Methods, systems, and computer readable media for selective diameter topology hiding
US-2017012824-A1 · Jan 12, 2017 · US
Intra-carrier and inter-carrier network security system
US10230767B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10230767-B2 |
| Application number | US-201514812656-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 29, 2015 |
| Priority date | Jul 29, 2015 |
| Publication date | Mar 12, 2019 |
| Grant date | Mar 12, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.
First claim
Opening claim text (preview).
We claim: 1. A method, comprising: analyzing, by utilizing instructions from a memory that are executed by a processor, internet traffic to determine an occurrence of an attack within a first network administered by a first carrier; initiating, by utilizing an application function of the first network, an unsolicited push request to a policy and charging rules function of the first network to block a portion of the internet traffic associated with local internet protocol addresses, wherein the unsolicited push request is initiated by sending an authentication authorization request to the policy and charging rules function of the first network to block the portion of the internet traffic; discovering, by utilizing a credit control request sent from the application function of the first network, an application function in a second network administered by a second carrier, wherein the application function in the second network is discovered based on a credit control answer received from the application function in the second network in response to the credit control request; generating an attack alert when the attack is identified; providing the attack alert; and wherein providing the attack alert comprises providing the attack alert to the second network administered by the second carrier, whereby the first and second carriers are different entities, wherein providing the attack alert further comprises providing the attack alert to the second network by causing the application function of the first network to transmit a security alert request to the application function in the second network, wherein the security alert request is utilized to interrogate a policy and charging rules function of the second network to shut down a malicious internet protocol address of the local internet protocol addresses. 2. The method of claim 1 , wherein providing the attack alert comprises providing the attack alert to other aspects of the first network administered by the first carrier. 3. The method of claim 2 , wherein providing the attack alert to the second network administered by the second carrier comprises providing the attack alert via diameter based security protocol. 4. The method of claim 1 , wherein analyzing the internet traffic to determine the occurrence of the attack within the first network administered by the first carrier comprises analyzing the internet traffic via a deep packet inspection engine at an evolved packet core within the first network. 5. The method of claim 1 , wherein analyzing the internet traffic to determine the occurrence of the attack within the first network administered by the first carrier comprises interrogating the policy and charging rules function of the first network by the application function to analyze protocol addresses. 6. The method of claim 5 , wherein interrogating the policy and charging rules function of the first network by the application function to analyze the protocol addresses comprises analyzing local internet protocol addresses and remote internet protocol addresses. 7. The method of claim 1 , wherein providing the attack alert comprises initiating, via the application function within the first network, a Rs security protocol to send the attack alert to the second network. 8. The method of claim 7 , wherein the attack alert is sent from the application function to an application function aggregator within the first network. 9. The method of claim 8 , wherein the attack alert is sent from the application function aggregator to the second network. 10. The method of claim 9 , wherein the attack alert is sent from the application function aggregator in the first network to the application function in the second network. 11. The method of claim 1 , wherein providing the attack alert comprises providing the attack alert including a malicious international mobile subscriber identity. 12. A system, comprising: a memory that stores instructions; and a processor that executes the instructions to perform operations, the operations comprising: analyzing internet traffic to determine an occurrence of an attack within a first network administered by a first carrier; initiating, by utilizing an application function of the first network, an unsolicited push request to a policy and charging rules function of the first network to block a portion of the internet traffic associated with local internet protocol addresses, wherein the unsolicited push request is initiated by sending an authentication authorization request to the policy and charging rules function of the first network to block the portion of the internet traffic; discovering, by utilizing a credit control request sent from the application function of the first network, an application function in a second network administered by a second carrier, wherein the application function in the second network is discovered based on a credit control answer received from the application function in the second network in response to the credit control request; generating an attack alert when the attack is identified; providing the attack alert; and wherein providing the attack alert comprises providing the attack alert to the second network administered by the second carrier, whereby the first and second carriers are different entities, wherein providing the attack alert further comprises providing the attack alert to the second network by causing the application function of the first network to transmit a security alert request to the application function in the second network, wherein the security alert request is utilized to interrogate a policy and charging rules function of the second network to shut down a malicious internet protocol address of the local internet protocol addresses. 13. The system of claim 12 , wherein the operation of providing the attack alert to the second network administered by the second carrier is further provided via diameter based security protocol. 14. The system of claim 12 , wherein the operation of analyzing the internet traffic to determine the occurrence of the attack within the first network administered by the first carrier further comprises analyzing the internet traffic via a deep packet inspection engine at an evolved packet core within the first network. 15. The system of claim 12 , wherein the operation of analyzing the internet traffic to determine the occurrence of the attack within the first network administered by the first carrier further comprises interrogating the policy and charging rules function of the first network by the application function to analyze protocol addresses. 16. The system of claim 15 , wherein the operation of interrogating the policy and charging rules function of the first network by the application function to analyze the protocol addresses further comprises analyzing local internet protocol addresses and remote internet protocol addresses. 17. The system of claim 12 , wherein the operation of providing the attack alert further comprises initiating, via the application function within the first network, an Rs security protocol to send the attack alert to the second network. 18. The system of claim 17 , wherein the attack alert is sent from the application function to an application function aggregator within the first network and is sent from the application function aggregator to the second network. 19. The system of claim 18 , wherein the attack alert is sent from the application function aggregator in the first network to the application function in the second network.
Assignees
Inventors
Classifications
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Rule management · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Event detection, e.g. attack signature detection · CPC title
Denial of Service · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10230767B2 cover?
- A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to …
- Who is the assignee on this patent?
- At & T Ip I Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 12 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).