Abstract: Methods and apparatus are provided for reliably delivering control messages to a central filter, for example, during a malicious attack, in one or more packet networks without requiring responses or acknowledgements from the central filter to the detector. A detector defends against unwanted traffic by a target victim by determining that unwanted traffic is received by the target victim based on an analysis of packets received from one or more source IP addresses; and transmitting a denunciation message to a central filter associated with a service provider, the denunciation message identifying a source address of at least one source computing device whose transmission of packets to the target victim is to be one or more of limited, dropped or allowed and wherein the denunciation message is transmitted using a Denunciation Protocol that does not require a prompt acknowledgement from the central filter.

Abstract: Methods and apparatus are provided for end-to-end security in heterogeneous networks. Hop-by-hop protection techniques ensure that each hop of a signaling path is satisfying one or more predefined security criteria. An end-to-end path is secured at each node by identifying a next hop in the end-to-end path; determining, in response to a received call setup request, if a vendor associated with the next hop in the end-to-end path has satisfied one or more predefined security criteria; and routing the call to the next hop if the vendor has satisfied the one or more predefined criteria. A look-up table can be used to determine whether a vendor has satisfied the one or more predefined security criteria. The look-up table can identify one or more of: (i) vendors that have achieved a predefined security rating; (ii) members in a predefined consortium or business group; and (iii) signatories to a predefined contract or technical specification.

Abstract: Methods and apparatus are provided for detecting unwanted traffic in one or more packet networks utilizing string analysis. Unwanted traffic received by a target victim, such as a malicious attack, is detected by maintaining a rule base identifying one or more string expressions; analyzing one or more error entries in a log file, the log file comprising one or more requests received by the target victim; determining if the one or more requests include a string that matches one or more of the string expressions in the rule base; and sending a denunciation message to a central filter if the one or more requests include a string that matches one or more of the string expressions in the rule base. The string expressions may comprise, for example, a string or a regular expression and can represent one or more resources that an attacker may attempt to access.

Abstract: A wireless communication system (20) includes a capacity allocation module (35) that adjusts an allocation of an authorized total capacity among a plurality of base stations (22, 24, 26). A disclosed example includes determining a peak capacity requirement for a plurality of base stations at any given time. An authorized capacity corresponds to the peak requirement for the plurality of base stations. The disclosed example includes adjusting an allocation of the authorized total capacity among the plurality of base stations to meet different traffic requirements at each of the base stations at different times.

Abstract: Methods and apparatus are provided for selectively overriding the blocking of traffic due to automated detection algorithms. A target victim can protect against unwanted traffic by maintaining a central filter identifying a source address of at least one source computing device whose transmission of packets to the target victim should be limited; maintaining an override filter listing at least one regular expression identifying one or more source computing devices whose transmission of packets to the target victim should be transmitted to the target victim; converting the source address to an address in a Domain Name Service format if the central filter indicates that the received at least one packet is received from the at least one source computing device; and transmitting the at least one packet to the target victim if the Domain Name Service format satisfies a regular expression appearing in the override filter.

Abstract: Methods and apparatus are provided for detecting unwanted traffic in one or more packet networks utilizing string analysis. Unwanted traffic received by a target victim, such as a malicious attack, is detected by maintaining a rule base identifying one or more string expressions; analyzing one or more error entries in a log file, the log file comprising one or more requests received by the target victim; determining if the one or more requests include a string that matches one or more of the string expressions in the rule base; and sending a denunciation message to a central filter if the one or more requests include a string that matches one or more of the string expressions in the rule base. The string expressions may comprise, for example, a string or a regular expression and can represent one or more resources that an attacker may attempt to access.

Abstract: Methods and apparatus are provided for reliably delivering control messages to a central filter, for example, during a malicious attack, in one or more packet networks without requiring responses or acknowledgements from the central filter to the detector. A detector defends against unwanted traffic by a target victim by determining that unwanted traffic is received by the target victim based on an analysis of packets received from one or more source IP addresses; and transmitting a denunciation message to a central filter associated with a service provider, the denunciation message identifying a source address of at least one source computing device whose transmission of packets to the target victim is to be one or more of limited, dropped or allowed and wherein the denunciation message is transmitted using a Denunciation Protocol that does not require a prompt acknowledgement from the central filter.