SYSTEM AND METHOD FOR VOICE SECURITY IN A TELECOMMUNICATIONS NETWORK

US 20180026997A1
Filed: 12/19/2016
Published: 01/25/2018
Est. Priority Date: 07/21/2016
Status: Active Grant

First Claim

Patent Images

1. A telecommunications network comprising:

a first routing device in communication with a first client network;

a second routing device in communication with a second client network;

a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to;

receive a Layer 3 through Layer 7 transmission information of a first communication transmitted to the first routing device and a second communication transmitted to the second routing device;

compare the Layer 3 through Layer 7 transmission information of the first communication and the second communication to a stored transmission signature in the database;

detect a security attack on the telecommunications network when the Layer 3 through Layer 7 transmission information from the first device and the second device matches the stored transmission signature in the database;

generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and

transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Aspects of the present disclosure involve systems, methods, computer program products, and the like, for identifying and mitigating attacks on a voice component of a telecommunications network. In general, the process includes obtaining Layer 3 through Layer 7 transmission information from one or more edge devices to the telecommunications network. In one particular embodiment, a plurality of edge devices (also referred to herein as “session border controllers” or SBCs) is included in the telecommunications network in disparate geographical locations. Each SBC may provide Layer 3 through Layer 7 transmission information for each packet or communication transmitted through the SBC to a local database, which in turn may provide the information to a Central Analysis System or database. In one particular embodiment, the Layer 3 through Layer 7 information includes Session Initiation Protocol routing information for the communications sent to each of the SBCs of the network.

Citations

20 Claims

1. A telecommunications network comprising:
- a first routing device in communication with a first client network;
  
  a second routing device in communication with a second client network;
  
  a central analysis system comprising a database of transmission signatures of security attacks on the telecommunications network, the central analysis system configured to;
  
  receive a Layer 3 through Layer 7 transmission information of a first communication transmitted to the first routing device and a second communication transmitted to the second routing device;
  
  compare the Layer 3 through Layer 7 transmission information of the first communication and the second communication to a stored transmission signature in the database;
  
  detect a security attack on the telecommunications network when the Layer 3 through Layer 7 transmission information from the first device and the second device matches the stored transmission signature in the database;
  
  generate at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmit the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The telecommunications network of claim 1 further comprising:
    - a first event logger in communication with the first routing device receiving the Layer 3 through Layer 7 transmission information of the first communication and a second event logger in communication with the second routing device receiving the Layer 3 through Layer 7 transmission information of the second communication.
  - 3. The telecommunications network of claim 2 wherein the central analysis system receives the Layer 3 through Layer 7 transmission information of the first communication from the first event logger and the Layer 3 through Layer 7 transmission information of the second communication from the second event logger.
  - 4. The telecommunications network of claim 1 wherein the transmission signature of the security attack comprises a Session Initiation Protocol (SIP) request from a source Internet Protocol (IP) address received at the first routing device and the second routing device, the SIP request comprising identifying information of a source communication device of the security attack on the telecommunications network.
  - 5. The telecommunications network of claim 4 wherein the transmission signature of the security attack further comprises receiving the SIP request from the source IP address at the first routing device in the first metro area and the second routing device in the second metro within a threshold time period.
  - 6. The telecommunications network of claim 4 wherein the transmission signature of the security attack further comprises a destination IP address of a targeted communication device of the telecommunications network.
  - 7. The telecommunications network of claim 1 wherein the at least one mitigating instruction comprises an instruction to reject received communications with the stored transmission signature in the database and the at least one routing device along the transmission path of the security attack comprises the first routing device in the first metro area and the second routing device in the second metro.
  - 8. The telecommunications network of claim 1 wherein the at least one routing device along the transmission path of the security attack comprises a first routing device of the first client network and a second routing device of the second client network.
  - 9. The telecommunications network of claim 1 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission signature in the database to a firewall device of the telecommunications network.

10. A method for managing a telecommunications network, the method comprising:
- receiving Layer 3 through Layer 7 transmission information of a first communication from a first device of a telecommunications network in a first metro area and a second communication from a second device of the telecommunications network in a second metro area different than the first metro area;
  
  analyzing the received Layer 3 through Layer 7 transmission information to detect a transmission fingerprint of a security attack on the telecommunications network;
  
  generating at least one mitigating instruction in response to the determined security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The method of claim 10 wherein analyzing the received Layer 3 through Layer 7 transmission information comprises:
    - comparing Layer 3 through Layer 7 transmission information from the first device and the second device to a stored transmission fingerprint in a database of known transmission fingerprints of security attacks.
  - 12. The method of claim 10 wherein the transmission fingerprint of the security attack comprises a Session Initiation Protocol (SIP) request from a particular source Internet Protocol (IP) address received at the first device in the first metro area and the second device in the second metro, the SIP request comprising identifying information of a source communication device of the security attack on the telecommunications network.
  - 13. The method of claim 12 wherein the transmission fingerprint of the security attack further comprises receiving the SIP request from the particular source IP address at the first device in the first metro area and the second device in the second metro within a threshold time period.
  - 14. The method of claim 12 wherein the transmission fingerprint of the security attack further comprises a particular destination IP address of a targeted communication device of the telecommunications network.
  - 15. The method of claim 12 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reject received communications with the stored transmission fingerprint in the database and the at least one routing device along the transmission path of the security attack comprises the first device in the first metro area and the second device in the second metro.
  - 16. The method of claim 15 wherein the first device receives the first communication from a first client network and the second device receives the second communication from a second client network and the at least one routing device along the transmission path of the security attack comprises a first routing device of the first client network and a second routing device of the second client network.
  - 17. The method of claim 12 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reroute received communications with the stored transmission fingerprint in the database to a firewall device of the telecommunications network and the at least one routing device along the transmission path of the security attack comprises the first device in the first metro area and the second device in the second metro.

18. A telecommunication device comprising:
- at least one communication port for communicating with a first routing device located in a first metro area and a second routing device located in a second metro area different than the first metro area;
  
  a processing device; and
  
  a computer-readable medium connected to the processing device configured to store instructions that, when executed by the processing device, performs the operations of;
  
  receiving Layer 3 through Layer 7 transmission information of a first communication from the first routing device and a second communication from the second routing device;
  
  comparing the Layer 3 through Layer 7 transmission information of the first communication and the second communication to a stored transmission fingerprint in a database in communication with the at least one processing device;
  
  detecting a security attack on the telecommunications network when the Layer 3 through Layer 7 transmission information of the first communication and the second communication matches the stored transmission fingerprint in the database;
  
  generating at least one mitigating instruction in response to the detected security attack on the telecommunications network, the mitigating instruction including Layer 3 through Layer 7 transmission information for routing a received communication; and
  
  transmitting the at least one mitigating instruction to at least one routing device along a transmission path of the security attack on the telecommunications network.
- View Dependent Claims (19, 20)
- - 19. The telecommunication device of claim 18 wherein the at least one mitigating instruction comprises a Layer 3 through Layer 7 instruction to reject received communications with the stored transmission fingerprint in the database and the at least one routing device along the transmission path of the security attack comprises the first device in the first metro area and the second device in the second metro.
  - 20. The telecommunication device of claim 18 wherein the first device receives the first communication from a first client network and the second device receives the second communication from a second client network and the at least one routing device along the transmission path of the security attack comprises a first routing device of the first client network and a second routing device of the second client network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Original Assignee
Level 3 Communications LLC (Lumen Technologies, Inc.)
Inventors
Johnston, Dana A., Cooper, III, Clyde David

Granted Patent

US 10,536,468 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1458   Denial of Service

H04L 63/162   at the data link layer

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/168   above the transport layer

H04L 65/1104   Session initiation protocol...

H04M 7/006   Networks other than PSTN/IS...

SYSTEM AND METHOD FOR VOICE SECURITY IN A TELECOMMUNICATIONS NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHOD FOR VOICE SECURITY IN A TELECOMMUNICATIONS NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links