System and method for voice security in a telecommunications network
First Claim
1. A telecommunications network comprising:
- a first routing device in communication with a first client network in a first geographic location;
a second routing device in communication with a second client network in a second geographic location;
a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to;
receive a first Layer 3 through Layer 7 transmission information of a first communication, wherein the first communication is transmitted to the first routing device by the first client network in the first geographic location;
receive a second Layer 3 through Layer 7 transmission information of a second communication, wherein the second communication is transmitted to the second routing device by the second client network in the second geographic location;
determine the second Layer 3 through Layer 7 transmission information is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;
compare the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission signature in the database;
determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission signature;
determine a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission signature;
generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information for routing a received communication; and
transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications networkwherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.
1 Assignment
0 Petitions
Accused Products
Abstract
Aspects of the present disclosure involve systems, methods, computer program products, and the like, for identifying and mitigating attacks on a voice component of a telecommunications network. In general, the process includes obtaining Layer 3 through Layer 7 transmission information from one or more edge devices to the telecommunications network. In one particular embodiment, a plurality of edge devices (also referred to herein as “session border controllers” or SBCs) is included in the telecommunications network in disparate geographical locations. Each SBC may provide Layer 3 through Layer 7 transmission information for each packet or communication transmitted through the SBC to a local database, which in turn may provide the information to a Central Analysis System or database. In one particular embodiment, the Layer 3 through Layer 7 information includes Session Initiation Protocol routing information for the communications sent to each of the SBCs of the network.
-
Citations
18 Claims
-
1. A telecommunications network comprising:
-
a first routing device in communication with a first client network in a first geographic location; a second routing device in communication with a second client network in a second geographic location; a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to; receive a first Layer 3 through Layer 7 transmission information of a first communication, wherein the first communication is transmitted to the first routing device by the first client network in the first geographic location; receive a second Layer 3 through Layer 7 transmission information of a second communication, wherein the second communication is transmitted to the second routing device by the second client network in the second geographic location;
determine the second Layer 3 through Layer 7 transmission information is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;compare the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission signature in the database; determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission signature; determine a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission signature; generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information for routing a received communication; and transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for managing a telecommunications network, the method comprising:
-
receiving a first Layer 3 through Layer 7 transmission information of a first communication from a first device of a telecommunications network in communication with a first client network in a first geographic location; receiving a second Layer 3 through Layer 7 transmission information of a second communication from a second device of the telecommunications network in communication with a second client network in a second geographic location different than the first geographic location; determine the second Layer 3 through Layer 7 transmission is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission; comparing, at a central analysis system, the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission fingerprint in a database of known transmission fingerprints of security attacks; determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission fingerprint; determine a security attach occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission fingerprint; generating at least one mitigating instruction in response to the determined security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A telecommunication device comprising:
-
at least one communication port for communicating with a first routing device coupled to a first client network located in a first geographic location and a second routing device coupled to a second client network located in a second geographic location different than the first geographic location; a processing device; and a computer-readable medium connected to the processing device configured to store instructions that, when executed by the processing device, performs the operations of; receiving a first Layer 3 through Layer 7 transmission information of a first communication from the first routing device; receiving a second Layer 3 through Layer 7 transmission information of a second communication from the second routing device; determine the second Layer 3 through Layer 7 transmission of the second communication is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission; comparing the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission fingerprint in a database in communication with the at least one processing device; determining the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission fingerprint; determining a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission fingerprint; generating at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network. - View Dependent Claims (17, 18)
-
Specification