Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

US 8,375,453 B2
Filed: 05/21/2008
Issued: 02/12/2013
Est. Priority Date: 05/21/2008
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

determining call initiation rate statistics;

determining a denial-of-service attack mitigation rule based on the call initiation rate statistics;

sending the denial-of-service attack mitigation rule to an attack mitigator via a session initiation protocol NOTIFY message; and

determining whether to reject a communication session request message based on the denial-of-service attack mitigation rule by;

comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;

sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and

forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network are disclosed. An example method comprises receiving a communication session initiation message from a communication session endpoint, determining whether the communication session endpoint is associated with a probable DoS attack, and sending to the communication session endpoint a communication session initiation response message comprising a DoS header when the communication session endpoint is associated with the probable DoS attack.

46 Citations

View as Search Results

16 Claims

1. A method comprising:
- determining call initiation rate statistics;
  
  determining a denial-of-service attack mitigation rule based on the call initiation rate statistics;
  
  sending the denial-of-service attack mitigation rule to an attack mitigator via a session initiation protocol NOTIFY message; and
  
  determining whether to reject a communication session request message based on the denial-of-service attack mitigation rule by;
  
  comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
- View Dependent Claims (2, 3, 4)
- - 2. A method as defined in claim 1, further comprising receiving a session initiation protocol SUBSCRIBE message from the attack mitigator.
  - 3. A method as defined in claim 1, further comprising:
    - receiving a communication session request message from a calling endpoint; and
      
      updating the call initiation rates statistics based on the communication session request message.
  - 4. A method as defined in claim 1, wherein the session initiation protocol NOTIFY message comprises extensible markup language text that represents the denial of service attack mitigation rule.

5. An apparatus comprising:
- a call statistics analyzer to determine a value representative of a likelihood that a denial-of-service attack is occurring;
  
  a mitigation rule selector to determine a denial-of-service attack mitigation rule based on the value; and
  
  a notifier to send the denial-of-service attack mitigation rule to an attack mitigator via a session initiation protocol NOTIFY message, the attack mitigator to determine whether to reject a communication session request message based on the denial-of-service attack mitigation rule by;
  
  comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match,at least one of the call statistics analyzer, the mitigation rule selector, the notifier, or the Internet protocol multimedia subsystem core comprising a logic circuit.
- View Dependent Claims (6, 7, 8, 9, 10, 11)
- - 6. An apparatus as defined in claim 5, further comprising a network interface to receive a session initiation protocol SUBSCRIBE message from the attack mitigator, wherein the session initiation protocol SUBSCRIBE message enables the notifier to send the session initiation protocol NOTIFY message to the attack mitigator.
  - 7. An apparatus as defined in claim 5, further comprising a call statistics collector to update call initiation statistics associated with respective ones of communication endpoints in a denial-of-service database in response to received communication session request information, wherein the call statistics analyzer is to determine the value using the denial-of-service database.
  - 8. An apparatus as defined in claim 7, wherein the communication session request information is received in a session initiation protocol INVITE message.
  - 9. An apparatus as defined in claim 5, wherein the session initiation protocol NOTIFY message comprises extensible markup language text that represents the denial-of-service attack mitigation rule.
  - 10. An apparatus as defined in claim 9, wherein the session initiation protocol NOTIFY message further comprises an authentication header containing a cryptographic hash computed based on the denial-of-service attack mitigation rule.
  - 11. An apparatus as defined in claim 5, wherein the call statistics analyzer is to determine the value by:
    - computing a sum of a first call initiation rate associated with a first endpoint and a second call initiation rate associated with a second endpoint, andcomparing the sum to a threshold.

12. A border element for a voice over Internet protocol network, the border element comprising:
- a network interface to send a session initiation protocol SUBSCRIBE message to a denial-of-service attack detector and to receive a session initiation protocol NOTIFY message comprising a denial-of-service attack mitigation rule; and
  
  an attack mitigator to determine whether to reject a communication session request message based on the denial-of-service attack mitigation rule by;
  
  comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match,at least one of the network interface, the attack mitigator, or the Internet protocol multimedia subsystem core comprising a logic circuit.
- View Dependent Claims (13, 14, 15, 16)
- - 13. A border element as defined in claim 12, wherein the attack mitigator comprises an authenticator to validate the denial-of-service attack mitigation rule based on an authentication header of the session initiation protocol NOTIFY message.
  - 14. A border element as defined in claim 12, wherein the communication session request message is received subsequent to the session initiation protocol NOTIFY message.
  - 15. A border element as defined in claim 12, wherein the attack mitigator further comprises a denial of service database to store the denial-of-service attack mitigation rule.
  - 16. A border element as defined in claim 12, wherein the session initiation protocol NOTIFY message comprises extensible markup language text that represents the denial-of-service attack mitigation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Jackson, James, Yasrebi, Mehrad
Primary Examiner(s)
Arani, Taghi
Assistant Examiner(s)
Rahman, Mahfuzur

Application Number

US12/124,764
Publication Number

US 20090293123A1
Time in Patent Office

1,728 Days
Field of Search

726/26, 726/22
US Class Current

726/26
CPC Class Codes

H04L 63/1458 Denial of Service

Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

16 Claims

Specification

Use Cases

Quick Links

Others

Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

16 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others