METHODS AND APPARATUS TO MITIGATE A DENIAL-OF-SERVICE ATTACK IN A VOICE OVER INTERNET PROTOCOL NETWORK

US 20090293123A1
Filed: 05/21/2008
Published: 11/26/2009
Est. Priority Date: 05/21/2008
Status: Active Grant

First Claim

Patent Images

1-45. -45. (canceled)

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network are disclosed. An example method comprises receiving a communication session initiation message from a communication session endpoint, determining whether the communication session endpoint is associated with a probable DoS attack, and sending to the communication session endpoint a communication session initiation response message comprising a DoS header when the communication session endpoint is associated with the probable DoS attack.

85 Citations

View as Search Results

68 Claims

1-45. -45. (canceled)

46. A method comprising:
- determining call initiation rate statistics;
  
  determining a denial-of-service (DoS) attack mitigation rule based on the call initiation rate statistics; and
  
  sending the DoS attack mitigation rule to an attack mitigator via a session initiation protocol (SIP) NOTIFY message.
- View Dependent Claims (47, 48, 49)
- - 47. A method as defined in claim 46, further comprising receiving a SIP SUBSCRIBE message from the attack mitigator.
  - 48. A method as defined in claim 46, further comprising:
    - receiving a communication session request message from a calling endpoint; and
      
      updating the call initiation rates statistics based on the request message.
  - 49. A method as defined in claim 46, wherein the SIP NOTIFY message comprises extensible markup language text that represents the DoS attack mitigation rule.

50. An apparatus comprising:
- a call statistics analyzer to determine a value representative of a likelihood that a denial-of-service (DOS) attack is occurring;
  
  a mitigation rule selector to determine a DoS attack mitigation rule based on the value; and
  
  a notifier to send the DoS attack mitigation rule to an attack mitigator via a session initiation protocol (SIP) NOTIFY message.
- View Dependent Claims (51, 52, 53, 54, 55, 56)
- - 51. An apparatus as defined in claim 50, further comprising a network interface to receive a SIP SUBSCRIBE message from the attack mitigator, wherein the SIP SUBSCRIBE message enables the notifier to send the SIP NOTIFY message to the attack mitigator.
  - 52. An apparatus as defined in claim 50, further comprising a call statistics collector to update call initiation statistics associated with respective ones of communication endpoints in a DoS database in response to received communication session request information, wherein the call statistics analyzer is to determine the value using the DoS database.
  - 53. An apparatus as defined in claim 52, wherein the communication session request information is received in a SIP INVITE message.
  - 54. An apparatus as defined in claim 50, wherein the SIP NOTIFY message comprises extensible markup language text that represents the DoS attack mitigation rule.
  - 55. An apparatus as defined in claim 54, wherein the SIP NOTIFY message further comprises an authentication header containing a cryptographic hash computed based on the DoS attack mitigation rule.
  - 56. An apparatus as defined in claim 50, wherein the call statistics analyzer is to determine the value by:
    - computing a sum of a first call initiation rate associated with a first endpoint and a second call initiation rate associated with a second endpoint, andcomparing the sum to a threshold.

57. A method comprising:
- sending a session initiation protocol (SIP) SUBSCRIBE message to a denial-of-service (DoS) attack detector; and
  
  receiving a DoS attack mitigation rule via a SIP NOTIFY message.
- View Dependent Claims (58, 59, 60)
- - 58. A method as defined in claim 57, further comprising;
    - receiving a communication session request message from a calling device;
      
      comparing a first parameter of the communication session request message to a second parameter of the DoS attack mitigation rule; and
      
      sending a SIP 5XX message to the calling device when the first and second parameters match.
  - 59. A method as defined in claim 58, further comprising forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
  - 60. A method as defined in claim 57, wherein the SIP NOTIFY message comprises extensible markup language text that represents the DoS attack mitigation rule.

61. A border element for a voice over Internet protocol (VoIP) network, the border element comprising:
- a network interface to send a session initiation protocol (SIP) SUBSCRIBE message to a denial-of-service (DoS) attack detector and to receive a SIP NOTIFY message comprising a DoS attack mitigation rule; and
  
  an attack mitigator to determine whether to reject a communication session request message based on the DoS attack mitigation rule.
- View Dependent Claims (62, 63, 64, 65, 66, 67, 68)
- - 62. A border element as defined in claim 61, wherein the attack mitigator comprises an authenticator to validate the DoS attack mitigation rule based on an authentication header of the SIP NOTIFY message.
  - 63. A border element as defined in claim 61, wherein the communication session request message is received subsequent to the SIP NOTIFY message.
  - 64. A border element as defined in claim 61, wherein the attack mitigator further comprises a DoS database to store the DoS attack mitigation rule.
  - 65. A border element as defined in claim 61, wherein the attack mitigator comprises a limiter to determine whether to reject the communication session request message by enforcing the DoS attack mitigation rule.
  - 66. A border element as defined in claim 65, wherein the limiter is to:
    - compare a first parameter of the communication session request message to a second parameter of the DoS attack mitigation rule; and
      
      send a SIP 5XX message to a calling device associated with the communication session request message when the first and second parameters match.
  - 67. A border element as defined in claim 66, wherein the limiter is to forward the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
  - 68. A border element as defined in claim 61, wherein the SIP NOTIFY message comprises extensible markup language text that represents the DoS attack mitigation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Knowledge Ventures, L.P. (AT&T, Inc.)
Inventors
Jackson, James, Yasrebi, Mehrad

Granted Patent

US 8,375,453 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/23
CPC Class Codes

H04L 63/1458 Denial of Service

METHODS AND APPARATUS TO MITIGATE A DENIAL-OF-SERVICE ATTACK IN A VOICE OVER INTERNET PROTOCOL NETWORK

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

85 Citations

68 Claims

Specification

Solutions

Use Cases

Quick Links

METHODS AND APPARATUS TO MITIGATE A DENIAL-OF-SERVICE ATTACK IN A VOICE OVER INTERNET PROTOCOL NETWORK

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

85 Citations

68 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links