Real-time network attack detection and mitigation infrastructure
First Claim
1. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:
- receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call;
generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files;
assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level;
transmitting, by the server, the script and the routing label to the guardian module;
defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and
administering, by the guardian module, the audio challenge-response test to the call based on the script.
9 Assignments
0 Petitions
Accused Products
Abstract
The invention features systems and methods for detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network. A server is configured to receive information related to a mitigation action for a call. The information can include a complexity level for administering an audio challenge-response test to the call and an identification of the call. The server also generates i) a routing label based on the identification of the call, and ii) a script defining a plurality of variables that store identifications of a plurality of altered sound files for the audio challenge-response test. Each altered sound file is randomly selected by the server subject to one or more constraints associated with the complexity level. The server is further configured to transmit the script to a guardian module and the routing label to a gateway.
31 Citations
9 Claims
-
1. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:
-
receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call; generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files; assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level; transmitting, by the server, the script and the routing label to the guardian module; defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and administering, by the guardian module, the audio challenge-response test to the call based on the script. - View Dependent Claims (2, 4, 5, 6, 7)
-
-
3. A method of detecting and mitigating network attacks in a Voice-Over-IP (VoIP) network, comprising:
-
receiving, by a server, information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call; generating, by the server, a script including variables for identifying a plurality of altered sound files for the audio challenge-response test; assigning, by the server, a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level, wherein the one or more parameters of the routing label includes a minimum number of digits in the audio challenge-response test for the complexity level, a maximum number of digits in the audio challenge-response test for the complexity level, a signal-to-noise ratio for the complexity level, a minimum inter-digit delay for the complexity level and a maximum inter-digit delay for the complexity level; transmitting, by the server, the script and the routing label to the guardian module; defining, by the guardian module, the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label; and administering, by the guardian module, the audio challenge-response test to the call based on the script.
-
-
8. A system for detecting and mitigating network attacks in a VoIP network, the system comprising:
-
an analyzer including i) a detection module for detecting a possible attack corresponding to a call, ii) a rules engine for determining a mitigation action to avoid the possible attack, the mitigation action provisioning an audio challenge-response test for the call, and iii) a policy change engine for forwarding information about the mitigation action to one or more modules of the system, the information including a complexity level for administering the audio challenge-response test; a server for receiving the information from the policy change engine, the server is adapted to;
i) generate a script including variables for identifying a plurality of altered sound files for the audio challenge-response test wherein the altered sound files include one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files, and ii) assign a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level; anda guardian module for receiving the script and the routing label from the server, the guardian module is adapted to define the variables of the generic script to identify the plurality of altered sound files for the challenge-response test and administer the challenge-response test to the call based on the script, wherein each altered sound file is randomly selected by the guardian module subject to the parameters of the routing label.
-
-
9. A computer program product, tangibly embodied in a non-transitory computer readable medium, for detecting and mitigating network attacks in a VoIP network, the computer program product including instructions being operable to cause data processing apparatus to:
-
receive information related to a mitigation action for a call, the mitigation action being generated by an analyzer based on detecting a possible attack by the call, the information including a complexity level for administering an audio challenge-response test to the call; generate a script including variables for identifying a plurality of altered sound files for the audio challenge-response test, the altered sound files including one or more altered digit files and one or more inter-digit noise files, each altered digit file comprising a combination of clear voice sound of a digit and an amount of background noise added according to a signal-to-noise ratio of the complexity level, and each inter-digit noise file providing a variable spacing in the form of noise between the altered digit files; assign a routing label to the call, the routing label including one or more parameters for configuring the variables of the script according to the complexity level; and transmit the script and the routing label to the guardian module, wherein the guardian module is adapted to i) define the variables of the script to identify the plurality of altered sound files for the audio challenge-response test, and ii) administer the audio challenge-response test to the call based on the script, each altered sound file being randomly selected by the guardian module subject to the parameters of the routing label.
-
Specification