, the third data communication sessions via the second computer server to a fourth data communication session between the first communications device and the second communications device via the first computer server, wherein the fourth data communication session is established based on a detection of the second information content value associated with the accessed third traffic pattern exceeding the second information content threshold value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Acharya, Arup, Kundu, Ashish
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Mejia, Feliciano S

Application Number

US15/823,827
Publication Number

US 20180091400A1
Time in Patent Office

539 Days
Field of Search

726 27
US Class Current
CPC Class Codes

H04L 43/00   Arrangements for monitoring...

H04L 43/08   Monitoring or testing based...

H04L 45/306   Route determination based o...

H04L 45/70   Routing based on monitoring...

H04L 63/0421   Anonymous communication, i....

H04L 63/10   for controlling access to d...

H04L 63/1408   by monitoring network traff...

H04L 63/1475   Passive attacks, e.g. eaves...

H04L 65/1069   Session establishment or de...

H04L 65/1104   Session initiation protocol...

H04L 67/10   in which an application is ...

H04L 67/14   Session management for real...

H04L 67/148   Migration or transfer of se...

Anonymization of traffic patterns over communication networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

23 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Anonymization of traffic patterns over communication networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

23 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links