Dual use counters for routing loops and spam detection

US 7,725,545 B2
Filed: 02/20/2004
Issued: 05/25/2010
Est. Priority Date: 02/20/2004
Status: Active Grant

First Claim

Patent Images

1. A method for detecting an undesirable condition within a messaging network, comprising:

receiving a message from a source;

incrementing a source counter and updating an array of timestamps with a new entry corresponding to a time at which the message from the source was received, the array of timestamps including a timestamp entry for each respective source counter increment, and further including more than two timestamps for a given source;

iterating through the array of timestamps to access all source counters and associated timestamps;

removing entries in the array of timestamps that are older than a fixed window size while leaving entries in the array of timestamps that are not older than the fixed window size, and decrementing the source counter for each entry so removed;

comparing the source counter to a source threshold; and

when the source counter exceeds the source threshold, triggering an alarm indicative of an undesirable condition.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for detecting an undesirable condition within a messaging network. A message is received and a source of the message is identified. If an entry in a database for the source has not been created, an entry is created. A source counter for the source is then set to one and a timestamp is created for the source. If an entry in the database for the source has been previously created, the source counter is incremented by one and the timestamp is updated. The source counter is then compared to a source threshold, and if the source counter exceeds the source threshold over the course of predetermined amount of time, a source alarm is triggered. A sliding with respect to the predetermined amount of time may also be implemented to account for total counts that may fall across or be split by set periods of time. The invention is particularly useful for detecting “spam” events and undesirable routing loops.

Citations

16 Claims

1. A method for detecting an undesirable condition within a messaging network, comprising:
- receiving a message from a source;
  
  incrementing a source counter and updating an array of timestamps with a new entry corresponding to a time at which the message from the source was received, the array of timestamps including a timestamp entry for each respective source counter increment, and further including more than two timestamps for a given source;
  
  iterating through the array of timestamps to access all source counters and associated timestamps;
  
  removing entries in the array of timestamps that are older than a fixed window size while leaving entries in the array of timestamps that are not older than the fixed window size, and decrementing the source counter for each entry so removed;
  
  comparing the source counter to a source threshold; and
  
  when the source counter exceeds the source threshold, triggering an alarm indicative of an undesirable condition.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising:
    - identifying a destination for the message;
      
      incrementing a destination counter; and
      
      comparing the destination counter to a destination threshold; and
      
      when the destination counter exceeds the destination threshold, triggering a destination alarm.
  - 3. The method of claim 2, wherein the source threshold and the destination threshold comprise different values.
  - 4. The method of claim 1, wherein the message is a short message service message.
  - 5. The method of claim 1, wherein the messaging network allows for number portability.
  - 6. The method of claim 1, wherein the messaging network comprises a wireless network.
  - 7. The method of claim 1, wherein the source comprises a network user and the destination comprises an intermediary vendor.

8. A method for detecting a spam event in a messaging network, comprising:
- monitoring message traffic in the messaging network;
  
  for a source address associated with a message, creating an entry in a database, setting a source address counter for that source address to a predetermined number and storing a timestamp array including a time at which the message was received, and incrementing the source counter when the source address is again detected and updating the timestamp array with a new timestamp entry corresponding to at time at which the source address was again detected, wherein the timestamp array includes more than two timestamps for a given source address;
  
  iterating through the array of timestamps to access all source counters and associated timestamps;
  
  removing entries in the timestamp array that are older than a fixed window size while leaving entries in the timestamp array that are not older than the fixed window size, and decrementing the source counter for each entry so removed; and
  
  comparing the source counter for a given source address to a source threshold; and
  
  when the source counter exceeds the source threshold, triggering an alarm indicative of a spam event.
- View Dependent Claims (9, 10, 11)
- - 9. The method of claim 8, wherein the message traffic comprises short message service messages.
  - 10. The method of claim 8, wherein the messaging network comprises a wireless network.
  - 11. The method of claim 8, wherein the method is performed by an intermediary logically located between two telecommunication service providers.

12. A method of detecting a routing loop in a telecommunications network, comprising:
- monitoring message traffic passing through an intermediary interconnecting at least two telecommunication service providers;
  
  as message traffic passes through the intermediary, setting a source address counter to a predetermined number and storing a timestamp corresponding to a time at which a first message passed through the intermediary, incrementing the source address counter and adding a new timestamp to an array of timestamps each time the first message passes through the intermediary, wherein the array of timestamps includes more than two timestamps for a given source address;
  
  as message traffic passes through the intermediary, setting a destination address counter to a predetermined number and storing a timestamp corresponding to a time at which a second message passed through the intermediary, incrementing the destination address counter and adding a new timestamp to another array of timestamps each time the second message passes through the intermediary;
  
  comparing the source address counter and destination address counter for a given source address and a given destination address, respectively to a source address threshold and destination address threshold;
  
  iterating through the arrays of timestamps to access all source and destination counters and associated timestamps and removing entries in the array of timestamps that are older than a fixed window size while leaving entries in the array of timestamps that are not older than the fixed window size; and
  
  when the source address counter and destination address counter, respectively exceed the source address threshold and destination address threshold over the course of a predetermined amount of time, triggering an alarm indicative of a routing loop.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The method of claim 12, wherein the source address threshold and the destination address threshold comprise different values.
  - 14. The method of claim 12, wherein the message traffic comprises short message service (SMS) messages.
  - 15. The method of claim 12, wherein the method detects routing loops caused by number portability.
  - 16. The method of claim 12, wherein the telecommunications network comprises a wireless network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sybase 365 Incorporated (SAP SE)
Original Assignee
Sybase 365 Incorporated (SAP SE)
Inventors
Lovell, Robert C. Jr., Rusche, Thilo, Tam, Derek Hung Kit
Primary Examiner(s)
Mesfin; Yemane

Application Number

US10/781,913
Publication Number

US 20050198270A1
Time in Patent Office

2,286 Days
Field of Search

709/205, 709/206, 709/203, 715/752, 370/217, 370/229, 370/230.1, 455/466
US Class Current

709/206
CPC Class Codes

H04L 51/212 using filtering or selectiv...

Dual use counters for routing loops and spam detection

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Dual use counters for routing loops and spam detection

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links