Method and system for defending a mobile network from a fraud

US 9,572,037 B2
Filed: 03/16/2015
Issued: 02/14/2017
Est. Priority Date: 03/16/2015
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving information associated with a general packet radio service (GPRS) tunneling protocol (GTP) request from a serving node to a gateway node in a mobile network, wherein the information associated with the GTP request is a GTP control plane request or a call detail record (CDR) associated with the GTP request;

intercepting network traffic between the serving node and the gateway node by an intercept node;

redirecting the network traffic from the intercept node to a monitoring node;

analyzing parameters contained in the information associated with the GTP request at the monitoring node; and

determining that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

Citations

20 Claims

1. A method comprising:
- receiving information associated with a general packet radio service (GPRS) tunneling protocol (GTP) request from a serving node to a gateway node in a mobile network, wherein the information associated with the GTP request is a GTP control plane request or a call detail record (CDR) associated with the GTP request;
  
  intercepting network traffic between the serving node and the gateway node by an intercept node;
  
  redirecting the network traffic from the intercept node to a monitoring node;
  
  analyzing parameters contained in the information associated with the GTP request at the monitoring node; and
  
  determining that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1, further comprising denying establishing a GTP tunnel associated with the fraudulent GTP request.
  - 3. The method of claim 1,wherein the monitoring node is between the serving node and the gateway node.
  - 4. The method of claim 1, whereinredirecting network traffic from the intercept node to the monitoring node is through a GTP tunnel established between the serving node and the gateway node to the monitoring node.
  - 5. The method of claim 1, wherein the monitoring node is an out-of-band node of the mobile network.
  - 6. The method of claim 1, wherein the monitoring node deletes a GTP tunnel established by the fraudulent GTP request.
  - 7. The method of claim 1, further comprising generating a GTP message to delete a GTP tunnel established by the fraudulent GTP request and sending the GTP message to either the serving node or the gateway node.
  - 8. The method of claim 1, further comprising performing a real-time analysis on the GTP request.
  - 9. The method of claim 1, further comprising filtering denial-of-service (DoS) attacks including the fraudulent GTP request or a fraudulent GTP message.
  - 10. The method of claim 1, further comprising:
    - implementing a pseudo gateway node;
      
      creating a packet data protocol (PDP) session;
      
      routing user data traffic to the pseudo gateway node over the Internet; and
      
      saving the user data traffic to a database of the pseudo gateway node over the Internet.
  - 11. The method of claim 1, further comprising receiving a demand from an operator of the mobile network and deleting the PDP session based on the demand.
  - 12. The method of claim 1, wherein the mobile network is a 3G network, wherein the serving node is a serving general packet radio service (GPRS) support node (SGSN), and wherein the gateway node is a gateway GPRS support node (GGSN).
  - 13. The method of claim 12, wherein authentication and subscription information of a subscriber is maintained by a home location register (HLR).
  - 14. The method of claim 1, wherein the mobile network is a 4G network, wherein the serving node is a serving gateway (S-GW), and wherein the gateway node is a packet data network gateway (P-GW).
  - 15. The method of claim 14, wherein authentication and subscription information of a subscriber is maintained by a home subscriber server (HSS).

16. A mobile network system comprising:
- a serving node configured to serve a subscriber of the mobile network system;
  
  a gateway node configured to establish an external packet switched network;
  
  a monitoring node; and
  
  an intercept node configured to replicate traffic between the serving node and the gateway node and send the replicated traffic to the monitoring node,wherein the monitoring node examines information associated with a GTP request from the replicated traffic, analyzes parameters contained in the information, and determines that the GTP request is a fraudulent request.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The mobile network system of claim 16, wherein the information associated with the GTP request is a GTP control plane request or a CDR.
  - 18. The mobile network system of claim 16, wherein the monitoring node deletes a GTP tunnel established by the fraudulent GTP request.
  - 19. The mobile network system of claim 16, wherein the monitoring node generates a GTP message to delete a GTP tunnel established by the fraudulent GTP request and sends the GTP message to either the serving node or the gateway node.
  - 20. The mobile network system of claim 19, further comprises:
    - a probe implemented between the serving node and the gateway node; and
      
      a pseudo gateway node,wherein the pseudo gateway node is configured to;
      
      receive user data traffic routed to the pseudo gateway node, wherein the user data traffic is routed to the pseudo gateway node in response to a PDP session request by the probe; and
      
      save the user data traffic to a database over the Internet.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Yaana Technologies, LLC
Original Assignee
Yaana Technologies, LLC
Inventors
Puri, Rajesh, Hammer, Michael P., Grottwassink, David
Primary Examiner(s)
Vo, Don N

Application Number

US14/659,016
Publication Number

US 20160277934A1
Time in Patent Office

701 Days
Field of Search

455/410
US Class Current

1/1
CPC Class Codes

H04L 63/0245   Filtering by information in...

H04L 63/1458   Denial of Service

H04L 63/1466   Active attacks involving in...

H04W 12/06   Authentication

H04W 12/08   Access security

H04W 12/12   Detection or prevention of ...

H04W 12/122   Counter-measures against at...

H04W 12/73   Access point logical identity

H04W 76/12   Setup of transport tunnels

H04W 8/02   Processing of mobility data...

Method and system for defending a mobile network from a fraud

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for defending a mobile network from a fraud

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links