Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network
First Claim
Patent Images
1. A method comprising:
- accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics;
analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network are disclosed. An example method comprises receiving a communication session initiation message from a communication session endpoint, determining whether the communication session endpoint is associated with a probable DoS attack, and sending to the communication session endpoint a communication session initiation response message comprising a DoS header when the communication session endpoint is associated with the probable DoS attack.
31 Citations
20 Claims
-
1. A method comprising:
-
accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics; analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule; rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus comprising:
-
a memory comprising machine readable instructions; and a processor to execute the instructions to analyze a communication session request message based on the denial-of-service attack mitigation rule by; accessing the denial-of-service attack mitigation rule via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics; comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule; rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
-
-
15. A tangible machine readable storage device comprising instructions which, when executed, cause a machine to perform operations comprising:
-
accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics; analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule; rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification