Detection and suppression of short message service denial of service attacks
First Claim
1. A method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:
- receiving at a register information associated with an SMS message, wherein the information is received from an SMS router that extracted the information from the SMS message, and wherein the information includes a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message;
sending a request from the register to a home location register (HLR) or a visiting location register (VLR) for location information indicating a location of the target device, wherein the location information is associated with a geographic area;
receiving at the register, the location information from the HLR or VLR;
updating the register to include the location information of the target device, wherein the register tracks information pertaining to the target device, a quantity of requests for SMS messages to be delivered to the target device, a time associated with the SMS messages, and the location information;
at the register, utilizing the information extracted from the SMS message and the location information to determine whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages;
in response to determining that DoS attack is occurring, the register communicating a trigger to the SMS router to enter into a DoS mode, wherein the DoS mode is one of a plurality of types of DoS mode that include(A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period,(B) a complete prevention mode that prevents all SMS messages from being communicated, and(C) a focused mode that identifies particular SMS messages that should be either throttled or prevented;
at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and
communicating an additional trigger to the SMS router to instruct the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;
wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that the quantity of requests for SMS messages is below a second SMS request threshold.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and medium are provided for suppressing a Short Message Service (SMS) induced Denial of Service (DoS) attack on a telecommunications network. A register is updated to include information relevant to SMS messages that are requested to be communicated by way of a wireless telecommunications network. The register includes information of the location where the target devices of SMS messages are located. The register is utilized to detect an SMS induced DoS attack. A trigger is communicated to an SMS router to enable a DoS mode that restricts the communication of SMS messages. In an exemplary embodiment, only those SMS messages identified as part of the DoS attack are restricted.
-
Citations
18 Claims
-
1. A method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:
-
receiving at a register information associated with an SMS message, wherein the information is received from an SMS router that extracted the information from the SMS message, and wherein the information includes a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message; sending a request from the register to a home location register (HLR) or a visiting location register (VLR) for location information indicating a location of the target device, wherein the location information is associated with a geographic area; receiving at the register, the location information from the HLR or VLR; updating the register to include the location information of the target device, wherein the register tracks information pertaining to the target device, a quantity of requests for SMS messages to be delivered to the target device, a time associated with the SMS messages, and the location information; at the register, utilizing the information extracted from the SMS message and the location information to determine whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages; in response to determining that DoS attack is occurring, the register communicating a trigger to the SMS router to enter into a DoS mode, wherein the DoS mode is one of a plurality of types of DoS mode that include (A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period, (B) a complete prevention mode that prevents all SMS messages from being communicated, and (C) a focused mode that identifies particular SMS messages that should be either throttled or prevented; at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and communicating an additional trigger to the SMS router to instruct the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;
wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that the quantity of requests for SMS messages is below a second SMS request threshold. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. One or more nontransitory computer-readable media having computer-executable instructions embodied thereon for performing a method for suppressing a Short Message Service (SMS) induced Denial of Service (DOS) attack on a telecommunications network, the method comprising:
-
receiving at an SMS router an SMS message from an originating source, wherein the SMS message includes delivery information containing a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message; extracting the delivery information from the SMS message; communicating, from the SMS router, the extracted delivery information to a register, wherein the register tracks information pertaining to target devices that are associated with the telecommunications network, a quantity of requests for SMS messages to be communicated by way of the telecommunications network to each target device, a time associated with the requests, and location information indicating a location of each target device associated with the SMS messages, wherein the location information is associated with a geographical area, wherein upon receiving the extracted delivery information from the SMS router, the register requests and receives from a home location register (HLR) or a visiting location register (VLR), the location information indicating the location of the target device identified by the target device identifier, determines whether to communicate a DoS mode trigger to the SMS router based on determining whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of SMS messages, and when an SMS induced DoS attack is suspected based on a potential congestion of the common control channel, then sending the DoS mode trigger to the SMS router; at the SMS router, receiving from the register the DoS mode trigger that specifies a type of DoS mode in which the SMS router is to operate, wherein types of DoS mode include (A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period, (B) a complete prevention mode that prevents all SMS messages from being communicated, and (C) a focused mode that identifies particular SMS messages that should be either throttled or prevented; at the SMS router, enabling a DoS mode in response to receiving the DoS mode trigger from the register, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and receiving, at the SMS router, an additional trigger from the register instructing the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time, wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that quantity of requests for SMS messages to be communicated to the geographic area within the predefined time frame is below a second SMS request threshold. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for suppressing a Short Message Service (SMS) induced Denial of Service (DoS) attack on a telecommunication network, the system comprising:
-
a plurality of SMS originating sources communicating SMS messages to target devices within the telecommunication network; an SMS router; a register computing device; and a Home Location Register (HLR) or Visiting Location Register (VLR) that includes at least a processor; wherein the SMS router further includes at least a first processor and a first memory storing computer executable instructions that, when executed by at least the first processor, cause at least the first processor to perform the steps of; receiving, at the SMS router, an SMS message from an originating source, wherein the SMS message includes delivery information containing a target device identifier of a target device, an originating source identifier, a time of the SMS message, and a priority level associated with the SMS message, extracting the delivery information from the SMS message, and communicating the extracted delivery information to the at least one register computing device; wherein the register computing device includes at least a second memory storing computer executable instructions that, when executed by at least one processor, cause the at least one processor to perform the steps of; tracking information pertaining to target devices that are associated with the telecommunications network, tracking a quantity of SMS messages to be communicated by way of the telecommunications network to each target device, tracking a time associated with the SMS messages, and tracking location information indicating a location of each target device associated with the SMS messages, wherein the location information is associated with a geographical area, wherein upon receiving the extracted delivery information from the SMS router, the register computing device requests and receives, from the HLR or VLR, the location information indicating the location of the target device identified by the target device identifier, determining whether to communicate a DoS mode trigger to the SMS router based on determining whether a DoS attack is occurring, wherein determining whether the DoS attack is occurring includes determining whether the quantity of requests for SMS messages to be communicated to the geographic area within a predefined time frame exceeds a predefined SMS request threshold based on a capacity of a control channel that would be utilized to facilitate communication of the SMS messages, and when an SMS induced DoS attack is suspected based on a potential congestion of the common control channel, then sending the DoS mode trigger to the SMS router; receiving, by the SMS router, the DoS mode trigger that specifies a type of DoS mode in which the SMS router is to operate, wherein types of DoS mode include (A) a throttling mode that limits a quantity of SMS messages that are communicated during a time period, (B) a complete prevention mode that prevents all SMS messages from being communicated, and (C) a focused mode that identifies particular SMS messages that should be either throttled or prevented; enabling a DoS mode, at the SMS router, in response to receiving the DoS mode trigger, wherein the DoS mode allows the SMS router to restrict communication of SMS messages by operating the SMS router in the throttling mode, the complete prevention mode, or the focused mode; and receiving, from the register computing device, an additional trigger instructing the SMS router to disable the DoS mode or to maintain the DoS mode for an extended period of time;
wherein the additional trigger to instruct the SMS router to disable the DoS mode is in response to a determination that quantity of SMS messages is below a second SMS request threshold.
-
Specification