Multi-Node and Multi-Call State Machine Profiling for Detecting SPIT
First Claim
1. A method comprising:
- determining whether the execution of an instance of a first finite-state machine and an instance of a second finite-state machine during a call matches one or more execution profiles that are associated with improper call behavior, wherein said instance of said finite-state machine corresponds to the state of a communications protocol at a first node, and wherein said instance of said second finite-state machine corresponds to the state of a communications protocol at a second node, and wherein at least one of said execution profiles characterizes the execution of a plurality of finite-state machines during a call; and
when a match exists, generating a signal that indicates a possible occurrence of improper call behavior.
25 Assignments
0 Petitions
Accused Products
Abstract
An apparatus and method for detecting potentially-improper call behavior (e.g., SPIT, etc.) are disclosed. The illustrative embodiment of the present invention is based on finite-state machines (FSMs) that represent the legal states and state transitions of communications protocols at nodes during Voice over Internet Protocol (VoIP) calls. In accordance with the illustrative embodiment, a library of FSM execution profiles associated with improper call behavior and a set of rules (or rule base) associated with improper FSM behavior over one or more calls are maintained. When the behavior of one or more finite-state machines during one or more calls matches either an execution profile in the library or a rule in the rule base, an alert is generated.
57 Citations
20 Claims
-
1. A method comprising:
-
determining whether the execution of an instance of a first finite-state machine and an instance of a second finite-state machine during a call matches one or more execution profiles that are associated with improper call behavior, wherein said instance of said finite-state machine corresponds to the state of a communications protocol at a first node, and wherein said instance of said second finite-state machine corresponds to the state of a communications protocol at a second node, and wherein at least one of said execution profiles characterizes the execution of a plurality of finite-state machines during a call; and when a match exists, generating a signal that indicates a possible occurrence of improper call behavior. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method comprising:
-
determining whether the execution of an instance of a first finite-state machine and of an instance of a second finite-state machine during a call matches one or more rules that are associated with improper call behavior, wherein said instance of said first finite-state machine corresponds to the state of a communications protocol at a first node, and wherein said instance of said second finite-state machine corresponds to the state of a communications protocol at a second node, and wherein at least one of said rules comprises a condition pertaining to the execution of a plurality of finite-state machines during a call; and when a match exists, generating a signal that indicates a possible occurrence of improper call behavior. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method comprising:
-
determining whether the execution of an instance of a finite-state machine during a first call and during a second call matches one or more rules that are associated with improper call behavior, wherein said instance of said finite-state machine state corresponds to the state of a communications protocol at a node, and wherein at least one of said rules comprises a condition pertaining to the execution of a finite-state machine during a plurality of calls; and when a match exists, generating a signal that indicates a possible occurrence of improper call behavior. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A method comprising:
-
determining whether the execution of an instance of a first finite-state machine and of an instance of a second finite-state machine during a first call and during a second call matches one or more rules that are associated with improper call behavior, wherein said instance of said first finite-state machine corresponds to the state of a communications protocol at a first node, and wherein said instance of said second finite-state machine corresponds to the state of a communications protocol at a second node, and wherein at least one of said rules comprises a condition pertaining to the execution of a plurality of finite-state machines during a plurality of calls; and when a match exists, generating a signal that indicates a possible occurrence of improper call behavior. - View Dependent Claims (17, 18, 19, 20)
-
Specification