System and method for correlating network information with subscriber information in a mobile network environment
First Claim
Patent Images
1. A method comprising:
- receiving, at an out of band network threat behavior analysis engine, a plurality of records containing information related to network traffic associated with a network connection between a packet data network and a subscriber device of a plurality of subscriber devices in a mobile network, wherein the information is to include a network address and application metadata of at least one application used by the subscriber device, wherein the network traffic is intercepted by a network security device that generates the plurality of records;
extracting at least some of the application metadata from the plurality of records;
correlating the information with a mobile telephone number of the subscriber device based on the network address from the information being mapped to subscriber device information of the subscriber device in a memory element that maps subscriber device information of authenticated subscriber devices in the mobile network to real-time network addresses of the authenticated subscriber devices; and
generating a network behavior profile for the subscriber device based, at least in part, on the extracted application metadata, wherein the network behavior profile is to include a characterization of network traffic sent by the subscriber device, an identification of one or more applications used by the subscriber device, and an identification of communications by the subscriber device to one or more websites.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and includes receiving information for network traffic in a wireless network; correlating the information with a subscriber of a plurality of subscribers; and generating a behavior profile for the subscriber based on the information over a period of time.
-
Citations
18 Claims
-
1. A method comprising:
-
receiving, at an out of band network threat behavior analysis engine, a plurality of records containing information related to network traffic associated with a network connection between a packet data network and a subscriber device of a plurality of subscriber devices in a mobile network, wherein the information is to include a network address and application metadata of at least one application used by the subscriber device, wherein the network traffic is intercepted by a network security device that generates the plurality of records; extracting at least some of the application metadata from the plurality of records; correlating the information with a mobile telephone number of the subscriber device based on the network address from the information being mapped to subscriber device information of the subscriber device in a memory element that maps subscriber device information of authenticated subscriber devices in the mobile network to real-time network addresses of the authenticated subscriber devices; and
generating a network behavior profile for the subscriber device based, at least in part, on the extracted application metadata, wherein the network behavior profile is to include a characterization of network traffic sent by the subscriber device, an identification of one or more applications used by the subscriber device, and an identification of communications by the subscriber device to one or more websites. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more non-transitory computer-readable media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
receiving, at an out of band network threat behavior analysis engine, a plurality of records containing information related to network traffic associated with a network connection between a packet data network and a subscriber device of a plurality of subscriber devices in a mobile network, wherein the information is to include a network address and application metadata of at least one application used by the subscriber device, wherein the network traffic is intercepted by a network security device that generates the plurality of records; extracting at least some of the application metadata from the plurality of records; correlating the information with a mobile telephone number of the subscriber device based on the network address from the information being mapped to subscriber device information of the subscriber device in a memory element that maps subscriber device information of authenticated subscriber devices in the mobile network to real-time network addresses of the authenticated subscriber devices; and generating a network behavior profile for the subscriber device based, at least in part, on the extracted application metadata, wherein the network behavior profile is to include a characterization of network traffic sent by the subscriber device, an identification of one or more applications used by the subscriber device, and an identification of communications by the subscriber device to one or more websites. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. An apparatus, comprising:
-
a memory element configured to store data; a hardware processor operable to execute instructions associated with the data; an out of band network threat behavior analysis engine configured to interface with the memory element and the hardware processor to; receive a plurality of records containing information related to network traffic associated with a network connection between a packet data network and a subscriber device of a plurality of subscriber devices in a mobile network, the information to include a network address and application metadata of at least one application used by the subscriber device, wherein the network traffic is intercepted by a network security device that generates the plurality of records; extract at least some of the application metadata from the plurality of records; and generate a network behavior profile for the subscriber device based, at least in part on the extracted application metadata, wherein the network behavior profile is to include a characterization of network traffic sent by the subscriber device, an identification of one or more applications used by the subscriber device, and an identification of communications by the subscriber device to one or more websites; and a correlation module configured to interface with the memory element and the hardware processor to correlate the information with a mobile telephone number of the subscriber device based on the network address from the information being mapped to subscriber device information of the subscriber device in a memory element that maps subscriber device information of authenticated subscriber devices in the mobile network to real-time network addresses of the authenticated subscriber devices. - View Dependent Claims (15, 16, 17, 18)
-
Specification