Dual use counters for routing loops and spam detection
First Claim
1. A method for detecting an undesirable condition within a messaging network, comprising:
- receiving a message;
identifying a source of the message;
if an entry in a database for the source has not been created, creating an entry in the database for the source, setting a source counter for the source to one, and creating a timestamp for the source;
if an entry in the database for the source has been previously created, incrementing the source counter by one and updating the timestamp;
comparing the source counter to a source threshold;
and when the source counter exceeds the source threshold over the course of a predetermined amount of time, triggering an alarm indicative of an undesirable condition.
3 Assignments
0 Petitions
Accused Products
Abstract
A method for detecting an undesirable condition within a messaging network. A message is received and a source of the message is identified. If an entry in a database for the source has not been created, an entry is created. A source counter for the source is then set to one and a timestamp is created for the source. If an entry in the database for the source has been previously created, the source counter is incremented by one and the timestamp is updated. The source counter is then compared to a source threshold, and if the source counter exceeds the source threshold over the course of predetermined amount of time, a source alarm is triggered. A sliding with respect to the predetermined amount of time may also be implemented to account for total counts that may fall across or be split by set periods of time. The invention is particularly useful for detecting “spam” events and undesirable routing loops.
-
Citations
16 Claims
-
1. A method for detecting an undesirable condition within a messaging network, comprising:
-
receiving a message;
identifying a source of the message;
if an entry in a database for the source has not been created, creating an entry in the database for the source, setting a source counter for the source to one, and creating a timestamp for the source;
if an entry in the database for the source has been previously created, incrementing the source counter by one and updating the timestamp;
comparing the source counter to a source threshold;
and when the source counter exceeds the source threshold over the course of a predetermined amount of time, triggering an alarm indicative of an undesirable condition. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for detecting a spam event in a messaging network, comprising:
-
monitoring message traffic in the messaging network;
for each new source address associated with a message, creating an entry in a database and setting a source address counter for that source address to a predetermined number and storing a timestamp corresponding to a time at which the message was received, and for a repeated source address, incrementing the source counter for the repeated source address and updating the timestamp;
comparing the source counter for a given source address to a source threshold;
and when the source counter exceeds the source threshold over the course of a predetermined amount of time, triggering an alarm indicative of a spam event. - View Dependent Claims (9, 10, 11)
-
-
12. A method of detecting a routing loop in a telecommunications network, comprising:
-
monitoring message traffic passing through an intermediary interconnecting at least two telecommunication service providers;
as message traffic passes through the intermediary, creating an entry in a database, setting a source address counter to a predetermined number and storing a timestamp corresponding to a time at which a first message passed through the intermediary, and incrementing the source address counter and updating the timestamp each time the first message again passes through the intermediary;
as message traffic passes through the intermediary, creating an entry in a database, setting a destination address counter to a predetermined number and storing a timestamp corresponding to a time at which a second message passed through the intermediary, and incrementing the destination address counter and updating the timestamp each time the second message passes through the intermediary;
comparing the source address counter and destination address counter for a given source address and a given destination address, respectively to a source address threshold and destination address threshold;
and when the source address counter and destination address counter, respectively exceed the source address threshold and destination address threshold over the course of a predetermined amount of time, triggering an alarm indicative of a routing loop. - View Dependent Claims (13, 14, 15, 16)
-
Specification