System, apparatus and method for detecting malicious traffic in a communications network

US 20060128406A1
Filed: 10/14/2005
Published: 06/15/2006
Est. Priority Date: 12/09/2004
Status: Abandoned Application

First Claim

Patent Images

1. A network monitoring apparatus for detecting malicious traffic in a communications network, the apparatus comprising:

an input for receiving service usage data derived, when in use, from signalling data, the signalling data originating, when in use, from a monitored signalling link; and

a data store for storing the service usage data; and

a processing resource to support a pattern matching engine for using a number of the stored data to identify, when in use, traffic patterns communicated to and/or from a communications terminal indicative of malicious traffic.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Monitoring apparatus has a pattern matching engine that analyses service usage in a network in order to identify traffic relating to malicious attacks. Optionally, the monitoring apparatus can also arrange for a counter-measure to be deployed upon detection of the malicious traffic.

71 Citations

View as Search Results

18 Claims

1. A network monitoring apparatus for detecting malicious traffic in a communications network, the apparatus comprising:
- an input for receiving service usage data derived, when in use, from signalling data, the signalling data originating, when in use, from a monitored signalling link; and
  
  a data store for storing the service usage data; and
  
  a processing resource to support a pattern matching engine for using a number of the stored data to identify, when in use, traffic patterns communicated to and/or from a communications terminal indicative of malicious traffic.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. An apparatus as claimed in claim 1, wherein the service usage data is a feed of Service Usage Records (SURs).
  - 3. An apparatus as claimed in claim 1, wherein the data stored from the at least one field of received usage records is stored as a database for serving as a resource for the identification of the traffic patterns.
  - 4. An apparatus as claimed in claim 1, wherein the identification of the traffic patterns includes analysing a property of at least one field of at least one of the usage records.
  - 5. An apparatus as claimed in claim 1, wherein the malicious traffic corresponds to a virus.
  - 6. An apparatus as claimed in claim 1, wherein the malicious traffic corresponds to a worm.
  - 7. An apparatus as claimed in claim 1, wherein the processing resource is arranged to generate, when in use, a message to indicate that malicious traffic has been detected.
  - 8. An apparatus as claimed in claim 7, wherein the malicious traffic corresponds to a type of malicious attack, the message identifying the type of the malicious attack.
  - 9. An apparatus as claimed in claim 7, wherein a counter-measure is communicated, when in use, to the communications terminal in response to the message.
  - 10. An apparatus as claimed in claim 7, wherein a counter-measure is initiated in relation to the communications terminal in response to the message.
  - 11. An apparatus as claimed in claim 10, wherein the counter-measure is prevention of the communications terminal from using one or more service supported by the communications network associated with the mobile terminal to communicate data.
  - 12. A network monitoring system including the network monitoring apparatus as claimed in claim 1.
  - 13. A communications network comprising the apparatus as claimed in claim 1.
  - 14. A communications network as claimed in claim 11, further comprising a counter-measure service station for managing the deployment of the counter-measures.

15. A method of detecting malicious traffic in a communications network, the method comprising:
- receiving a feed of service usage data derived from signalling data, the signalling data originating from a monitored signalling link;
  
  storing service usage data; and
  
  using a number of the stored data to identify traffic patterns communicated to and/or from a communications terminal indicative of malicious traffic.
- View Dependent Claims (16, 17)
- - 16. A computer program element comprising computer program code means to make a computer execute the method as claimed in claim 15.
  - 17. A computer program element as claimed in claim 16, embodied on a computer readable medium.

18. A use of a communications network monitoring system to detect communications to and/or from wireless terminals indicative of a malicious attack.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Original Assignee
Viavi Solutions, Inc. (Lumentum Holdings Inc.)
Inventors
Macartney, John William Forsyth

Application Number

US11/251,169
Publication Number

US 20060128406A1
Time in Patent Office

Days
Field of Search
US Class Current

455/466
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04W 12/128   Anti-malware arrangements, ...

H04W 24/00   Supervisory, monitoring or ...

System, apparatus and method for detecting malicious traffic in a communications network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

71 Citations

18 Claims

Specification

Use Cases

Quick Links

Others

System, apparatus and method for detecting malicious traffic in a communications network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

18 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others