Message flooding prevention in messaging networks
First Claim
1. A messaging system comprising:
- at least one message interceptor node having a processor and ports adapted to receive messages at a point in a communications network,at least one flood detect node, having a processor adapted to;
extract data from a message,generate at least one code from the extracted data, and save said code to a database,compare the code or codes with one or more previous codes, anddetermine according to the comparison if the received message is suspected to be a flooding message,wherein said processor is adapted to perform said comparing and processing steps by;
providing a set of a fixed number of data buckets, each said bucket having an associated code, a fill parameter value, a time stamp indicating the last time it was incremented, a leak rate indicating a decrease in the fill parameter with time, and an identifier of an associated flood detect algorithm,selecting a bucket according to the generated code,incrementing a fill parameter of the selected bucket,determining suspicion of flooding by executing the associated flood detection algorithm, andsaving flood-detection data to persistent memory if there is suspected flooding,wherein at least one flood detect node is adapted to perform a first level detection to select a fixed number of buckets, to execute said flood detection algorithm for each bucket to detect flooding, and to execute an empty/cleanest bucket selection algorithm to select a bucket for updating a count, andwherein at least one flood detect node is adapted to perform a second level detection only for those buckets whose activity during detection is above a certain threshold.
1 Assignment
0 Petitions
Accused Products
Abstract
A message flooding prevention system (1) has multiple interceptors (2, 3, 4), each with an interceptor unit linked with an RCS server, and SMSC, or an MMSC. The interceptors (2, 3, 4) are connected to flood detect nodes (10) for receiving messages at a point in a communications network, extracting data from a message, generating at least one code from extracted data, and comparing the code or codes with one or more previous codes. The flood detect nodes (10) determine according to the comparison if the received message is suspected to be a flooding message and if so, performs code generation including hashing. The flood detect nodes (10) save the code to one of a set of database buckets (21), each bucket being associated with a code, and select a bucket according to the generated code, and increment a fill parameter of the selected bucket.
-
Citations
17 Claims
-
1. A messaging system comprising:
-
at least one message interceptor node having a processor and ports adapted to receive messages at a point in a communications network, at least one flood detect node, having a processor adapted to; extract data from a message, generate at least one code from the extracted data, and save said code to a database, compare the code or codes with one or more previous codes, and determine according to the comparison if the received message is suspected to be a flooding message, wherein said processor is adapted to perform said comparing and processing steps by; providing a set of a fixed number of data buckets, each said bucket having an associated code, a fill parameter value, a time stamp indicating the last time it was incremented, a leak rate indicating a decrease in the fill parameter with time, and an identifier of an associated flood detect algorithm, selecting a bucket according to the generated code, incrementing a fill parameter of the selected bucket, determining suspicion of flooding by executing the associated flood detection algorithm, and saving flood-detection data to persistent memory if there is suspected flooding, wherein at least one flood detect node is adapted to perform a first level detection to select a fixed number of buckets, to execute said flood detection algorithm for each bucket to detect flooding, and to execute an empty/cleanest bucket selection algorithm to select a bucket for updating a count, and wherein at least one flood detect node is adapted to perform a second level detection only for those buckets whose activity during detection is above a certain threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A message processing method performed by a messaging system comprising at least one message interceptor node having a processor and ports adapted to receive messages at a point in a communications network, and at least one flood detect node, the method comprising the steps of:
-
extracting data from a message, generating at least one code from the extracted data, and saving said code to a database, comparing the code or codes with one or more previous codes, and determining according to the comparison if the received message is suspected to be a flooding message, wherein said comparing and processing steps include; providing a set of a fixed number of data buckets, each said bucket having an associated code, a fill parameter value, a time stamp indicating the last time it was incremented, a leak rate indicating a decrease in the fill parameter with time, and an identifier of an associated flood detect algorithm, selecting a bucket according to the generated code, incrementing a fill parameter of the selected bucket, determining suspicion of flooding by executing the associated flood detection algorithm, and saving flood-detection data to persistent memory if there is suspected flooding, wherein at least one flood detect node performs a first level detection to select a fixed number of buckets, executes a token-bucket algorithm for each bucket to detect flooding, and executes an empty/cleanest bucket selection algorithm to select a bucket for updating a count, and wherein at least one flood detect node performs a second level detection only for those buckets whose activity during detection is above a certain threshold. - View Dependent Claims (15, 16)
-
-
17. A non-transitory computer readable medium comprising software code adapted to perform the following message processing method when executing on a digital processor:
-
extracting data from a received message, generating at least one code from the extracted data, and saving said code to a database, comparing the code or codes with one or more previous codes, and determining according to the comparison if the received message is suspected to be a flooding message, wherein, said comparing and processing steps include; providing a set of a fixed number of data buckets, each said bucket having an associated code, a fill parameter value, a time stamp indicating the last time it was incremented, a leak rate indicating a decrease in the fill parameter with time, and an identifier of an associated flood detect algorithm, selecting a bucket according to the generated code, incrementing a fill parameter of the selected bucket, determining suspicion of flooding by executing the associated flood detection algorithm, and saving flood-detection data to persistent memory if there is suspected flooding, wherein at least one flood detect node performs a first level detection to select a fixed number of buckets, executes a token-bucket algorithm for each bucket to detect flooding, and executes an empty/cleanest bucket selection algorithm to select a bucket for updating a count, and wherein at least one flood detect node performs a second level detection only for those buckets whose activity during detection is above a certain threshold.
-
Specification