Mitigating the impact from internet attacks in a RAN using internet transport

US 9,705,900 B2
Filed: 02/09/2015
Issued: 07/11/2017
Est. Priority Date: 02/09/2015
Status: Active Grant

First Claim

Patent Images

1. A method, performed in a network node in a Radio Access Network (RAN) and using Internet transport to provide services to user equipments (UEs) served by the RAN, of mitigating impacts from Internet attacks, the method comprising:

obtaining intrusion detection information informing the network node that the network node is under attack via an Internet connection to the network node;

selecting, based on the intrusion detection information, a mitigation action, the mitigation action mitigating the impact of the attack on a RAN service provided by the RAN; and

performing the selected mitigation action to mitigate the impact on a service level for the RAN service.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure relates to methods and devices for mitigating the impact from Internet attacks in a Radio Access Network, RAN, using Internet transport. This object is obtained by a method performed in network node in a RAN, using Internet transport. The method comprises obtaining intrusion detection information informing the network node that the RAN is under attack. The method further comprises selecting, based on the intrusion detection information, a mitigation action, the mitigation action mitigating the impact of the attack on the RAN service. Further the method comprises performing the selected mitigation action to mitigate the impact on the RAN service level.

Citations

23 Claims

1. A method, performed in a network node in a Radio Access Network (RAN) and using Internet transport to provide services to user equipments (UEs) served by the RAN, of mitigating impacts from Internet attacks, the method comprising:
- obtaining intrusion detection information informing the network node that the network node is under attack via an Internet connection to the network node;
  
  selecting, based on the intrusion detection information, a mitigation action, the mitigation action mitigating the impact of the attack on a RAN service provided by the RAN; and
  
  performing the selected mitigation action to mitigate the impact on a service level for the RAN service.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the obtaining comprises receiving the intrusion detection information from an Intrusion Detection System (IDS).
  - 3. The method of claim 2, wherein the IDS is located within the network node.
  - 4. The method of claim 1, wherein the mitigation action comprises initiating handover of UEs to a neighboring network node.
  - 5. The method of claim 1, wherein the mitigation action comprises increasing the received signal strength threshold value required by a UE to be allowed to connect the network nodes.
  - 6. The method of claim 1, wherein the mitigation action comprises decreasing the cell size of the network nodes of UEs captured by a cell.
  - 7. The method of claim 1, wherein the mitigation action comprises reporting, to neighboring network nodes, that the RAN is under attack.
  - 8. The method of claim 7, wherein said reporting comprises proposed actions to be performed in the neighboring network nodes.
  - 9. The method of claim 1, wherein the network node is a Radio Base Station (RBS).
  - 10. The method of claim 1, wherein the network node is a Base Station Controller (BSC).
  - 11. The method of claim 1, wherein the network node is a Radio Network Controller (RNC).

12. A network node configured for use in a Radio Access Network (RAN) and to use Internet transport to provide services to user equipments (UEs) served by the RAN, the network node comprising a processor and a memory, said memory containing instructions executable by said processor, whereby said network node is configured to:
- obtain intrusion detection information informing the network node that the network node is under attack via an Internet connection to the network node;
  
  select, based on the intrusion detection information, a mitigation action, the mitigation action mitigating the impact of the attack on a RAN service provided by the RAN; and
  
  perform the selected mitigation action to mitigate the impact on a service level for the RAN service.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The network node of claim 12, wherein the network node is configured to obtain the intrusion detection information by receiving the intrusion detection information from an Intrusion Detection System (IDS).
  - 14. The network node of claim 12, wherein the IDS is located within the network node.
  - 15. The network node of claim 12, wherein the mitigation action comprises initiating handover of UEs to a neighboring network node.
  - 16. The network node of claim 12, wherein the mitigation action comprises increasing the received signal strength threshold value required by a UE to be allowed to connect the network node.
  - 17. The network node of claim 12, wherein the mitigation action comprises to decreasing the cell size of the network node of UEs captured by the cell.
  - 18. The network node of claim 12, wherein the mitigation action comprises reporting that the RAN is under attack to neighboring network nodes.
  - 19. The network node network node of claim 18, wherein the reporting comprises proposed actions to be performed in the neighboring network node.
  - 20. The network node of claim 12, wherein the network node is a Radio Base Station (RBS).
  - 21. The network node of claim 12, wherein the network node is a Base Station Controller (BSC).
  - 22. The network node of claim 12, wherein the network node is a Radio Network Controller (RNC).

23. A non-transitory computer-readable storage medium, having stored thereupon a computer program that, when run in a network node in a Radio Access Network (RAN) and using Internet transport to provide services to user equipments (UEs), causes the network node to:
- obtain intrusion detection information informing the network node that the network node is under attack via an Internet connection to the network node;
  
  select, based on the intrusion detection information, a mitigation action, the mitigation action mitigating the impact of the attack on a RAN service provided by the RAN; and
  
  perform the selected mitigation action to mitigate the impact on a service level for the RAN service.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Telefonaktiebolaget LM Ericsson
Original Assignee
Telefonaktiebolaget LM Ericsson
Inventors
Thyni, Tomas, Ullerstig, Mats, Forsman, Mats
Primary Examiner(s)
WYSZYNSKI, AUBREY H

Application Number

US14/427,373
Publication Number

US 20160373467A1
Time in Patent Office

883 Days
Field of Search

726 23
US Class Current
CPC Class Codes

H04L 2463/144   Detection or countermeasure...

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/1441   Countermeasures against mal...

H04L 67/10   in which an application is ...

H04W 12/12   Detection or prevention of ...

H04W 12/128   Anti-malware arrangements, ...

H04W 52/04   TPC

H04W 84/04   Large scale networks; Deep ...

Mitigating the impact from internet attacks in a RAN using internet transport

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Mitigating the impact from internet attacks in a RAN using internet transport

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links