| 主权项 |
1. A method of operating elements of a communications system to detect and mitigate network attacks in a VoIP network, said elements including a gateway, an analyzer and a guardian module, the method comprising:
receiving, by the gateway, via the VOIP network, an incoming call and associated signaling; transmitting, from the gateway to the analyzer, a call detail record (CDR) for the incoming call; maintaining in memory, by the analyzer, a plurality of adaptable profiles that capture statistical and behavioral properties of call detail records (CDRs) associated with a plurality of received calls in the VOIP network; maintaining in memory, by the analyzer, a plurality of reference profiles that reflect normal call behavior corresponding to the plurality of adaptable profiles; updating, by the analyzer, an adaptable profile from the plurality of adaptable profiles based on the CDR of the incoming call; comparing, by the analyzer, the updated adaptable profile with a corresponding reference profile from the plurality of reference profiles; determining, by the analyzer, if an anomaly indicative of a network attack exists based on the comparing using multivariate analysis; and when said analyzer determines that an anomaly exists indicative of a network attack:
generating, by the analyzer, an alarm corresponding to the incoming call indicative of the network attack;transmitting, by the analyzer, to a rules engine, the alarm indicative of the network attack to determine a mitigation action for the incoming call; anddetermining by the rules engine one or more mitigation actions for the incoming call, said one or more mitigation actions including a first mitigation action comprising rerouting the incoming call to the guardian module to receive an audio challenge-response test, wherein a complexity level of the test is determined based on the alarm. |
