Methods, systems, and computer readable media for selective diameter topology hiding
US-2017012824-A1 · Jan 12, 2017 · US
Intra-carrier and inter-carrier network security system
US10547647B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10547647-B2 |
| Application number | US-201916260315-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 29, 2019 |
| Priority date | Jul 29, 2015 |
| Publication date | Jan 28, 2020 |
| Grant date | Jan 28, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to the second network or other aspects of the first network, or both. The attack alerts may be distributed dynamically with the second network via diameter based security protocol Rs. Such system and method may mitigate distributed malicious attacks by sharing destination internet protocol and bad international mobile subscriber identity information across carriers.
First claim
Opening claim text (preview).
We claim: 1. A system, comprising: a memory that stores instructions; and a processor that executes the instructions to perform operations, the operations comprising: analyzing internet traffic to determine an occurrence of an attack within a first network administered by a first carrier; blocking a portion of the internet traffic; and providing an attack alert to a second network administered by a second carrier, wherein the first and second carriers are different entities, wherein providing the attack alert further comprises providing the attack alert to the second network by causing an application function of the first network to transmit a security alert request to an application function in the second network, and wherein the security alert request is utilized to interrogate a policy and charging rules function of the second network to shut down a malicious internet protocol address associated with the internet traffic. 2. The system of claim 1 , wherein the operations further comprise initiating, by utilizing the application function of the first network, an unsolicited push request to a policy and charging rules function of the first network to facilitate blocking the portion of the internet traffic. 3. The system of claim 2 , wherein the operations further comprise sending an authentication authorization request to the policy and charging rules function of the first network to facilitate initiating the unsolicited push request. 4. The system of claim 1 , wherein the operations further comprise discovering the application function in the second network by utilizing a credit control request sent from the application function of the first network. 5. The system of claim 1 , wherein the operations further comprise generating the attack alert after determining the occurrence of the attack. 6. The system of claim 1 , wherein the operations further comprise providing the attack alert to an application function aggregator prior to providing the attack alert to the second network. 7. The system of claim 1 , wherein the operations further comprise providing the attack alert to the second network by utilizing diameter based security protocol. 8. The system of claim 1 , wherein the operations further comprise conducting signature and uniform resource locator monitoring on the internet traffic. 9. The system of claim 1 , wherein the operations further comprise interrogating a policy and charging rules function of the first network to obtain a list of malicious internal or external internet protocol addresses. 10. The system of claim 1 , wherein the operations further comprise analyzing the internet traffic by utilizing a deep packet inspection engine at an evolved packet core. 11. The system of claim 1 , wherein the operations further comprise initiating an Rs security protocol to send the attack alert to the second network. 12. The system of claim 1 , wherein the operations further comprise receiving a credit control answer from the application function in the second network in response to a credit control request. 13. A method, comprising: analyzing, by utilizing instructions from a memory that are executed by a processor, internet traffic to determine an occurrence of an attack within a first network administered by a first carrier; blocking a portion of the internet traffic; and providing an attack alert to a second network administered by a second carrier, wherein the first and second carriers are different entities, wherein providing the attack alert further comprises providing the attack alert to the second network by causing an application function of the first network to transmit a security alert request to an application function in the second network, and wherein the security alert request is utilized to interrogate a policy and charging rules function of the second network to shut down a malicious internet protocol address associated with the internet traffic. 14. The method of claim 13 , further comprising interrogating a policy and charging rules function of the first network to obtain a list of malicious internal or external internet protocol addresses. 15. The method of claim 13 , further comprising conducting signature and uniform resource locator monitoring on the internet traffic. 16. The method of claim 13 , further comprising discovering the application function in the second network by utilizing a credit control request sent from the application function of the first network. 17. The method of claim 13 , further comprising initiating, by utilizing the application function of the first network, an unsolicited push request to a policy and charging rules function of the first network to facilitate blocking the portion of the internet traffic. 18. The method of claim 17 , further comprising sending an authentication authorization request to the policy and charging rules function of the first network to facilitate initiating the unsolicited push request. 19. The method of claim 13 , further comprising receiving a credit control answer from the application function in the second network in response to a credit control request. 20. A non-transitory computer-readable device comprising instructions, which when executed by a processor, cause the processor to perform operations comprising: analyzing internet traffic to determine an occurrence of an attack within a first network administered by a first carrier; blocking a portion of the internet traffic; and transmitting an attack alert to a second network administered by a second carrier, wherein the first and second carriers are different entities, wherein transmitting the attack alert further comprises providing the attack alert to the second network by causing an application function of the first network to transmit a security alert request to an application function in the second network, and wherein the security alert request is utilized to interrogate a policy and charging rules function of the second network to shut down a malicious internet protocol address associated with the internet traffic.
Assignees
Inventors
Classifications
- H04L63/205Primary
involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved (negotiation of communication capabilities H04L69/24) · CPC title
Event detection, e.g. attack signature detection · CPC title
Rule management · CPC title
Denial of Service · CPC title
Traffic logging, e.g. anomaly detection · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10547647B2 cover?
- A system and method for identifying distributed attacks, such as, but not limited to, distributed denial of service attacks and botnet attacks, in a first network serviced by a first carrier and configured to alert a second network serviced by a second carrier that is different from the first carrier is disclosed. Once an attack has been identified, an attack alert is generated and provided to …
- Who is the assignee on this patent?
- At & T Ip I Lp
- What technology area does this patent fall under?
- Primary CPC classification H04L63/205. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Jan 28 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).