Method and system for defending a mobile network from a fraud
First Claim
1. A method comprising:
- receiving information associated with a general packet radio service (GPRS) tunneling protocol (GTP) request from a serving node to a gateway node in a mobile network, wherein the information associated with the GTP request is a GTP control plane request or a call detail record (CDR) associated with the GTP request;
intercepting network traffic between the serving node and the gateway node by an intercept node;
redirecting the network traffic from the intercept node to a monitoring node;
analyzing parameters contained in the information associated with the GTP request at the monitoring node; and
determining that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.
-
Citations
20 Claims
-
1. A method comprising:
-
receiving information associated with a general packet radio service (GPRS) tunneling protocol (GTP) request from a serving node to a gateway node in a mobile network, wherein the information associated with the GTP request is a GTP control plane request or a call detail record (CDR) associated with the GTP request; intercepting network traffic between the serving node and the gateway node by an intercept node; redirecting the network traffic from the intercept node to a monitoring node; analyzing parameters contained in the information associated with the GTP request at the monitoring node; and determining that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A mobile network system comprising:
-
a serving node configured to serve a subscriber of the mobile network system; a gateway node configured to establish an external packet switched network; a monitoring node; and an intercept node configured to replicate traffic between the serving node and the gateway node and send the replicated traffic to the monitoring node, wherein the monitoring node examines information associated with a GTP request from the replicated traffic, analyzes parameters contained in the information, and determines that the GTP request is a fraudulent request. - View Dependent Claims (17, 18, 19, 20)
-
Specification