Systems to mitigate improper network usage are deployed in service provider networks, business data centers, etc., to detect abnormal, suspicious, questionable, disapproved, and/or fraudulent network usage associated with, for example, a customer's account, equipment, devices, etc. Early detection allows swift responsive action to mitigate the potential harm to the customer and/or the network caused by the improper, suspicious, questionable, disapproved, and/or fraudulent network usage. For example, if the detected questionable network usage is caused by account theft, device theft, network hijacking, etc., then early detection and quick responsive action can limit the damage, resource disruption, and/or financial loss to the customer and/or the service provider.
In Voice over Internet Protocol (VoIP) networks based on an IP Multimedia Subsystem (IMS), protecting the service infrastructure against application level attacks currently comprises Intrusion Detection Systems (IDSs), Intrusion Protection Systems (IPSs), Deep Packet Inspections (DPIs), and/or firewalls. IDSs monitor network traffic and/or protocols for inappropriate traffic, illegal activity, and/or constructs of malicious language (e.g., SQL) and can take automatic actions to block such activities. IPSs monitor network traffic and/or protocols for inappropriate traffic, illegal activity, and/or constructs of malicious language (e.g., SQL) and send traps to network operation control upon detection of such activities. DPIs examine data and/or header information within a packet as it passes an inspection point. DPIs may search for non-protocol compliance messages, viruses, span, and/or predefined criteria specified by a network operator. IPSs and IDSs typically include some DPI functionality. Firewalls are configured to prevent network access by unauthorized network users.