Method for malicious traffic recognition in IP networks with subscriber identification and notification
First Claim
1. A method for recognizing malicious traffic in a mobile network comprising:
- identifying a mobile subscriber by a permanent mobile subscriber identity;
detecting the malicious traffic to identify an IP address temporarily associated with the mobile subscriber;
matching the identity of the mobile subscriber to the malicious traffic by matching the permanent mobile subscriber identity identified to the IP address temporarily associated with the mobile subscriber as identified from the malicious traffic detected; and
based on the result of matching the identity of the mobile subscriber to the malicious traffic, notifying the mobile subscriber with the identity of the mobile subscriber of the malicious traffic associated with the mobile subscriber by using the permanent mobile subscriber identity and not the IP address temporarily associated with the mobile subscriber.
2 Assignments
0 Petitions
Accused Products
Abstract
A technique for recognizing malicious traffic in IP networks coupled with an identification and notification of a mobile subscriber generating or receiving malicious traffic is provided. An embodiment of the present invention may include intrusively or non-intrusively monitoring in real-time the mobile subscriber'"'"'s data traffic for malicious traffic as well as mobile security intrusion attempts. Another embodiment of the present invention may report the identification of those mobile subscribers generating or receive malicious traffic to an operator. By knowing the identity of the mobile subscriber, an embodiment of the present invention may block the mobile subscriber'"'"'s subscription or alert the mobile subscriber in question about the malicious traffic. One embodiment of the present invention may be applied to mobile networks where the mobile subscriber'"'"'s identity is known by an unique identifier (e.g., an IMSI or a phone number) and where a notification system may be implemented using a messaging service e.g., SMS, MMS, IM, email, or voice.
44 Citations
33 Claims
-
1. A method for recognizing malicious traffic in a mobile network comprising:
-
identifying a mobile subscriber by a permanent mobile subscriber identity; detecting the malicious traffic to identify an IP address temporarily associated with the mobile subscriber; matching the identity of the mobile subscriber to the malicious traffic by matching the permanent mobile subscriber identity identified to the IP address temporarily associated with the mobile subscriber as identified from the malicious traffic detected; and based on the result of matching the identity of the mobile subscriber to the malicious traffic, notifying the mobile subscriber with the identity of the mobile subscriber of the malicious traffic associated with the mobile subscriber by using the permanent mobile subscriber identity and not the IP address temporarily associated with the mobile subscriber. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method for recognizing malicious traffic in an IP network comprising:
-
given an IP packet used to identify a mobile subscriber and other IP packets, analyzing each IP packet having a first portion and a second portion, the first portion having a source IP address and a destination IP address; identifying a mobile subscriber by a permanent mobile subscriber identity from the second portion of the IP packet used to identify the mobile subscriber; detecting the malicious traffic to identify an IP address temporarily associated with the mobile subscriber from the second portion of the other IP packets; matching the identity of the mobile subscriber to the malicious traffic by matching the permanent mobile subscriber identity to the IP address temporarily associated with the mobile subscriber as identified from the malicious traffic detected to form a match; and based on the result of matching the identity of the mobile subscriber to the malicious traffic, notifying the mobile subscriber with the identity of the mobile subscriber of the malicious traffic associated with the mobile subscriber using the permanent mobile subscriber identity and not the IP address temporarily associated with the mobile subscriber from the second portion of the IP packet. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification