CN101888635B - A kind of method and signaling monitoring system detecting falsified GTP data - Google Patents
A kind of method and signaling monitoring system detecting falsified GTP data Download PDFInfo
- Publication number
- CN101888635B CN101888635B CN201010222768.5A CN201010222768A CN101888635B CN 101888635 B CN101888635 B CN 101888635B CN 201010222768 A CN201010222768 A CN 201010222768A CN 101888635 B CN101888635 B CN 101888635B
- Authority
- CN
- China
- Prior art keywords
- signalling message
- message data
- data
- port numbers
- pdp context
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W24/00—Supervisory, monitoring or testing arrangements
- H04W24/08—Testing, supervising or monitoring using real traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W92/00—Interfaces specially adapted for wireless communication networks
- H04W92/04—Interfaces between hierarchically different network devices
- H04W92/14—Interfaces between hierarchically different network devices between access point controllers and backbone network device
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a kind of method detecting forgery general packet wireless service tunnel protocol data, comprise: signaling monitoring system gathers the signalling message data of IuPs, Gb, Gr, Gn and gp interface, described signalling message data is analyzed, judges whether described signalling message data is forge general packet wireless service tunnel protocol (GTP) data according to analysis result.The present invention also provides a kind of signaling monitoring system.The present invention is by IuPs, Gb, Gr, Gn and gp interface monitoring, and identify the GTP data of forging in this operational area network, find the behavior of malicious attack, the detection for GRPS security fields provides reliable means, has filled up the blank in this field.
Description
Technical field
The present invention relates to moving communicating field, particularly relate to a kind of method and the signaling monitoring system that detect falsified GTP (GPRS Tunellingprotocol, general packet wireless service tunnel protocol) data.
Background technology
GPRS (General Packet Radio Service, GPRS) network is based on existing GSM (Global System for Mobile Communications, global system for mobile communications) real-time performance, need increase by two category nodes: SGSN (Serving GPRS Support Node, GPRS serving GPRS support node) and GGSN (Gateway GPRS Support Node, GGSN).The current location information of SGSN record move platform, and between travelling carriage and GGSN, complete mobile packet data transmission and reception.SGSN is connected to HLR (Home Location Register, attaching position register), RNC (Radio Network Controller, radio network controller), BSC (Base StationController, base station controller) and GGSN.Interface between SGSN and BSC is Gb Interface, and the interface between SGSN and RNC is IuPs interface, and the interface between SGSN and HLR is Gr interface, and the interface between SGSN and GGSN is gn interface, and the interface between GGSN is gp interface.In order to provide GPRS services of roaming, the gp interface of company of operator each province is all configured to internet ip.Although there is the protection of fire compartment wall, cannot protect the assault based on service layer, such as connect attack and stepping for the malicious creation user of GGSN and to log out a particular user attack, existing network does not also possess this defense function.
Summary of the invention
The technical problem that will solve of the present invention provides a kind of method and the signaling monitoring system that detect falsified GTP data, identifies malicious attack, increases cyber-defence function.
In order to solve the problem, the invention provides a kind of method detecting forgery general packet wireless service tunnel protocol data, comprising:
Signaling monitoring system gathers the signalling message data of IuPs, Gb, Gr, Gn and gp interface, described signalling message data is analyzed, judges whether described signalling message data is forge general packet wireless service tunnel protocol (GTP) data according to analysis result.
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when creating the data of packet data protocol (PDP) context procedures, then:
If the GPRS serving GPRS support node (SGSN) in described establishment PDP Context process operational area belonging to described signaling monitoring system is initiated, search the activation PDP Context process whether having described Gb or IuPs interface, if no, then described signalling message data is falsified GTP data.
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating PDP Context process, and the SGSN in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, then:
If the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process, then described signalling message data is falsified GTP data;
If the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system, and, there is not corresponding position updating process in described Gr interface, and/or, the SGSN of the SGSN of this position updating process and this establishment PDP Context process is inconsistent, then described signalling message data is falsified GTP data.
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is the data of deleting PDP Context process, then:
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates, then search the deexcitation PDP Context process whether having described Gb or IuPs interface, if no, then judge that described signalling message data is falsified GTP data.
Wherein, described method also comprises:
When described signaling monitoring system judges that described signalling message data is falsified GTP data, send falsified GTP behavioural information to GGSN.
The present invention also provides a kind of signaling monitoring system, comprising:
Described signaling monitoring system is used for: the signalling message data gathering IuPs, Gb, Gr, Gn and gp interface, described signalling message data is analyzed, judges whether described signalling message data is forge general packet wireless service tunnel protocol (GTP) data according to analysis result.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when creating the data of packet data protocol (PDP) context procedures, then:
If the SGSN in described establishment PDP Context process operational area belonging to described signaling monitoring system initiates, search the activation PDP Context process whether having described Gb or IuPs interface, if do not had, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating PDP Context process, and the SGSN in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, then:
If the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process, then described signalling message data is falsified GTP data;
If the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system, and, there is not corresponding position updating process in described Gr interface, and/or, the SGSN of the SGSN of this position updating process and this establishment PDP Context process is inconsistent, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data of deleting PDP Context process, then:
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates, then search the deexcitation PDP Context process whether having described Gb or IuPs interface, if no, then judge that described signalling message data is falsified GTP data.
Wherein, when described signaling monitoring system is also for judging that described signalling message data is falsified GTP data, send falsified GTP behavioural information to GGSN.
The present invention is by IuPs, Gb, Gr, Gn and gp interface monitoring, and identify the GTP data of forging in this operational area network, find the behavior of malicious attack, the detection for GRPS security fields provides reliable means, has filled up the blank in this field.
Accompanying drawing explanation
Fig. 1 is GPRS network frame diagram;
Fig. 2 is that the present invention detects falsified GTP data schematic diagram;
Fig. 3 is signalling message data schematic diagram.
Embodiment
Below in conjunction with accompanying drawing, specific embodiment of the invention is described in detail.
In order to detect the malicious attack based on service layer, the present invention adopts the mode of signal collecting from IuPs, Gb, Gr, the signaling link of Gn and gp interface gathers signalling message data, and signalling message data is arranged, analyze and adds up, the GTP data of forgery can be identified by analysis result, thus find to there is malicious attack behavior, and provide foundation for blocking these behaviors.
Concrete steps of the present invention are as follows:
One. signaling monitoring system gathers the signalling message data of IuPs, Gb, Gr, Gn and gp interface;
Two. described signalling message data is analyzed;
Three. judge whether described signalling message data is forge general packet wireless service tunnel protocol (GTP) data according to analysis result, when judging that described signalling message data is falsified GTP data, send falsified GTP behavioural information to GGSN, determined whether blocking by GGSN.
Agreement involved in the present invention comprises: RANAP (Radio Access Network ApplicationPart, wireless access network applying portion), NS OVER IP (NS OVER IP, Network on IP), GTP (GPRS Tunneling Protocol, GPRS Tunnel Protocol), GPRS MAP (GPRSMobile Application Part, GPRS MAP).As shown in Figure 1, as shown in Figure 2, the implementation step of flow process comprises overall procedure the applied environment of the method for the present invention's design:
Step 201, the link of monitoring IuPs, Gb, Gr, Gn and gp interface, gathers signalling message data.Interface type has E1, GE, FE etc.
Step 202, analyze the signalling message data gathered at Gn and gp interface, can comprise two-layer IP address and port in the signalling message data of GTP, ground floor is address and the port numbers of SGSN and GGSN, and the second layer is address and the port of user and access websites.Analyze Layer2 protocol and port numbers in signalling message data, see that Layer2 protocol is User Datagram Protoco (UDP) (User Datagram Protocol, and the port numbers of the port numbers of correspondence whether for presetting UDP), preset port numbers herein and refer to 3386 or 2152, if preset port numbers to change, still can the present invention be applied:
A, the Layer2 protocol judging the signalling message data of described Gn and gp interface and port numbers, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
This situation is the situation of GTP in GTP, as shown in Figure 3.In this situation, because hacker is by after certain APN (APN) online, camouflage message is encapsulated in second layer data, so these data are from wireless network to core net, after again from gn interface to GGSN, to forward from Gi interface after GGSN parses second layer IP address and port.But find that the second layer is the data of GTP, the GGSN that result forwards again other to goes, such hacker's counterfeit message is just successful.
B. if not, namely Layer2 protocol is not the non-default port numbers of port numbers of User Datagram Protoco (UDP) or correspondence, analyzes accordingly various process:
The process of B1.Create PDP Context (establishment block data protocol context), when namely described signalling message data is the data creating PDP Context process:
If the SGSN a) in described establishment PDP Context process operational area belonging to described signaling monitoring system initiates, when operational area divides to economize, refer to the initiation of described establishment PDP Context process by the SGSN of this province, search Activate PDP context (activation PDP Context) process whether having Gb or IuPs interface, if there is no this process, so just judge it is false Create PDP Context process, described signalling message data is falsified GTP data.
If the SGSN b) in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, when operational area divides to economize, refer to the initiation of described establishment PDP Context process by the SGSN in other provinces, so judge MSISDN (Mobile Subscriber International ISDN/PSTN number, the Mobile Subscriber International ISDN number) number of user terminal in this Create PDP Context process:
B1) if the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process is (when operational area divides to economize, refer to the number in other provinces), so just judge it is false Create PDP context process, this signalling message data is falsified GTP data.Because the user in other provinces directly can not access the GGSN of this province.
B2) if the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system is (when operational area divides to economize, refer to the number of this province), then search Gr interface and whether have corresponding position updating process, and whether SGSN is consistent in SGSN and the Create PDP context process judging this position updating process, if there is no corresponding position updating process, or the SGSN in the SGSN of position updating process and this Create PDP context process is inconsistent, then judge it is false Create PDP context process, this signalling message data is falsified GTP data.
B2.Delete PDP context (deletion PDP Context) process
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates (when operational area divides to economize, refer to be initiated by the SGSN of this province), then search Deactivate PDP context (deexcitation PDP Context) process whether having Gb or IuPs interface, if do not had, so just judge it is false Delete PDP context process, this signalling message data is falsified GTP data.
Step 203, the record sending doubtful falsified GTP behavior, to GGSN, determines whether block by GGSN, needs to block if GGSN thinks, so according to the operation just directly can initiating Delete PDP context to this GTP process of forging.
In above-described embodiment, operational area also can divide as required by other means, does not affect enforcement of the present invention.
The present invention is by IuPs, Gb, Gr, Gn and gp interface monitoring, and identify the GTP data of forging in this province network, find the behavior of malicious attack, the detection for GRPS security fields provides reliable means, has filled up the blank in this field.
The present invention also provides a kind of signaling monitoring system, comprising:
Described signaling monitoring system is used for: the signalling message data gathering IuPs, Gb, Gr, Gn and gp interface, described signalling message data is analyzed, judges whether described signalling message data is forge general packet wireless service tunnel protocol (GTP) data according to analysis result.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when creating the data of packet data protocol (PDP) context procedures, then:
If the SGSN in described establishment PDP Context process operational area belonging to described signaling monitoring system initiates, search the activation PDP Context process whether having described Gb or IuPs interface, if do not had, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating PDP Context process, and the SGSN in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, then:
If the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process, then described signalling message data is falsified GTP data;
If the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system, and, there is not corresponding position updating process in described Gr interface, and/or, the SGSN of the SGSN of this position updating process and this establishment PDP Context process is inconsistent, then described signalling message data is falsified GTP data.
Wherein, described signaling monitoring system be for:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data of deleting PDP Context process, then:
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates, then search the deexcitation PDP Context process whether having described Gb or IuPs interface, if no, then judge that described signalling message data is falsified GTP data.
Wherein, when described signaling monitoring system is also for judging that described signalling message data is falsified GTP data, send falsified GTP behavioural information to GGSN.
Should be understood that, although be described in detail the invention process method by reference to the accompanying drawings above, but this method is not limited to above-mentioned embodiment, also IuPs is not limited to, Gb, Gr, the class of business of Gn and gp interface, above-mentioned embodiment is only schematic, instead of it is restrictive, those skilled in the art is under the enlightenment of the inventive method, do not departing under the ambit that the inventive method aim and claim protect, a lot of distortion can also be made, these distortion all should belong within the scope of patent protection of the inventive method.
Claims (8)
1. detect a method of forging general packet wireless service tunnel protocol data, it is characterized in that, comprising:
Signaling monitoring system gathers the signalling message data of IuPs, Gb, Gr, Gn and gp interface, analyzes described signalling message data, judges whether described signalling message data is forge general packet wireless service tunnel protocol GTP data according to analysis result;
When described signaling monitoring system judges that described signalling message data is falsified GTP data, send falsified GTP behavioural information to GGSN;
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
2. the method for claim 1, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating packet data protocol PDP Context process, then:
If the GPRS serving GPRS support node SGSN in described establishment PDP Context process operational area belonging to described signaling monitoring system initiates, search the activation PDP Context process whether having described Gb or IuPs interface, if no, then described signalling message data is falsified GTP data.
3. the method for claim 1, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating PDP Context process, and the SGSN in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, then:
If the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process, then described signalling message data is falsified GTP data;
If the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system, and, there is not corresponding position updating process in described Gr interface, and/or, the SGSN of the SGSN of this position updating process and this establishment PDP Context process is inconsistent, then described signalling message data is falsified GTP data.
4. the method for claim 1, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is the data of deleting PDP Context process, then:
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates, then search the deexcitation PDP Context process whether having described Gb or IuPs interface, if no, then judge that described signalling message data is falsified GTP data.
5. detect a system of forging general packet wireless service tunnel protocol data, it is characterized in that, comprising:
First module, for the signalling message data making signaling monitoring system gather IuPs, Gb, Gr, Gn and gp interface, described signalling message data is analyzed, judges whether described signalling message data is forge general packet wireless service tunnel protocol GTP data according to analysis result;
Second module, when judging that described signalling message data is falsified GTP data for making described signaling monitoring system, sends falsified GTP behavioural information to GGSN;
Wherein, carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if Layer2 protocol is User Datagram Protoco (UDP) and the port numbers of correspondence is default port numbers, then described signalling message data is falsified GTP data.
6. system as claimed in claim 5, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating packet data protocol PDP Context process, then:
If the SGSN in described establishment PDP Context process operational area belonging to described signaling monitoring system initiates, search the activation PDP Context process whether having described Gb or IuPs interface, if do not had, then described signalling message data is falsified GTP data.
7. system as claimed in claim 5, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data creating PDP Context process, and the SGSN in described establishment PDP Context process operational area belonging to non-described signaling monitoring system initiates, then:
If the number of operational area belonging to the non-described signaling monitoring system of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process, then described signalling message data is falsified GTP data;
If the number of the Mobile Subscriber International ISDN number of the user terminal of this establishment PDP Context process operational area belonging to described signaling monitoring system, and, there is not corresponding position updating process in described Gr interface, and/or, the SGSN of the SGSN of this position updating process and this establishment PDP Context process is inconsistent, then described signalling message data is falsified GTP data.
8. system as claimed in claim 5, is characterized in that,
Carry out analysis to described signalling message data to comprise:
Judge Layer2 protocol and the port numbers of the signalling message data of described Gn and gp interface, if the Layer2 protocol non-default port numbers that is not the port numbers of User Datagram Protoco (UDP) or correspondence, and described signalling message data is when being the data of deleting PDP Context process, then:
If the SGSN in described deletion PDP Context process operational area belonging to described signaling monitoring system initiates, then search the deexcitation PDP Context process whether having described Gb or IuPs interface, if no, then judge that described signalling message data is falsified GTP data.
Priority Applications (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010222768.5A CN101888635B (en) | 2010-06-30 | 2010-06-30 | A kind of method and signaling monitoring system detecting falsified GTP data |
| PCT/CN2011/076542 WO2012000433A1 (en) | 2010-06-30 | 2011-06-29 | Method for detecting gtp data and signaling monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201010222768.5A CN101888635B (en) | 2010-06-30 | 2010-06-30 | A kind of method and signaling monitoring system detecting falsified GTP data |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101888635A CN101888635A (en) | 2010-11-17 |
| CN101888635B true CN101888635B (en) | 2015-08-12 |
Family
ID=43074305
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201010222768.5A Expired - Fee Related CN101888635B (en) | 2010-06-30 | 2010-06-30 | A kind of method and signaling monitoring system detecting falsified GTP data |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN101888635B (en) |
| WO (1) | WO2012000433A1 (en) |
Families Citing this family (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101888635B (en) * | 2010-06-30 | 2015-08-12 | 中兴通讯股份有限公司 | A kind of method and signaling monitoring system detecting falsified GTP data |
| CN102638442B (en) * | 2011-02-15 | 2015-04-29 | 西门子公司 | System and method for detecting GTP (GPRS Tunnel Protocol) attack |
| CN103716804B (en) * | 2012-09-28 | 2017-02-15 | 北京亿赞普网络技术有限公司 | Wireless data communication network user network behavior analyzing method, device and system |
| CN103118146B (en) * | 2013-01-21 | 2016-01-20 | 北京拓明科技有限公司 | To contract at HLR based on the different user of signaling the recognition methods of identical ip addresses |
| CN105391602B (en) * | 2015-12-15 | 2019-02-26 | 北京奇虎科技有限公司 | A kind of data acquisition test method and apparatus |
| CN108307385B (en) * | 2016-08-31 | 2021-06-29 | 华为技术有限公司 | Method and device for preventing signaling attack |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626551A (en) * | 2009-06-26 | 2010-01-13 | 武汉虹旭信息技术有限责任公司 | System and method for popularizing advertisements based on mobile Internet |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030081607A1 (en) * | 2001-10-30 | 2003-05-01 | Alan Kavanagh | General packet radio service tunneling protocol (GTP) packet filter |
| US9036540B2 (en) * | 2007-09-28 | 2015-05-19 | Alcatel Lucent | Method and system for correlating IP layer traffic and wireless layer elements in a UMTS/GSM network |
| CN101674200B (en) * | 2009-10-19 | 2014-10-22 | 中兴通讯股份有限公司 | Generation method of SGSN topological graph and device thereof |
| CN101888635B (en) * | 2010-06-30 | 2015-08-12 | 中兴通讯股份有限公司 | A kind of method and signaling monitoring system detecting falsified GTP data |
-
2010
- 2010-06-30 CN CN201010222768.5A patent/CN101888635B/en not_active Expired - Fee Related
-
2011
- 2011-06-29 WO PCT/CN2011/076542 patent/WO2012000433A1/en active Application Filing
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101626551A (en) * | 2009-06-26 | 2010-01-13 | 武汉虹旭信息技术有限责任公司 | System and method for popularizing advertisements based on mobile Internet |
Also Published As
| Publication number | Publication date |
|---|---|
| WO2012000433A1 (en) | 2012-01-05 |
| CN101888635A (en) | 2010-11-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101888635B (en) | A kind of method and signaling monitoring system detecting falsified GTP data | |
| US8270942B2 (en) | Method for the interception of GTP-C messages | |
| CN112567779B (en) | Method, system and computer readable medium for performing time distance security countermeasures for outbound roamers using DIAMETER edge proxy | |
| JP5265685B2 (en) | Method and system for correlating IP layer traffic and radio layer elements in a UMTS / GSM network | |
| CN103430487B (en) | For detecting the method, apparatus and system of the service data that grouped data connects | |
| JP4542830B2 (en) | Apparatus and method for generating service usage record of mobile data communication | |
| CN102548019B (en) | The foundation of common path and using method, the communication means of M2M and system | |
| KR20230106172A (en) | Methods, systems, and computer readable media for validating location update messages | |
| EP1736016B1 (en) | Method for preventing the delivery of short message service message spam | |
| JP2023508567A (en) | Method, system and computer readable medium for performing indirect General Packet Radio Service (GPRS) Tunneling Protocol (GTP) firewall filtering using a Diameter agent and a Signal Transfer Point (STP) | |
| US20080117841A1 (en) | Telecommunications System And Method | |
| CN103477589B (en) | For controlling and process the technology that detection tunnel is set up | |
| CN111800412A (en) | Advanced sustainable threat tracing method, system, computer equipment and storage medium | |
| CN106535219A (en) | User information backfilling method and device | |
| CN102638442B (en) | System and method for detecting GTP (GPRS Tunnel Protocol) attack | |
| CN103139847A (en) | Method and device of data transmission | |
| US9510377B2 (en) | Method and apparatus for managing session based on general packet radio service tunneling protocol network | |
| US20070021096A1 (en) | Methods, systems, and computer program products associating communications detail records with a mobile reference and using the mobile reference to retrieve the communications detail records | |
| CN101572862A (en) | Method and equipment for supporting intercommunication between 3G system and LTE system | |
| CN116471592A (en) | Network-connected automobile network communication process analysis method and related equipment thereof | |
| CN101742547A (en) | Mark-based network message correlation method | |
| CN101925038B (en) | Data transmission method, communication device and network system | |
| CN101321392A (en) | Load deleting method and system, gateway equipment | |
| JPWO2021138072A5 (en) | ||
| CN101778364A (en) | System and method for discovering and governing behaviors of copying SIM cards of mobile phones by adopting forced login |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20180703 Address after: California, USA Patentee after: Global innovation polymerization LLC Address before: 518057 Nanshan District high tech Industrial Park, Shenzhen, Guangdong, Ministry of justice, Zhongxing Road, South China road. Patentee before: ZTE Corp. |
|
| CF01 | Termination of patent right due to non-payment of annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20150812 |