Detection and suppression of short message service denial of service attacks

US 8,255,994 B2
Filed: 08/20/2008
Issued: 08/28/2012
Est. Priority Date: 08/20/2008
Status: Active Grant

First Claim

Patent Images

1. A method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:

receiving at a register information associated with an SMS message, wherein the information is received from an SMS router that extracted the information from the SMS message, and wherein the information includes a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message;

sending a request from the register to a home location register (HLR) or a visiting location register (VLR) for location information indicating a location of the target device, wherein the location information is associated with a geographic area;

receiving at the register, the location information from the HLR or VLR;

updating the register to include the location information of the target device, wherein the register tracks information pertaining to the target device, a quantity of requests for SMS messages to be delivered to the target device, a time associated with the SMS messages, and the location information;

at the register, utilizing the information extracted from the SMS message and the location information to determine whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages;

in response to determining that DoS attack is occurring, the register communicating a trigger to the SMS router to enter into a DoS mode, wherein the DoS mode is one of a plurality of types of DoS mode that include(A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period,(B) a complete prevention mode that prevents all SMS messages from being communicated, and(C) a focused mode that identifies particular SMS messages that should be either throttled or prevented;

at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and

communicating an additional trigger to the SMS router to instruct the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;

wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that the quantity of requests for SMS messages is below a second SMS request threshold.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and medium are provided for suppressing a Short Message Service (SMS) induced Denial of Service (DoS) attack on a telecommunications network. A register is updated to include information relevant to SMS messages that are requested to be communicated by way of a wireless telecommunications network. The register includes information of the location where the target devices of SMS messages are located. The register is utilized to detect an SMS induced DoS attack. A trigger is communicated to an SMS router to enable a DoS mode that restricts the communication of SMS messages. In an exemplary embodiment, only those SMS messages identified as part of the DoS attack are restricted.

26 Citations

View as Search Results

18 Claims

1. A method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:
- receiving at a register information associated with an SMS message, wherein the information is received from an SMS router that extracted the information from the SMS message, and wherein the information includes a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message;
  
  sending a request from the register to a home location register (HLR) or a visiting location register (VLR) for location information indicating a location of the target device, wherein the location information is associated with a geographic area;
  
  receiving at the register, the location information from the HLR or VLR;
  
  updating the register to include the location information of the target device, wherein the register tracks information pertaining to the target device, a quantity of requests for SMS messages to be delivered to the target device, a time associated with the SMS messages, and the location information;
  
  at the register, utilizing the information extracted from the SMS message and the location information to determine whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages;
  
  in response to determining that DoS attack is occurring, the register communicating a trigger to the SMS router to enter into a DoS mode, wherein the DoS mode is one of a plurality of types of DoS mode that include(A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period,(B) a complete prevention mode that prevents all SMS messages from being communicated, and(C) a focused mode that identifies particular SMS messages that should be either throttled or prevented;
  
  at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and
  
  communicating an additional trigger to the SMS router to instruct the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;
  
  wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that the quantity of requests for SMS messages is below a second SMS request threshold.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the telecommunications network is compatible with a wireless technology wherein the wireless technology is selected from a group including wireless technologies in the Third Generation Partnership Project (3GPP), Third Generation Partnership Project 2 (3GPP2), IEEE 802.16, and IEEE 802.11.
  - 3. The method of claim 1, wherein the target device is a mobile communications device.
  - 4. The method of claim 1, wherein the originating source identifier or the target device identifier is compatible with one from the following list:
    - (A) International Mobile Equipment Identity (IMEI);
      
      (B) Mobile Subscriber Integrated Services Digital Network Number (MSISDNN);
      
      (C) International Mobile Subscriber Identity (IMSI);
      
      (D) Electronic Serial Number (ESN);
      
      (E) Internet Protocol (IP) address;
      
      (F) Media Access Control (MAC) address; and
      
      (G) Phone Number.
  - 5. The method of claim 1, wherein the location is described by at least one from the following:
    - (A) Sector;
      
      (B) Base Station;
      
      (C) Node B;
      
      (D) Transceiver;
      
      or(E) Geographic Coordinates.
  - 6. The method of claim 1 further comprising communicating a second trigger to the SMS router because the determined quantity of SMS message requests exceeds a predefined SMS request threshold for a predefined time period.

7. One or more nontransitory computer-readable media having computer-executable instructions embodied thereon for performing a method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:
- receiving at an SMS router an SMS message from an originating source, wherein the SMS message includes delivery information containing a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message;
  
  extracting the delivery information from the SMS message;
  
  communicating, from the SMS router, the extracted delivery information to a register, wherein the register tracksinformation pertaining to target devices that are associated with the telecommunications network,a quantity of requests for SMS messages to be communicated by way of the telecommunications network to each target device,a time associated with the requests, andlocation information indicating a location of each target device associated with the SMS messages, wherein the location information is associated with a geographical area,wherein upon receiving the extracted delivery information from the SMS router, the registerrequests and receives from a home location register (HLR) or a visiting location register (VLR), the location information indicating the location of the target device identified by the target device identifier,determines whether to communicate a DoS mode trigger to the SMS router based on determining whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of SMS messages, andwhen an SMS induced DoS attack is suspected based on a potential congestion of the common control channel, then sending the DoS mode trigger to the SMS router;
  
  at the SMS router, receiving from the register the DoS mode trigger that specifies a type of DoS mode in which the SMS router is to operate, wherein types of DoS mode include(A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period,(B) a complete prevention mode that prevents all SMS messages from being communicated, and(C) a focused mode that identifies particular SMS messages that should be either throttled or prevented;
  
  at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and
  
  receiving, at the SMS router, an additional trigger from the register instructing the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time, wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that quantity of requests for SMS messages to be communicated to the geographic area within the predefined time frame is below a second SMS request threshold.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 8. The media of claim 7, wherein the telecommunications network is compatible with a wireless technology wherein the wireless technology is selected from a group including wireless technologies in the Third Generation Partnership Project (3GPP), Third Generation Partnership Project 2 (3GPP2), IEEE 802.16, and IEEE 802.11.
  - 9. The media of claim 7, wherein the originating source is at least one from the following:
    - (A) Mobile Communications Device;
      
      (B) Computing Device;
      
      (C) Alert Service; and
      
      (D) User Interface for Communicating SMS Messages.
  - 10. The media of claim 7, wherein the delivery information includes at least one from the following:
    - (A) Time of the request;
      
      (B) Originating Source Identifier;
      
      or(C) Priority Level.
  - 11. The media of claim 7, wherein the register is a data table that is accessible by way of the telecommunications network.
  - 12. The media of claim 11, wherein the register is associated with the SMS router by way of a communications pathway.
  - 13. The media of claim 7, wherein the DoS mode trigger is received because a predefined quantity of SMS message requests were received by the SMS router within a predefined time frame.
  - 14. The media of claim 13, wherein the predefined quantity of SMS message requests are from a common originating source.
  - 15. The media of claim 7 wherein the DoS mode limits the communication from the SMS router of SMS message requests associated with one or more specified originating source identifiers.
  - 16. The media of claim 15, wherein the DoS mode limits the communication includes preventing the communication of the SMS message request.
  - 17. The media of claim 15, wherein the DoS mode limits the communication includes queuing the SMS message request to be communicated over a predefined time frame.

18. A system for suppressing a Short Message Service (SMS) induced Denial of Service (DoS) attack on a telecommunication network, the system comprising:
- a plurality of SMS originating sources communicating SMS messages to target devices within the telecommunication network;
  
  an SMS router;
  
  a register computing device; and
  
  a Home Location Register (HLR) or Visiting Location Register (VLR) that includes at least a processor;
  
  wherein the SMS router further includes at least a first processor and a first memory storing computer executable instructions that, when executed by at least the first processor, cause at least the first processor to perform the steps of;
  
  receiving, at the SMS router, an SMS message from an originating source, wherein the SMS message includes delivery information containing a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message,extracting the delivery information from the SMS message, andcommunicating the extracted delivery information to the at least one register computing device;
  
  wherein the register computing device includes at least a second memory storing computer executable instructions that, when executed by at least one processor, cause the at least one processor to perform the steps of;
  
  tracking information pertaining to target devices that are associated with the telecommunications network, tracking a quantity of SMS messages to be communicated by way of the telecommunications network to each target device, tracking a time associated with the SMS messages, and tracking location information indicating a location of each target device associated with the SMS messages, wherein the location information is associated with a geographical area, wherein upon receiving the extracted delivery information from the SMS router, the register computing device requests and receives, from the HLR or VLR, the location information indicating the location of the target device identified by the target device identifier,determining whether to communicate a DoS mode trigger to the SMS router based on determining whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages, andwhen an SMS induced DoS attack is suspected based on a potential congestion of the common control channel, then sending the DoS mode trigger to the SMS router;
  
  receiving, by the SMS router, the DoS mode trigger that specifies a type of DoS mode in which the SMS router is to operate, wherein types of DoS mode include(A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period,(B) a complete prevention mode that prevents all SMS messages from being communicated, and(C) a focused mode that identifies particular SMS messages that should be either throttled or prevented;
  
  enabling a DoS mode, at the SMS router, in response to receiving the DoS mode trigger, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and
  
  receiving, from the register computing device, an additional trigger instructing the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;
  
  wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that quantity of SMS messages is below a second SMS request threshold.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
T-Mobile Innovations LLC (Deutsche Telekom AG)
Original Assignee
Sprint Communications Company LP (Deutsche Telekom AG)
Inventors
Upadhyay, Piyush, Routt, William James, Wilson, Patrick David, Haldar, Debashis, Witzgall, John Chandler
Primary Examiner(s)
PHAM, LUU T

Application Number

US12/195,109
Publication Number

US 20100050255A1
Time in Patent Office

1,469 Days
Field of Search

726/22
US Class Current

726/22
CPC Class Codes

H04L 63/1458   Denial of Service

H04W 12/0431   Key distribution or pre-dis...

H04W 12/12   Detection or prevention of ...

H04W 12/63   Location-dependent; Proximi...

H04W 4/14   Short messaging services, e...

H04W 8/26   Network addressing or numbe...

Detection and suppression of short message service denial of service attacks

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Detection and suppression of short message service denial of service attacks

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links