System and method for voice security in a telecommunications network

US 10,536,468 B2
Filed: 12/19/2016
Issued: 01/14/2020
Est. Priority Date: 07/21/2016
Status: Active Grant

First Claim

Patent Images

1. A telecommunications network comprising:

a first routing device in communication with a first client network in a first geographic location;

a second routing device in communication with a second client network in a second geographic location;

a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to;

receive a first Layer 3 through Layer 7 transmission information of a first communication, wherein the first communication is transmitted to the first routing device by the first client network in the first geographic location;

receive a second Layer 3 through Layer 7 transmission information of a second communication, wherein the second communication is transmitted to the second routing device by the second client network in the second geographic location;

determine the second Layer 3 through Layer 7 transmission information is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;

compare the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission signature in the database;

determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission signature;

determine a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission signature;

generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information for routing a received communication; and

transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications networkwherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for identifying and mitigating attacks on a voice component of a telecommunications network. In general, the process includes obtaining Layer 3 through Layer 7 transmission information from one or more edge devices to the telecommunications network. In one particular embodiment, a plurality of edge devices (also referred to herein as “session border controllers” or SBCs) is included in the telecommunications network in disparate geographical locations. Each SBC may provide Layer 3 through Layer 7 transmission information for each packet or communication transmitted through the SBC to a local database, which in turn may provide the information to a Central Analysis System or database. In one particular embodiment, the Layer 3 through Layer 7 information includes Session Initiation Protocol routing information for the communications sent to each of the SBCs of the network.

Citations

18 Claims

1. A telecommunications network comprising:
- a first routing device in communication with a first client network in a first geographic location;
  
  a second routing device in communication with a second client network in a second geographic location;
  
  a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to;
  
  receive a first Layer 3 through Layer 7 transmission information of a first communication, wherein the first communication is transmitted to the first routing device by the first client network in the first geographic location;
  
  receive a second Layer 3 through Layer 7 transmission information of a second communication, wherein the second communication is transmitted to the second routing device by the second client network in the second geographic location;
  
  determine the second Layer 3 through Layer 7 transmission information is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;
  
  compare the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission signature in the database;
  
  determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission signature;
  
  determine a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission signature;
  
  generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications networkwherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The telecommunications network of claim 1 further comprising:
    - a first event logger in communication with the first routing device receiving the first Layer 3 through Layer 7 transmission information of the first communication; and
      
      a second event logger in communication with the second routing device receiving the second Layer 3 through Layer 7 transmission information of the second communication.
  - 3. The telecommunications network of claim 2 wherein the central analysis system receives the first Layer 3 through Layer 7 transmission information of the first communication from the first event logger and the second Layer 3 through Layer 7 transmission information of the second communication from the second event logger.
  - 4. The telecommunications network of claim 1 wherein the transmission signature of the security attack comprises a Session Initiation Protocol (SIP) request from a source Internet Protocol (IP) address received at the first routing device and the second routing device, the SIP request comprising identifying information of a source communication device of the security attack on the telecommunications network.
  - 5. The telecommunications network of claim 4 wherein the transmission signature of the security attack further comprises receiving the SIP request from the source IP address at the first routing device in communication with the first client network in the first geographic location and the second routing device in communication with the second client network in the second geographic location within the particular time period.
  - 6. The telecommunications network of claim 4 wherein the transmission signature of the security attack further comprises a destination IP address of a targeted communication device of the telecommunications network.
  - 7. The telecommunications network of claim 1 wherein the at least one mitigating instruction comprises an instruction to reject received communications with the stored transmission signature in the database and the at least one routing device along the transmission path of the security attack comprises the first routing device in communication with the first client network in the first geographic location and the second routing device in communication with the second client network in the second geographic location.
  - 8. The telecommunications network of claim 1 wherein the at least one routing device along the transmission path of the security attack comprises a first provider edge of the first client network and a second first provider edge of the second client network.

9. A method for managing a telecommunications network, the method comprising:
- receiving a first Layer 3 through Layer 7 transmission information of a first communication from a first device of a telecommunications network in communication with a first client network in a first geographic location;
  
  receiving a second Layer 3 through Layer 7 transmission information of a second communication from a second device of the telecommunications network in communication with a second client network in a second geographic location different than the first geographic location;
  
  determine the second Layer 3 through Layer 7 transmission is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;
  
  comparing, at a central analysis system, the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission fingerprint in a database of known transmission fingerprints of security attacks;
  
  determine the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission fingerprint;
  
  determine a security attach occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission fingerprint;
  
  generating at least one mitigating instruction in response to the determined security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications networkwherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the transmission fingerprint of the security attack comprises a Session Initiation Protocol (SIP) request from a particular source Internet Protocol (IP) address received at the first device in communication with the first client network in the first geographic location and the second device in communication with the second client network in the second geographic location, the SIP request comprising identifying information of a source communication device of the security attack on the telecommunications network.
  - 11. The method of claim 10 wherein the transmission fingerprint of the security attack further comprises receiving the SIP request from the particular source IP address at the first device in communication with the first client network in the first geographic location and the second device in communication with the second client network in the second geographic location within the particular time period.
  - 12. The method of claim 10 wherein the transmission fingerprint of the security attack further comprises a particular destination IP address of a targeted communication device of the telecommunications network.
  - 13. The method of claim 10 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reject received communications with the stored transmission fingerprint in the database and the at least one routing device along the transmission path of the security attack comprises the first device in communication with the first client network in the first geographic location and the second device in communication with the second client network in the second geographic location.
  - 14. The method of claim 13 wherein the first device receives the first communication from a first client network and the second device receives the second communication from a second client network and the at least one routing device along the transmission path of the security attack comprises a first routing device of the first client network and a second routing device of the second client network.
  - 15. The method of claim 10 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission fingerprint in the database to a firewall device of the telecommunications network and the at least one routing device along the transmission path of the security attack comprises the first device in communication with the first client network in the first geographic location and the second device in communication with the second client network in the second geographic location.

16. A telecommunication device comprising:
- at least one communication port for communicating with a first routing device coupled to a first client network located in a first geographic location and a second routing device coupled to a second client network located in a second geographic location different than the first geographic location;
  
  a processing device; and
  
  a computer-readable medium connected to the processing device configured to store instructions that, when executed by the processing device, performs the operations of;
  
  receiving a first Layer 3 through Layer 7 transmission information of a first communication from the first routing device;
  
  receiving a second Layer 3 through Layer 7 transmission information of a second communication from the second routing device;
  
  determine the second Layer 3 through Layer 7 transmission of the second communication is received within a particular time period of receiving the first Layer 3 through Layer 7 transmission;
  
  comparing the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information to a stored transmission fingerprint in a database in communication with the at least one processing device;
  
  determining the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information match the stored transmission fingerprint;
  
  determining a security attack occurred on the telecommunications network based on the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information being received within the particular time period and the first Layer 3 through Layer 7 transmission information and the second Layer 3 through Layer 7 transmission information matching the stored transmission fingerprint;
  
  generating at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications networkwherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.
- View Dependent Claims (17, 18)
- - 17. The telecommunication device of claim 16 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reject received communications with the stored transmission fingerprint in the database and the at least one routing device along the transmission path of the security attack comprises the first device coupled to the first client network in the first geographic location and the second device coupled to the second client network in the second geographic location.
  - 18. The telecommunication device of claim 16 wherein the first device receives the first communication from a first client network and the second device receives the second communication from a second client network and the at least one routing device along the transmission path of the security attack comprises a first routing device of the first client network and a second routing device of the second client network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Original Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Inventors
Johnston, Dana A., Cooper, III, Clyde David
Primary Examiner(s)
Poltorak, Piotr

Application Number

US15/383,393
Publication Number

US 20180026997A1
Time in Patent Office

1,121 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 65/1104   Session initiation protocol...

H04M 7/006   Networks other than PSTN/IS...

System and method for voice security in a telecommunications network

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for voice security in a telecommunications network

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links