Mitigating the impact from Internet attacks in a RAN using Internet transport

US 10,050,992 B2
Filed: 02/09/2015
Issued: 08/14/2018
Est. Priority Date: 02/09/2015
Status: Active Grant

First Claim

Patent Images

1. A method, performed in a network node in a Core network (CN), of mitigating impacts from Internet attacks in a Radio Access Network (RAN) using Internet transport, the method comprising:

receiving, from at least a network node in the RAN, an intrusion detection report, the intrusion detection report comprising information about an Internet attack in the RAN;

selecting based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service level; and

performing the selected mitigation action to mitigate the impact on the RAN service level.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to methods and devices for mitigating the impact from Internet attacks in a Radio Access Network, RAN, using Internet transport. This object is obtained by a method performed in network node in a Core network, CN, of mitigating the impact from Internet attacks in a Radio Access Network, RAN, using Internet transport. The method comprises receiving, from at least a network node in a Radio Access Network, RAN, an intrusion detection report, the intrusion detection report comprises information about an Internet attack in the RAN. The method further comprises selecting based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service level. Further the method comprises performing the selected mitigation action to mitigate the impact on the RAN service level.

Citations

39 Claims

1. A method, performed in a network node in a Core network (CN), of mitigating impacts from Internet attacks in a Radio Access Network (RAN) using Internet transport, the method comprising:
- receiving, from at least a network node in the RAN, an intrusion detection report, the intrusion detection report comprising information about an Internet attack in the RAN;
  
  selecting based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service level; and
  
  performing the selected mitigation action to mitigate the impact on the RAN service level.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the intrusion detection report further comprises at least one suggested mitigation action.
  - 3. The method of claim 1, wherein the attacked network node is the network node itself or any neighboring network node.
  - 4. The method of claim 1, wherein the selected mitigation action comprises that a Mobility Management Entity (MME) will reject all handover requests towards an attacked network node.
  - 5. The method of claim 4, wherein the selected mitigation action further comprises a timer-value defining the validity time for the mitigation action.
  - 6. The method of claim 4, wherein the selected mitigation action further comprises the MME transmitting information to a Packet Data Network Gateway (S/PGW) to schedule less traffic to a network node in the RAN affected by the Internet attack.
  - 7. The method of claim 1, wherein the network node is an MME core-node having received the intrusion detection report over a S1-C interface.
  - 8. The method of claim 1 wherein the network node is a SGSN core-node having received the intrusion detection report over a Iu-PS interface.
  - 9. The method of claim 1, wherein the network node is a MSC core-node having received the intrusion detection report over a Iu-CS interface.
  - 10. The method of claim 1, wherein the network node is a SGSN core-node having received the intrusion detection report over a Gb interface.
  - 11. The method of claim 1, wherein the network node is a MSC core-node having received the intrusion detection report over an A interface.

12. A method, performed in a network node in a Radio Access Network (RAN) using Internet transport, wherein the RAN is connected to a Core Network (CN), of mitigating impacts from Internet attacks, the method comprising:
- obtaining intrusion detection information informing the network node that the RAN is under attack;
  
  compiling, based on the intrusion detection information, an intrusion detection report, the intrusion detection report comprising information about the Internet attack;
  
  transmitting the intrusion detection report to the CN.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
- - 13. The method of claim 12, wherein the intrusion detection report further comprises at least one suggested mitigation action.
  - 14. The method of claim 12, wherein the obtaining comprises receiving the intrusion detection information from an Intrusion Detection System (IDS).
  - 15. The method of claim 14, wherein the IDS is located within the network node.
  - 16. The method of claim 12, wherein the intrusion detection report is transmitted to a SGSN in the CN over an Iu-PS interface.
  - 17. The method of claim 12, wherein the intrusion detection report is transmitted to a SGSN in the CN over an Gb interface.
  - 18. The method of claim 12, wherein the intrusion detection report is transmitted to a MSC over an Iu-CS interface.
  - 19. The method of claim 12, wherein the intrusion detection report is transmitted to the MSC over an A interface.

20. A non-transitory computer-readable storage medium, having stored thereupon a computer program that, when run in a network node in a Core network (CN), causes the network node to of mitigate impacts from Internet attacks in a Radio Access Network (RAN) using Internet transport, by:
- receiving, from at least a network node in the RAN, an intrusion detection report, the intrusion detection report comprising information about an Internet attack in the RAN;
  
  selecting based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service level; and
  
  performing the selected mitigation action to mitigate the impact on the RAN service level.

21. A non-transitory computer-readable storage medium, having stored thereupon a computer program that, when run in a network node in a Radio Access Network (RAN) using Internet transport, wherein the RAN is connected to a Core Network (CN), causes the network node to mitigating impacts from Internet attacks, by:
- obtaining intrusion detection information informing the network node that the RAN is under attack;
  
  compiling, based on the intrusion detection information, an intrusion detection report, the intrusion detection report comprising information about the Internet attack;
  
  transmitting the intrusion detection report to the CN.

22. A network node in a Core network (CN) in a Radio Access Network (RAN) using Internet transport, the network node comprising a processor and a memory, said memory containing instructions executable by said processor whereby said network node is configured to:
- receive, from at least one network node, an intrusion detection report, the intrusion detection report comprises information about an Internet attack in the RAN;
  
  select based on the information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service level; and
  
  perform the selected mitigation action to mitigate the impact on the RAN service level.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30)
- - 23. The network node of claim 22, wherein the intrusion detection report further comprises at least one suggested mitigation action.
  - 24. The network node of claim 22, wherein the attacked network node is the network node itself or any neighboring network node.
  - 25. The network node of claim 22, wherein the selected mitigation action comprises that a Mobility Management Entity (MME) will reject all handover requests towards the attacked network node.
  - 26. The network node of claim 22, wherein the network node is MME core-node having received the intrusion detection report over a S1-C interface.
  - 27. The network node of claim 22, wherein the network node is a SGSN core-node having received the intrusion detection report over a Iu-PS interface.
  - 28. The network node of claim 22, wherein the network node is a MSC core-node having received the intrusion detection report over a Iu-CS interface.
  - 29. The network node of claim 22, wherein the network node is a SGSN core-node having received the intrusion detection report over a Gb interface.
  - 30. The network node of claim 22, wherein the network node is a MSC core-node having received the intrusion detection report over an A interface.

31. A network node in a Radio Access Network (RAN) using Internet transport, wherein the RAN is connected to a Core Network (CN), the network node comprising a processor and a memory, said memory containing instructions executable by said processor whereby said network node is configured to:
- obtain intrusion detection information informing the network node that the RAN is under attack;
  
  compile, based on the intrusion detection information, an intrusion detection report, the intrusion detection report comprising information about the Internet attack;
  
  transmit the intrusion detection report to the CN.
- View Dependent Claims (32, 33, 34, 35, 36, 37, 38, 39)
- - 32. The network node of claim 31, wherein the intrusion detection report further comprises at least one suggested mitigation action.
  - 33. The network node of claim 31, wherein the obtaining comprises receiving the intrusion detection information from an Intrusion Detection System (IDS).
  - 34. The network node of claim 33, wherein the IDS is located within the network node.
  - 35. The network node of claim 31, wherein the intrusion detection report is transmitted to a SGSN over an Iu-PS interface.
  - 36. The network node of claim 31, wherein the intrusion detection report is transmitted to the SGSN over an Gb interface.
  - 37. The network node of claim 31, wherein the intrusion detection report is transmitted to a MSC over an Iu-CS interface.
  - 38. The network node of claim 31, wherein the intrusion detection report is transmitted to the MSC over an A interface.
  - 39. The network node of claim 31, wherein the intrusion detection report is transmitted to a Mobility Management Entity (MME) over an S1-C interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Thyni, Tomas, Forsman, Mats, Ullerstig, Mats
Primary Examiner(s)
Kanaan, Simon P

Application Number

US14/427,649
Publication Number

US 20160234248A1
Time in Patent Office

1,282 Days
Field of Search
US Class Current
CPC Class Codes

H04L 63/0227   Filtering policies mail mes...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 63/1458   Denial of Service

H04W 12/122   Counter-measures against at...

H04W 36/0079   in case of hand-off failure...

H04W 84/04   Large scale networks; Deep ...

Mitigating the impact from Internet attacks in a RAN using Internet transport

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

39 Claims

Specification

Solutions

Use Cases

Quick Links

Mitigating the impact from Internet attacks in a RAN using Internet transport

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

39 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links