US 12,267,342 B2
Fraud or distributed denial of service (DDoS) protection for session initiation protocol (SIP)-based communication
Adam Uzelac, Rochester, NY (US); Ronnie Bailey, Lakewood, CO (US); and Craig Richter, Marlboro, NY (US)
Assigned to Level 3 Communications, LLC, Denver, CO (US)
Filed by Level 3 Communications, LLC, Denver, CO (US)
Filed on Mar. 20, 2024, as Appl. No. 18/611,189.
Application 18/611,189 is a continuation of application No. 17/410,214, filed on Aug. 24, 2021, granted, now 11,943,239.
Claims priority of provisional application 63/226,515, filed on Jul. 28, 2021.
Prior Publication US 2024/0259403 A1, Aug. 1, 2024
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 29/00 (2006.01); H04L 9/40 (2022.01); H04L 65/1104 (2022.01)
CPC H04L 63/1416 (2013.01) [H04L 63/1425 (2013.01); H04L 63/1458 (2013.01); H04L 63/1466 (2013.01); H04L 65/1104 (2022.05)] 16 Claims
OG exemplary drawing
 
1. A method, comprising:
receiving, using a computing system and from a first router among a plurality of routers in a network, first session initiation protocol (“SIP”) data, the first SIP data indicating a request to initiate a SIP-based media communication session between a calling party at a source address in an originating network and a called party at a destination address in the network;
analyzing, using the computing system, the received first SIP data to determine whether the received first SIP data comprises any abnormalities indicative of potential fraudulent or malicious actions;
based on a determination that the received first SIP data comprises at least one abnormality indicative of potential fraudulent or malicious actions, rerouting, using the computing system, the first SIP data to a security deep packet inspection (“DPI”) engine;
performing, using the security DPI engine, a deep scan of the received first SIP data to identify any known fraudulent or malicious attack vectors contained within the received first SIP data and to determine whether the calling party is a known malicious entity or whether the source address is associated with a known malicious entity; and
in response to the security DPI engine identifying at least one known fraudulent or malicious attack vector contained within the received first SIP data, initiating one or more mitigation actions,
wherein rerouting the first SIP data to the security DPI engine comprises sending, using the computing system, routing updates to one or more routers, via a provisioning layer of the network, to route the first SIP data from the source address, wherein the routing updates are constructed such that latency is minimized, available capacity of the security DPI engine is taken into account, and there is no single points of failure.