Methods, systems, and computer program products for detecting and mitigating denial of service attacks in a telecommunications signaling network
First Claim
1. A method for detecting and mitigating a denial of service (DoS) attack in a telecommunications signaling network, the method comprising:
- (a) collecting per link traffic rate information for at least two signaling links in a signaling network;
(b) determining whether a traffic rate on at least a first signaling link of the plurality of signaling links exceeds a traffic rate on at least a second signaling link of the plurality of signaling links by a predetermined threshold; and
(c) in response to determining that the traffic rate on the first signaling link exceeds the traffic rate on the second signaling link by a predetermined threshold, indicating a denial of service attack.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for detecting and mitigating a denial of service attack in a telecommunications signaling network are provided. According to one method, traffic rate information is monitored on at least two of a plurality of signaling links. If the traffic rate on one of the signaling links exceeds the rate on at least another of the signaling links by a predetermined threshold, a denial of service attack is indicated. In response to indicating a denial of service attack, a user may take mitigating action, such as updating a firewall function to block packets associated with the offending source.
91 Citations
33 Claims
-
1. A method for detecting and mitigating a denial of service (DoS) attack in a telecommunications signaling network, the method comprising:
-
(a) collecting per link traffic rate information for at least two signaling links in a signaling network;
(b) determining whether a traffic rate on at least a first signaling link of the plurality of signaling links exceeds a traffic rate on at least a second signaling link of the plurality of signaling links by a predetermined threshold; and
(c) in response to determining that the traffic rate on the first signaling link exceeds the traffic rate on the second signaling link by a predetermined threshold, indicating a denial of service attack. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for detecting and mitigating a denial of service attack in a telecommunications signaling network, the system comprising:
-
(a) a data gateway server for collecting per link traffic rate information for at least first and second signaling links in a network; and
(b) a denial of service detector/mitigator for receiving and analyzing the per link traffic rate information and determining whether the rate information the first signaling link exceeds the traffic rate the second signaling link by a predetermined threshold, and, in response to determining that the traffic rate on the first signaling link exceeds the traffic rate on the second signaling link by the predetermined threshold, for indicating a denial of service attack. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
-
21. The system of 19 wherein the user terminal is adapted to receive input from the user regarding a false positive attack and for updating the DoS detector/mitigator to exclude the false positive from DoS attack detection.
-
22. A computer program product comprising computer-executable instructions embodied in a computer-readable medium for performing steps comprising:
-
(a) collecting per link traffic rate information for at least two signaling links in a signaling network;
(b) determining whether a traffic rate on at least a first signaling link of the plurality of signaling links exceeds a traffic rate on at least a second signaling link of the plurality of signaling links by a predetermined threshold; and
(c) in response to determining that the traffic rate on the first signaling link exceeds the traffic rate on the second signaling link by a predetermined threshold, indicating a denial of service attack. - View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification