Methods and systems for handling malicious attacks in a wireless communication system

US 9,344,894 B2
Filed: 02/10/2014
Issued: 05/17/2016
Est. Priority Date: 02/10/2014
Status: Active Grant

First Claim

Patent Images

1. A method for handling malicious attacks, comprisingidentifying, at a wireless device, packets received from a malicious source based at least in part on the packets received by the wireless device from the malicious source changing a state of the wireless device from a dormant state to a connected state;

selectively disconnecting the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of the packets identified as received from the malicious source changing the state of the wireless device reaches a threshold number within a monitoring period; and

reconnecting the wireless device to the PDN using a second IP address that is different from the first IP address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Certain aspects of the present disclosure relate to methods and apparatuses for handling malicious attacks. In one aspect, the methods and apparatuses are configured to identify packets received from a malicious source based at least in part on packets received by a wireless device that change a state of the wireless device from a dormant state to a connected state, selectively disconnect the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of packets identified as received from the malicious source reaches a threshold number within a monitoring period, and reconnect the wireless device to the PDN using a second IP address that is different from the first IP address. In another aspect, a connection to an IP Multimedia Subsystem (IMS) PDN is maintained after the PDN is disconnected.

14 Citations

View as Search Results

30 Claims

1. A method for handling malicious attacks, comprisingidentifying, at a wireless device, packets received from a malicious source based at least in part on the packets received by the wireless device from the malicious source changing a state of the wireless device from a dormant state to a connected state;
- selectively disconnecting the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of the packets identified as received from the malicious source changing the state of the wireless device reaches a threshold number within a monitoring period; and
  
  reconnecting the wireless device to the PDN using a second IP address that is different from the first IP address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein the first IP address comprises a public IP address.
  - 3. The method of claim 1, further comprising maintaining a connection between the wireless device and an IP Multimedia Subsystem (IMS) PDN after the PDN has been disconnected from the wireless device.
  - 4. The method of claim 3, wherein a third IP address is used to connect the wireless device to the IMS PDN.
  - 5. The method of claim 1, wherein selectively disconnecting the wireless device from the PDN comprises:
    - determining a number of applications on the wireless device that use the first IP address for communications; and
      
      disconnecting the wireless device from the PDN when a determination is made that only a single application on the wireless device uses the first IP address for communications.
  - 6. The method of claim 5, further comprising maintaining a connection between the wireless device and the PDN when a determination is made that more than one application on the wireless device uses the first IP address for communications.
  - 7. The method of claim 1, wherein at least one of the packets identified as received from the malicious source changing the state of the wireless device comprises one of a Transmission Control Protocol Synchronize (TCP SYN) packet, a User Datagram Protocol (UDP) packet, or an Internet Control Message Protocol (ICMP) packet.
  - 8. The method of claim 1, further comprising setting a counter corresponding to the number of packets identified as received from the malicious source changing the state of the wireless device to zero when the monitoring period expires.
  - 9. The method of claim 1, wherein the duration of the monitoring period is configurable.
  - 10. The method of claim 1, wherein the threshold number is configurable.
  - 11. The method of claim 1, further comprising generating a report comprising information of one or more characteristics of the malicious source, wherein the report is provided to a server.
  - 12. The method of claim 11, wherein the information of one or more characteristics of the malicious source comprises information of the first IP address used to connect the wireless device to the PDN.
  - 13. The method of claim 11, wherein the information of one or more characteristics of the malicious source comprises information of a port number used by the malicious source.
  - 14. The method of claim 11, wherein the information of one or more characteristics of the malicious source comprises information of a protocol type used by the malicious source.

15. A computer program product for handling malicious attacks, comprising:
- a non-transitory computer-readable medium comprising;
  
  code for causing a wireless device to identify packets received from a malicious source based at least in part on the packets received by the wireless device from the malicious source changing a state of the wireless device from a dormant state to a connected state;
  
  code for causing the wireless device to selectively disconnect the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of the packets identified as received from the malicious source changing the state of the wireless device reaches a threshold number within a monitoring period; and
  
  code for causing the wireless device to reconnect to the PDN using a second IP address that is different from the first IP address.

16. An apparatus for handling malicious attacks, the apparatus comprising:
- means for identifying, at a wireless device, packets received from a malicious source based at least in part on the packets received by the wireless device from the malicious source changing a state of the wireless device from a dormant state to a connected state;
  
  means for selectively disconnecting the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of the packets identified as received from the malicious source changing the state of the wireless device reaches a threshold number within a monitoring period; and
  
  means for reconnecting the wireless device to the PDN using a second IP address that is different from the first IP address.

17. A wireless device for handling malicious attacks, the wireless device comprising:
- at least one processor, wherein the at least one processor is configured toidentify packets received from a malicious source based at least in part on the packets received by the wireless device from the malicious source changing a state of the wireless device from a dormant state to a connected state;
  
  selectively disconnect the wireless device from a packet data network (PDN) by releasing a first Internet Protocol (IP) address used to connect the wireless device to the PDN when a number of the packets identified as received from the malicious source changing the state of the wireless device reaches a threshold number within a monitoring period; and
  
  reconnect the wireless device to the PDN using a second IP address that is different from the first IP address.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 18. The wireless device of claim 17, wherein the first IP address comprises a public IP address.
  - 19. The wireless device of claim 17, wherein the at least one processor is configured to maintain a connection between the wireless device and an IP Multimedia Subsystem (IMS) PDN after the PDN has been disconnected from the wireless device.
  - 20. The wireless device of claim 19, wherein a third IP address is used to connect the wireless device to the IMS PDN.
  - 21. The wireless device of claim 17, wherein selectively disconnecting the wireless device from the PDN comprises:
    - determining a number of applications on the wireless device that use the first IP address for communications; and
      
      disconnecting the wireless device from the PDN when a determination is made that only a single application on the wireless device uses the first IP address for communications.
  - 22. The wireless device of claim 21, wherein the at least one processor is configured to maintain a connection between the wireless device and the PDN when a determination is made that more than one application on the wireless device uses the first IP address for communications.
  - 23. The wireless device of claim 17, wherein at least one of the packets identified as received from the malicious source changing the state of the wireless device comprises one of a Transmission Control Protocol Synchronize (TCP SYN) packet, a User Datagram Protocol (UDP) packet, or an Internet Control Message Protocol (ICMP) packet.
  - 24. The wireless device of claim 17, further comprising setting a counter corresponding to the number of packets identified as received from the malicious source changing the state of the wireless device to zero when the monitoring period expires.
  - 25. The wireless device of claim 17, wherein the duration of the monitoring period is configurable.
  - 26. The wireless device of claim 17, wherein the threshold number is configurable.
  - 27. The wireless device of claim 17, wherein the at least one processor is configured to generate a report comprising information of one or more characteristics of the malicious source, wherein the report is provided to a server.
  - 28. The wireless device of claim 27, wherein the information of one or more characteristics of the malicious source comprises information of the first IP address used to connect the wireless device to the PDN.
  - 29. The wireless device of claim 27, wherein the information of one or more characteristics of the malicious source comprises information of a port number used by the malicious source.
  - 30. The wireless device of claim 27, wherein the information of one or more characteristics of the malicious source comprises information of a protocol type used by the malicious source.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Qualcomm, Inc.
Inventors
Sahu, Debesh Kumar, Devnani, Vishvadeep Gopalbhai, Kotha, Bala Krishna, Bajaj, Ashish
Primary Examiner(s)
Ho, Huy C

Application Number

US14/176,784
Publication Number

US 20150230091A1
Time in Patent Office

827 Days
Field of Search

455/410
US Class Current

1/1
CPC Class Codes

H04L 43/18   Protocol analysers

H04L 61/5007   Internet protocol [IP] addr...

H04L 63/1441   Countermeasures against mal...

H04W 12/08   Access security

H04W 12/10   Integrity

H04W 12/12   Detection or prevention of ...

H04W 12/125   Protection against power ex...

Y02D 30/70   in wireless communication n...

Methods and systems for handling malicious attacks in a wireless communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for handling malicious attacks in a wireless communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links