Identification of patterns in stateful transactions
First Claim
1. A method of identifying a pattern in a plurality of messages, the method comprising:
- (a) for each message of the plurality of messages transmitted by a first device to a recipient over a network, intercepting the message prior to receipt by the recipient;
(b) adding, with a processor as each message of the plurality of messages is intercepted, a descriptor representative of the intercepted message to a message pattern operative to accumulate descriptors of intercepted messages;
(c) comparing the message pattern to a plurality of exemplary message patterns;
(d) identifying when the message pattern matches at least one of the exemplary message patterns; and
(e) determining an action to take with respect to the message based on the identifying.
12 Assignments
0 Petitions
Accused Products
Abstract
A system for the identification of patterns in stateful transactions may include a message interceptor, a message pattern processor, a message handler, and a memory. The message interceptor may be operative to intercept messages transmitted by a first device over a network to a recipient. The message interceptor may be operative to intercept the messages before the messages are received by the recipient. The message pattern processor may be operative to add the message to a message pattern and store the message pattern in a memory. The message pattern processor may compare the message pattern to a plurality of exemplary message patterns and identify when the message pattern matches at least one of the exemplary message patterns. The message handler may be operative to determine an action to take with respect to the message based on the at least one matching exemplary message pattern identified by the message pattern processor.
-
Citations
26 Claims
-
1. A method of identifying a pattern in a plurality of messages, the method comprising:
-
(a) for each message of the plurality of messages transmitted by a first device to a recipient over a network, intercepting the message prior to receipt by the recipient; (b) adding, with a processor as each message of the plurality of messages is intercepted, a descriptor representative of the intercepted message to a message pattern operative to accumulate descriptors of intercepted messages; (c) comparing the message pattern to a plurality of exemplary message patterns; (d) identifying when the message pattern matches at least one of the exemplary message patterns; and (e) determining an action to take with respect to the message based on the identifying. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for identifying a pattern in a plurality of messages, the system comprising:
-
(a) means for intercepting each message of the plurality of messages transmitted by a first device to a recipient over a network prior to receipt by the recipient; (b) means for adding, as each message of the plurality of messages is intercepted, a descriptor representative of the intercepted message to a message pattern operative to accumulate descriptors of intercepted messages; (c) means for comparing the message pattern to a plurality of exemplary message patterns; (d) means for identifying when the message pattern matches at least one of the exemplary message patterns; and (e) means for determining an action to take with respect to the message based on the identifying. - View Dependent Claims (9, 10, 11)
-
-
12. A method for the identification of patterns in stateful transactions, the method comprising:
-
(a) identifying a plurality of exemplary message patterns, wherein each exemplary message pattern comprises a specification describing a sequence of messages for a transaction over a network; (b) intercepting a message from a first device intended to be communicated over the network to a second device; (c) adding, as the message is intercepted, a descriptor of the intercepted message to a current message pattern operative to accumulate descriptors of intercepted messages, wherein the current message pattern comprises a specification describing a sequence of messages associated with a current transaction over the network between the first device and the second device; (d) determining whether the current message pattern matches one of the plurality of exemplary message patterns; and (e) one of communicating the message to the second device or preventing the message from being communicated to the second device based on the determining. - View Dependent Claims (13, 14, 15)
-
-
16. A method of preventing fraudulent signals in session initiation protocol transactions, the method comprising:
-
providing a packet monitoring device to intercept a plurality of packets intended to be communicated to a session initiation protocol proxy server; intercepting the plurality of packets intended to be communicated to the session initiation protocol proxy server; performing a deep packet inspection on the plurality of packets together to identify a session initiation protocol signal; processing the session initiation protocol signal to determine whether the session initiation protocol signal is fraudulent; and dropping the plurality of packets if the session initiation protocol signal is determined to be fraudulent, otherwise allowing the plurality of packets to be communicated to the intended session initiation protocol proxy server. - View Dependent Claims (17, 18, 19, 20)
-
-
21. A system for identifying a pattern in a plurality of messages, the system comprising:
-
a message interceptor operative, for each message of the plurality of messages transmitted by a first device to a recipient over a network, to intercept the message prior to receipt by the recipient; a message pattern processor operative to add, as each message of the plurality of messages is intercepted, a descriptor representative of the intercepted message to a message pattern operative to accumulate descriptors of intercepted messages, store the message pattern in a memory, compare the message pattern to a plurality of exemplary message patterns, identify when the message pattern matches at least one of the exemplary message patterns; and a message handler operative to determine an action to take with respect to the message based on the at least one exemplary message pattern identified by the message pattern processor. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A method of preventing fraudulent signals in session initiation protocol transactions, the method comprising:
-
providing a packet monitoring device to intercept a plurality of packets intended to be communicated to a session initiation protocol proxy server; intercepting the plurality of packets intended to be communicated to the session initiation protocol proxy server; performing a deep packet inspection on the plurality of packets to identify a session initiation protocol signal; processing the session initiation protocol signal to determine whether the session initiation protocol signal is fraudulent; dropping the plurality of packets if the session initiation protocol signal is determined to be fraudulent, otherwise allowing the plurality of packets to be communicated to the intended session initiation protocol proxy server; and processing a header of the session initiation protocol signal to determine a transaction identifier of the session initiation protocol signal, wherein the header comprises a uniform resource identifier, a branch parameter and a command sequence parameter, and the transaction identifier of the session initiation protocol signal is determined by calculating a 32-bit hash of the uniform resource identifier, the branch parameter and the command sequence parameter.
-
Specification