System and method for correlating security events with subscriber information in a mobile network environment
First Claim
1. A method, comprising:
- identifying one or more first packets as subscriber accounting traffic associated with a subscriber device in a mobile network environment;
extracting, from a subscriber accounting start packet of the one or more first packets, subscriber device information and a network address of the subscriber device;
mapping, in a first memory element, the network address to the subscriber device information;
identifying one or more second packets as subscriber data network traffic; and
correlating the subscriber device information and a security event if the security event is detected in the one or more second packets and if the one or more second packets are associated with the subscriber device, wherein the correlating comprises;
searching the first memory element for at least one of a source network address and a destination network address of the one or more second packets;
obtaining, from the first memory element, the subscriber device information mapped to the network address of the subscriber device, when the network address of the subscriber device corresponds to one of the source network address and the destination network address.
10 Assignments
0 Petitions
Accused Products
Abstract
A method is provided in one example embodiment and includes receiving a subscriber accounting start packet for a subscriber device in a mobile network environment. The method also includes extracting, from the subscriber accounting start packet, subscriber device information and a network address of the subscriber device. The method further includes mapping the network address to the subscriber device information, and then correlating the subscriber device information and a security event when the security event is detected in subscriber data network traffic associated with the subscriber device. In a specific embodiment, the subscriber device information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN), and an access point name (APN). In further embodiments, an identification of the security event and one or more items of the subscriber device information are provided to a user.
-
Citations
20 Claims
-
1. A method, comprising:
-
identifying one or more first packets as subscriber accounting traffic associated with a subscriber device in a mobile network environment; extracting, from a subscriber accounting start packet of the one or more first packets, subscriber device information and a network address of the subscriber device; mapping, in a first memory element, the network address to the subscriber device information; identifying one or more second packets as subscriber data network traffic; and correlating the subscriber device information and a security event if the security event is detected in the one or more second packets and if the one or more second packets are associated with the subscriber device, wherein the correlating comprises; searching the first memory element for at least one of a source network address and a destination network address of the one or more second packets; obtaining, from the first memory element, the subscriber device information mapped to the network address of the subscriber device, when the network address of the subscriber device corresponds to one of the source network address and the destination network address. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. Logic encoded in one or more non-transitory computer-readable media that includes code for execution and when executed by a processor is operable to perform operations comprising:
-
identifying one or more first packets as subscriber accounting traffic associated with a subscriber device in a mobile network environment; extracting, from a subscriber accounting start packet of the one or more first packets, subscriber device information and a network address of the subscriber device; mapping, in a first memory element, the network address to the subscriber device information; and identifying one or more second packets as subscriber data network traffic; and correlating the subscriber device information and a security event if the security event is detected in the one or more second packets and if the one or more second packets are associated with the subscriber device, wherein the correlating comprises; searching the first memory element for at least one of a source network address and a destination network address of the one or more second packets; obtaining, from the first memory element, the subscriber device information mapped to the network address of the subscriber device, when the network address of the subscriber device corresponds to one of the source network address and the destination network address. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
a memory element configured to store data; a processor operable to execute instructions associated with the data; and an extraction module configured to interface with the memory element and the processor to; identify one or more first packets as subscriber accounting traffic associated with a subscriber device in a mobile network environment; extract, from a subscriber accounting start packet of the one or more first packets, subscriber device information and a network address of the subscriber device; map, in a first memory element, the network address to the subscriber device information; and identify one or more second packets as subscriber data network traffic; and a correlation module configured to interface with the memory element and the processor to correlate the subscriber device information and a security event if the security event is detected in the one or more second packets and if the one or more second packets are associated with the subscriber device, wherein the correlation module is to; search the first memory element for at least one of a source network address and a destination network address of the one or more second packets; obtain, from the first memory element, the subscriber device information mapped to the network address of the subscriber device, when the network address of the subscriber device corresponds to one of the source network address and the destination network address. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification