Real-time network attack detection and mitigation infrastructure

US 8,719,930 B2
Filed: 10/12/2011
Issued: 05/06/2014
Est. Priority Date: 10/12/2010
Status: Active Grant

First Claim

Patent Images

1. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:

receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call;

generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files;

assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level;

transmitting, by the server, the script and the routing label to the guardian module;

defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and

administering, by the guardian module, the audio challenge-response test to the call based on the script.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.

31 Citations

View as Search Results

9 Claims

1. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:
- receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call;
  
  generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files;
  
  assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level;
  
  transmitting, by the server, the script and the routing label to the guardian module;
  
  defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and
  
  administering, by the guardian module, the audio challenge-response test to the call based on the script.
- View Dependent Claims (2, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein administering the audio challenge-response test further comprises:
    - retrieving, by the guardian module, the altered sound files from a storage area during runtime of the test based on the variables defined by the guardian module; and
      
      playing, by the guardian module, the altered sound files in a sequence defined by the variables.
  - 4. The method of claim 1 further comprising a gateway for returning the call to its regular path if the call passes the audio challenge-response test.
  - 5. The method of claim 4 wherein the gateway is further adapted to execute a final treatment if the call fails the audio challenge-response test, the final treatment comprising at least one of terminating the call, recording the call, diverting the call to an operator, replaying the audio challenge-response test, or providing a second audio challenge-response test.
  - 6. The method of claim 1 further comprising:
    - generating, by the analyzer, the altered sound files from a library of original sound files comprising unaltered sounds;
      
      generating, by the analyzer, a mapping of the identifications of the altered sound files to their respective complexity levels; and
      
      uploading, by the analyzer, the altered sound files and the mapping to at least one of the guardian module and the server.
  - 7. The method of claim 1 wherein the script includes additional variables customizable by the guardian module for the audio challenge-response test, the additional variables including:
    - a variable storing an identification of a greeting message to be played before the audio challenge-response test, a variable defining a number of times for replaying the audio challenge-response test, a variable defining a number of times a caller of the call is allowed to skip the audio challenge-response test and advance to a new audio challenge-response test, and a variable for specifying a final treatment if the caller fails the audio challenge-response test.

3. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:
- receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call;
  
  generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test;
  
  assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level, wherein the one or more parameters of the routing label includes a minimum number of digits in the audio challenge-response test for the complexity level, a maximum number of digits in the audio challenge-response test for the complexity level, a signal-to-noise ratio for the complexity level, a minimum inter-digit delay for the complexity level and a maximum inter-digit delay for the complexity level;
  
  transmitting, by the server, the script and the routing label to the guardian module;
  
  defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and
  
  administering, by the guardian module, the audio challenge-response test to the call based on the script.

8. A system for detecting and mitigating network attacks in a VoIP network, the system comprising:
- an analyzer including i) a detection module for detecting a possible attack corresponding to a call, ii) a rules engine for determining a mitigation action to avoid the possible attack, the mitigation action provisioning an audio challenge-response test for the call, and iii) a policy change engine for forwarding information about the mitigation action to one or more modules of the system, the information including a complexity level for administering the audio challenge-response test;
  
  a server for receiving the information from the policy change engine, the server is adapted to;
  
  i) generate a script including variables for identifying a plurality of altered sound files for the audio challenge-response test wherein the altered sound files include one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files, and ii) assign a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level; and
  
  a guardian module for receiving the script and the routing label from the server, the guardian module is adapted to define the variables of the generic script to identify the plurality of altered sound files for the challenge-response test and administer the challenge-response test to the call based on the script, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label.

9. A computer program product, tangibly embodied in a non-transitory computer readable medium, for detecting and mitigating network attacks in a VoIP network, the computer program product including instructions being operable to cause data processing apparatus to:
- receive information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call;
  
  generate a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files;
  
  assign a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level; and
  
  transmit the script and the routing label to the guardian module, wherein the guardian module is adapted to i) define the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, and ii) administer the audio challenge-response test to the call based on the script, each altered sound file being randomly selected by the guardian module subject to the parameters of the routing label.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ribbon Communications Operating Company, Inc. (Ribbon Communications, Inc.)
Original Assignee
Sonus Networks Incorporated (Ribbon Communications, Inc.)
Inventors
Lapsley, David, Matragi, Wassim, Mansur, Miri, Klotzbach, Jonathan, Shu, Ti-yuan Dean, Chary, Sri, Joseph, Joby, Topham, Mark, Dumble, Kenneth
Primary Examiner(s)
Chea, Philip
Assistant Examiner(s)
LE, KHOI V

Application Number

US13/271,928
Publication Number

US 20120090028A1
Time in Patent Office

937 Days
Field of Search

None
US Class Current

726/22
CPC Class Codes

H04L 63/08   for authentication of entit...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1441   Countermeasures against mal...

Real-time network attack detection and mitigation infrastructure

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Real-time network attack detection and mitigation infrastructure

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links