Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

US 8,973,150 B2
Filed: 02/08/2013
Issued: 03/03/2015
Est. Priority Date: 05/21/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A method comprising:

accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics;

analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;

rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and

allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus to mitigate a Denial-of-Service (DoS) attack in a voice over Internet protocol (VoIP) network are disclosed. An example method comprises receiving a communication session initiation message from a communication session endpoint, determining whether the communication session endpoint is associated with a probable DoS attack, and sending to the communication session endpoint a communication session initiation response message comprising a DoS header when the communication session endpoint is associated with the probable DoS attack.

31 Citations

20 Claims

1. A method comprising:
- accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics;
  
  analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. A method as defined in claim 1, further comprising receiving a session initiation protocol SUBSCRIBE message from the attack mitigator.
  - 3. A method as defined in claim 1, further comprising:
    - receiving a communication session request message from a calling endpoint; and
      
      updating the call initiation rates statistics based on the communication session request message.
  - 4. A method as defined in claim 1, wherein the session initiation protocol NOTIFY message comprises extensible markup language text that represents the denial-of-service attack mitigation rule.
  - 5. A method as defined in claim 1, wherein the first parameter of the session initiation protocol request comprises a phone number and the second parameter of the denial of service attack mitigation rule comprises the phone number.
  - 6. A method as defined in claim 1, further comprising computing a cryptographic hash for an authentication header of the session initiation protocol NOTIFY message, the hash computed based on the denial-of-service attack mitigation rule.

7. An apparatus comprising:
- a memory comprising machine readable instructions; and
  
  a processor to execute the instructions to analyze a communication session request message based on the denial-of-service attack mitigation rule by;
  
  accessing the denial-of-service attack mitigation rule via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics;
  
  comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. An apparatus as defined in claim 7, further comprising a network interface to receive a session initiation protocol SUBSCRIBE message from an attack mitigator, wherein the session initiation protocol SUBSCRIBE message enables a notifier to send the session initiation protocol NOTIFY message to the attack mitigator.
  - 9. An apparatus as defined in claim 7, further comprising a call statistics collector to update call initiation statistics associated with respective ones of communication endpoints in a denial-of-service database in response to received communication session request information, wherein a call statistics analyzer is to determine a value representative of a likelihood that a denial-of-service attack is occurring using the denial-of-service database.
  - 10. An apparatus as defined in claim 9, wherein the communication session request information is received in a session initiation protocol INVITE message.
  - 11. An apparatus as defined in claim 7, wherein the session initiation protocol NOTIFY message comprises extensible markup language text that represents the denial-of-service attack mitigation rule.
  - 12. An apparatus as defined in claim 11, wherein the session initiation protocol NOTIFY message further comprises an authentication header containing a cryptographic hash computed based on the denial-of-service attack mitigation rule.
  - 13. An apparatus as defined in claim 7, wherein the instructions cause the processor to determine a value representative of a likelihood that a denial-of-service attack is occurring by:
    - computing a sum of a first call initiation rate associated with a first endpoint and a second call initiation rate associated with a second endpoint, andcomparing the sum to a threshold.
  - 14. An apparatus as defined in claim 7, wherein the first parameter of the session initiation protocol request comprises a phone number and the second parameter of the denial-of-service attack mitigation rule comprises the phone number.

15. A tangible machine readable storage device comprising instructions which, when executed, cause a machine to perform operations comprising:
- accessing a denial-of-service attack mitigation rule received via a session initiation protocol NOTIFY message, the denial-of-service attack mitigation rule based on call initiation rate statistics;
  
  analyzing a communication session request message based on the denial-of-service attack mitigation rule by comparing a first parameter of the communication session request message to a second parameter of the denial-of-service attack mitigation rule;
  
  rejecting the communication session request message by sending a session initiation protocol 5XX message to a calling device associated with the communication session request message when the first and second parameters match; and
  
  allowing the communication session request message by forwarding the communication session request message to an Internet protocol multimedia subsystem core when the first and second parameters do not match.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A machine readable storage device as defined in claim 15, wherein the operations further comprise receiving a session initiation protocol SUBSCRIBE message from an attack mitigator.
  - 17. A machine readable storage device as defined in claim 15, wherein the operations further comprise:
    - receiving a communication session request message from a calling endpoint; and
      
      updating the call initiation rates statistics based on the communication session request message.
  - 18. A machine readable storage device as defined in claim 15, wherein the operations further comprise identifying the first parameter of the session initiation protocol request as a phone number and identifying the second parameter of the denial of service attack mitigation rule as the phone number.
  - 19. A machine readable storage device as defined in claim 15, wherein the operations further comprise computing a cryptographic hash for an authentication header of the session initiation protocol NOTIFY message, the hash computed based on the denial-of-service attack mitigation rule.
  - 20. A machine readable storage device as defined in claim 15, wherein the operations further comprise applying extensible markup language text in the session initiation protocol NOTIFY message that represents the denial-of-service attack mitigation rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Original Assignee
AT&T Intellectual Property I LP (AT&T, Inc.)
Inventors
Jackson, James, Yasrebi, Mehrad
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US13/762,780
Publication Number

US 20130152214A1
Time in Patent Office

753 Days
Field of Search

726/26
US Class Current

726/26
CPC Class Codes

H04L 63/1458 Denial of Service

Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

31 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and apparatus to mitigate a denial-of-service attack in a voice over internet protocol network

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

31 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links