CN117376919A - Method and device for setting other pseudo base stations in 4G and 5G mobile communication - Google Patents
Method and device for setting other pseudo base stations in 4G and 5G mobile communication Download PDFInfo
- Publication number
- CN117376919A CN117376919A CN202311226510.6A CN202311226510A CN117376919A CN 117376919 A CN117376919 A CN 117376919A CN 202311226510 A CN202311226510 A CN 202311226510A CN 117376919 A CN117376919 A CN 117376919A
- Authority
- CN
- China
- Prior art keywords
- base station
- pseudo base
- signaling
- judgment
- pseudo
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 46
- 238000010295 mobile communication Methods 0.000 title claims abstract description 19
- 230000011664 signaling Effects 0.000 claims abstract description 92
- 238000012545 processing Methods 0.000 claims abstract description 28
- 238000004891 communication Methods 0.000 claims abstract description 21
- 230000008569 process Effects 0.000 claims description 23
- 238000004458 analytical method Methods 0.000 claims description 18
- 238000005516 engineering process Methods 0.000 claims description 13
- 230000007246 mechanism Effects 0.000 claims description 10
- 238000012216 screening Methods 0.000 claims description 8
- 230000001965 increasing effect Effects 0.000 claims description 7
- 230000001960 triggered effect Effects 0.000 claims description 4
- 230000001680 brushing effect Effects 0.000 claims description 3
- 230000004044 response Effects 0.000 abstract description 3
- 230000002159 abnormal effect Effects 0.000 abstract description 2
- 230000000694 effects Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 5
- 238000010801 machine learning Methods 0.000 description 3
- 230000002457 bidirectional effect Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011156 evaluation Methods 0.000 description 2
- 230000008713 feedback mechanism Effects 0.000 description 2
- 238000001914 filtration Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012544 monitoring process Methods 0.000 description 2
- 230000001105 regulatory effect Effects 0.000 description 2
- 208000004605 Persistent Truncus Arteriosus Diseases 0.000 description 1
- 208000037258 Truncus arteriosus Diseases 0.000 description 1
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000000903 blocking effect Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 230000010485 coping Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000001514 detection method Methods 0.000 description 1
- 230000002708 enhancing effect Effects 0.000 description 1
- 238000005242 forging Methods 0.000 description 1
- 230000006870 function Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000008844 regulatory mechanism Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012827 research and development Methods 0.000 description 1
- 230000035945 sensitivity Effects 0.000 description 1
- 238000012549 training Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a method and a device for setting other pseudo base stations in 4G and 5G mobile communication, which belong to the field of wireless communication safety, and equipment can comprehensively judge from different dimensionalities such as NAS signaling, RRC signaling and the like, so as to accurately judge whether an accessed base station is a pseudo base station. The NAS signaling and the RRC signaling can more accurately judge whether the accessed base station is a pseudo base station, can reduce the false alarm rate and the false alarm rate, improve the identification accuracy of the pseudo base station, can monitor and analyze signaling data in real time, and immediately make judgment when abnormal conditions are found. The pseudo base station is discovered and identified in time, and faster response and processing time can be provided for network operators, security institutions and users.
Description
Technical Field
The present invention belongs to the field of wireless communication security, and in particular relates to a technology and a measure for protecting a wireless communication system from various security threats.
Background
The current 4G and 5G networks use a bidirectional authentication mode of the terminal and the network, and although the terminal cannot perform a complete access flow through authentication of the 4G and 5G pseudo base station networks, the 4G and 5G pseudo base stations can press the terminal into a low-system network (such as GSM) in the access process, and then illegally operate the terminal. In addition, the terminal is easy to reselect or switch after the operator base station and the pseudo base station in the wireless environment where the pseudo base station exists, so that the problems of communication interruption, increase of mobile phone power consumption and the like are caused, and the terminal possibly falls into a telecommunication fraud trap.
The existing method and device for setting other pseudo base stations still have the following defects:
1. false alarm and missing report: in the method and apparatus for setting other pseudo base stations in the traditional 4G and 5G mobile communication, because the modern communication network is very complex, there are a large number of base stations and devices, meanwhile, various wireless signal interference and varying pseudo base station attack technologies are also continuously developed and improved, so that an attacker can forge the base stations more hidden by using advanced technologies, simulate legal mobile networks to attack on some novel pseudo base stations, and possibly lack sufficient sample data for training and identifying, so that the accuracy of an algorithm is limited, in addition, the situation that data sharing between an operator and a device manufacturer is imperfect may exist, so that the identification system cannot obtain the latest information, such as mobile devices, base stations, core networks and the like, the setting and configuration of the identification system may also be problematic, some configuration errors or software faults may cause the identification system to work abnormally, so that false alarm or false alarm occurs. Feedback and participation by the user is also an important loop that can provide valuable information and observations, helping to improve the accuracy and reliability of the system.
2. The efficiency is low: the recognition algorithm may be affected by factors such as complex network environment, signal interference, equipment difference and the like, so that accuracy and efficiency are reduced, and a large amount of manpower, material resources and financial resources are required to be input for the recognition of the pseudo base station for research and implementation. Certain regions or organizations may not provide enough support and investment due to limited resources, so that the definition and recognition standards of the pseudo base station are not unified, different institutions and manufacturers may use different methods and technologies, which results in inconsistent standards, it is difficult to establish a unified and efficient pseudo base station recognition system, operators, equipment manufacturers, government regulatory authorities and other parties cooperate and cooperate, information and resources cannot be shared fully, it is difficult to form a solution to the problem of the pseudo base station, the pseudo base station attacker continuously improves their technical means, including improving the method of forging the base station, hiding own signs and the like, so that the traditional recognition method may not recognize new pseudo base stations in time, the lack of strict legal regulations and regulatory mechanisms may result in insufficient recognition and awareness of the pseudo base stations, the problem of incorrect recognition and reporting of the pseudo base stations by users in the face of the pseudo base stations may be caused, and the problem of data sharing limitation and obstruction may also result in the inefficiency of setting other pseudo base stations, in some specific environments, such as dense urban areas, high buildings and the like, the problem of increasing the reflection of the pseudo base stations may be caused, and the problem of setting of the pseudo base stations may be reduced.
Disclosure of Invention
A method and device for setting other pseudo base stations in 4G and 5G mobile communication comprises the following specific steps:
step S1: CPU obtains real-time signaling in the process of registering baseband chip to base station;
step S2: the CPU performs brushing and selecting on the real-time signaling to obtain a part of effective signaling;
step S3: by analyzing the signaling, judging whether Tracking Area Code in log is consistent with the value of the TAC stored last time, and recording the judgment score of the current pseudo base station;
step S4: judging whether the SIBType2 and the SIBType4 messages exist in the log through analysis of the signaling, and recording the judgment score of the current pseudo base station;
step S5: the log is judged to be a registration rejection (REGISTRATION REJECT) message through the analysis of the signaling, and the judgment score of the current pseudo base station is recorded;
step S6: comparing the judgment score of the pseudo base station with a judgment threshold value to obtain whether the base station is the pseudo base station or not, and giving an alarm if the base station is the pseudo base station;
step S7: and repeating the above process, and judging the pseudo base station in real time.
Further, in step S1, the communication technology and the network type used are determined, for example GSM, CDMA, LTE, on the hardware level, to ensure that there is a correct connection and communication interface between the CPU and the baseband chip, a suitable driver or library is written or used on the software level to communicate with the baseband chip on the CPU, and a driver or library is used to obtain real-time signaling for the process of registering the baseband chip to the base station, including key signaling such as registration request, channel allocation, authentication process, etc., and in the process of obtaining signaling, relevant information is transferred to a subsequent processing module or algorithm for determining the possibility of a pseudo base station or other required analysis processing.
Further, in step S2, the CPU may perform screening according to the characteristics and formats of the signaling, and only select signaling related to base station registration for subsequent processing, in mobile communications, the signaling refers to control information for establishing, maintaining and releasing communication connection, when a large amount of signaling is received, the efficiency and performance of the system may be improved by screening and selecting a specific type of signaling for processing, and for signaling related to base station registration, the CPU may perform screening by analyzing a signaling header or other identification information, so that only required signaling is selected for subsequent processing, which may reduce the processing load and improve the overall system efficiency.
Further, in step S3, tracking Area Code is an identification code for distinguishing between different tracking areas, which is often used for location tracking and handover in a mobile communication network, and if Tracking Area Code transmitted by a pseudo base station is inconsistent with a normal base station, this may mean that there is a case of a pseudo base station, because the pseudo base station may interfere with or track the mobile location of a user by transmitting a false Tracking Area Code, thereby infringing on the privacy and security of the user, so the user should be alerted and avoid connecting to the network where the pseudo base station may exist.
Further, in step S4, in the program or the code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, analyzing each signaling, and extracting the message type field therein. This may involve decoding and parsing the signaling, which may be processed using a corresponding protocol specification and parsing library, in which, in the parsing process, it is searched whether SIB Type2 and SIB Type4 messages exist, SIB (System Information Block) is one of the message types carrying system information in the mobile communication network, if SIB Type2 and SIB Type4 messages are found in the parsed signaling, it may be inferred that a pseudo base station may exist, and you may increase the judgment score by a fixed value according to the situation, which indicates that the possibility of existence of the pseudo base station continues to process the subsequent signaling, and repeat steps 2 and 3 to continuously monitor and judge the possibility of the pseudo base station.
Further, in step S5, in the program or the code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, analyzing each signaling, and extracting the message type field therein. This may involve decoding and parsing the signaling, which may be processed using the corresponding protocol specification and parsing library to find out whether a registration reject (REGISTRATION REJECT) message is present during parsing. The registration reject message will typically contain a reject cause code indicating the specific cause of rejection of registration, and if the registration reject message is found in the parsed signaling, it can be inferred that a pseudo base station may be present. And (3) according to the situation, the judgment score can be increased by a fixed value to indicate the possibility of the existence of the pseudo base station, the subsequent signaling is continuously processed, the step (2) and the step (3) are repeated so as to continuously monitor and judge the possibility of the pseudo base station, and finally, the degree of the pseudo base station can be determined according to the accumulated judgment score. For example, a threshold is set, and when the judgment score exceeds the threshold, it is possible to confirm that a pseudo base station exists.
Further, in step S6, in the program or the code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, and a judgment threshold is defined, which determines how much the judgment score reaches, and is considered as the pseudo base station. The threshold value can be set according to specific requirements and actual conditions, and the judgment score is increased by a fixed value each time the possibility of judging the pseudo base station is increased. In steps S4 and S5, the judgment score increment obtained by the judgment according to the condition is compared with the threshold value after each time the judgment score changes. If the judgment score is larger than or equal to the threshold value, the base station is likely to be a pseudo base station, and if the judgment score exceeds the set threshold value, an alarm mechanism is triggered. You can do alarm processing by logging, sending notifications, or performing other defined operations.
Compared with the prior art, the invention has the following advantages:
1. the device can judge the authenticity of the base station by analyzing parameters of multiple dimensions such as NAS signaling, RRC signaling and the like, for example, whether identification codes such as IMSI, IMEI and the like between the device and the base station are matched or not can be checked, whether the state of the device is normal or not is verified, whether the strength and time delay of a confirmation signal accord with expectations or not is judged, the base station can require the device to perform stronger identity authentication, such as bidirectional authentication or use of a more complex key negotiation mechanism, which can effectively prevent a fake base station attacker from impersonating a legal base station to communicate with the device, the mobile device can save a trust list which contains legal base station information, when the device tries to connect to the base station, the mobile device can be compared with the base station in the trust list, and the base station in the trust list is found to be possibly a fake base station, so that connection is refused, and the security of user data and communication content can be protected by adopting encryption technology for the base station to which the device is connected to. Meanwhile, a security mechanism based on a digital certificate can be introduced, the credibility of a communication link is ensured, and operators and related departments can establish a monitoring system to monitor abnormal base stations in the network in real time. Meanwhile, the device can be provided with an alarm mechanism, and an alarm is sent to a user when the suspicious base station is detected, so that the user is reminded of possible risk of the pseudo base station.
2. The technology for identifying the pseudo base station is continuously researched and developed, the accuracy and the efficiency of the identification are improved by utilizing technologies such as machine learning, deep learning and the like, unified definition and identification standards of the pseudo base station are formulated together by all parties, cross-domain cooperation is promoted, common knowledge is formed, corresponding technical frameworks and processes are established, investment of manpower, material resources and financial resources is increased, research and development and implementation of the technology for identifying the pseudo base station are enhanced, the identification efficiency is improved, tight cooperation and information sharing among operators, equipment manufacturers, government regulatory authorities and safety authorities are promoted, a cooperative mechanism is established, the evolution of a pseudo base station attack means is timely followed, an identification system and algorithm are updated regularly, new threats are adapted, more rights and resources can be provided for related departments so as to more effectively cope with the pseudo base station threats, the cognition and coping capability of the pseudo base station for the related departments are improved by enhancing user education, the influence of the pseudo base station can be helped, and the data required by the pseudo base station identification possibly relate to privacy information of users.
Drawings
Fig. 1 is a specific implementation procedure of identifying a pseudo base station by key signaling in the present invention;
Detailed Description
The subject matter described herein will now be discussed with reference to example embodiments. It should be appreciated that these embodiments are discussed only to enable a person skilled in the art to better understand and thereby practice the subject matter described herein, and are not limiting of the scope, applicability, or examples set forth in the claims. Changes may be made in the function and arrangement of elements discussed without departing from the scope of the disclosure as set forth in the specification. Various examples may omit, replace, or add various procedures or components as desired. For example, the described methods may be performed in a different order than described, and various steps may be added, omitted, or combined. In addition, features described with respect to some examples may be combined in other examples as well.
As used herein, the term "comprising" and variations thereof mean open-ended terms, meaning "including, but not limited to. The term "based on" means "based at least in part on". The terms "one embodiment" and "an embodiment" mean "at least one embodiment. The term "another embodiment" means "at least one other embodiment". The terms "first," "second," and the like, may refer to different or the same object. Other definitions, whether explicit or implicit, may be included below. Unless the context clearly indicates otherwise, the definition of a term is consistent throughout this specification.
Examples
A method and device for setting other pseudo base stations in 4G and 5G mobile communication comprises the following specific steps:
step S1: CPU obtains real-time signaling in the process of registering baseband chip to base station;
step S2: the CPU performs brushing and selecting on the real-time signaling to obtain a part of effective signaling;
step S3: by analyzing the signaling, judging whether Tracking Area Code in log is consistent with the value of the TAC stored last time, and recording the judgment score of the current pseudo base station;
step S4: judging whether the SIBType2 and the SIBType4 messages exist in the log through analysis of the signaling, and recording the judgment score of the current pseudo base station;
step S5: the log is judged to be a registration rejection (REGISTRATION REJECT) message through the analysis of the signaling, and the judgment score of the current pseudo base station is recorded;
step S6: comparing the judgment score of the pseudo base station with a judgment threshold value to obtain whether the base station is the pseudo base station or not, and giving a warning if the base station is the pseudo base station;
step S7: and repeating the above process, and judging the pseudo base station in real time.
In step S1 of the algorithm, baseband chip and communication technology: the baseband chip is a bridge between the mobile device and the network and is responsible for processing tasks such as communication protocols and signal processing, different communication technologies (such as LTE, 5G and the like) have different baseband chip requirements, the mobile device can communicate with the base station through the baseband chip, and documents and data of the baseband chip: the information provides detailed descriptions about the technical specifications, register definitions, instruction sets, signaling formats, etc. of the baseband chip, through which the developer can understand the operating principles and communication procedures of the baseband chip to properly interact and communicate with it, the device driver: the device driver is a bridge connecting the operating system and the hardware, and is used for realizing control and management of the operating system to the hardware, in this case, the device driver is used for communicating with the baseband chip, sending instructions and receiving signaling data, and transmitting the signaling data to the upper layer application program for processing, and the signaling data is real-time: the real-time signaling data is an interactive signal generated by the baseband chip in the registration process with the base station, the data contains information related to network communication, such as a registration request, an authentication process, signal strength and the like, and the communication state and process between the mobile equipment and the base station can be known by acquiring and analyzing the real-time signaling data, and a subsequent processing module or algorithm: after the real-time signaling data is acquired, the data can be further judged, analyzed and processed by using a subsequent processing module or algorithm, for example, in the detection of the pseudo base station, the information of signal strength, frequency and the like can be compared to identify the possible pseudo base station, and the processing module or algorithm can provide more security and reliability guarantee.
In step S2, real-time signaling data: communication interaction information between the mobile equipment and the base station is provided, and through acquiring real-time signaling data, the CPU can perform subsequent processing and analysis, and screening rules or algorithms: rules or algorithms for filtering and filtering the real-time signaling data are defined, and can selectively extract effective signaling meeting the conditions according to specific requirements and scenes, and a signaling analyzer: the CPU can easily access each field and parameter in the signaling through the signaling analyzer so as to carry out subsequent processing and analysis, and the processing and storage module is responsible for analyzing the original signaling data into readable and processed structured data: further processing and storing the screened part of effective signaling, including analysis, statistics, comparison and other operations of signaling data, and storing the result into a file or database, providing accurate and reliable data support for subsequent application and decision, feedback mechanism or interface: according to the screening result, information of effective signaling is provided to related systems or users through a feedback mechanism or interface, which can help other systems or users make corresponding decisions and adjustments, and respond to communication states and changes between the mobile device and the base station in time.
In step S3, the signaling parser: the signaling analyzer is used for analyzing the original signaling data from the baseband chip, and can analyze the original signaling data into readable and processable structured data according to the format and protocol specification of the signaling, and the TAC value stored last time is as follows: you need to store the last saved value of Tracking Area Code (TAC) in the system, which may be a variable or a value stored in a database or file, to compare with the TAC currently resolved, determine score record: you need to define a variable or data structure to record the judgment score of the current pseudo base station, which can be a numerical value representing the evaluation of the probability or reliability of the pseudo base station, judgment logic: the TAC in the signaling data obtained through analysis is compared, whether the current TAC is consistent with the TAC value stored last time is judged, if so, the recording operation of the pseudo base station judgment value is carried out, and the record is stored: you may need a storage means (e.g. database or file) to store the result of each judgment and the corresponding pseudo base station judgment score, so that subsequent analysis and inquiry can be performed, and the TAC value is updated: if the judgment result is true (i.e. the TACs are consistent), updating the TAC value obtained by current analysis into the TAC value saved last time.
In step S4, the signaling is parsed: by analyzing the signaling data, extracting specific types of messages, such as the sibType2 and the sibType4 messages, wherein the specific types of messages (such as the sibType2 and the sibType 4) are associated with the activities of the pseudo base station, the pseudo base station is a malicious device, the malicious device simulates the signals of a legal base station, induces the mobile device to connect, and carries out illegal actions such as information stealing, monitoring or attack, and the like, and can assist in detecting and identifying the potential pseudo base station activities by judging whether the specific types of messages exist or not, and judging whether the messages exist or not: judging whether the analyzed signaling contains specific types of messages, if so, indicating that the activity of the pseudo base station possibly exists, recording the pseudo base station judgment score can help to evaluate the possibility or credibility of the pseudo base station, calculating the pseudo base station judgment score according to factors such as the characteristics of the message, the signal quality, the surrounding environment and the like through a rule or algorithm set by a system, wherein the score can be used as a reference index for judging the threat degree of the pseudo base station, and is helpful for determining whether further precautionary measures are needed to be taken or not, and recording the pseudo base station judgment score: when judging the existence of the message, recording the judgment score of the current pseudo base station, wherein the score can be calculated according to a rule or algorithm set by a system and is used for evaluating the possibility or credibility of the pseudo base station, and the judgment result and the judgment score of the pseudo base station are stored in a database or a file, so that subsequent statistics, analysis and inquiry can be performed, basis and reference are provided for network security management, and the judgment result and the judgment score of the pseudo base station are recorded and can provide data support and management decision. The records can be used for subsequent statistics, analysis and inquiry, and the trend and mode of the pseudo base station activity are known, so that the basis is provided for network security management. Meanwhile, the change and trend of the pseudo base station activity can be found in time by analyzing and judging the change of the score, and corresponding countermeasures and measures are taken.
In step S5, the registration rejection message (REGISTRATION REJECT) is usually related to the pseudo base station activity, and the pseudo base station may interfere with the registration process of the mobile device, so that the registration request is rejected, by analyzing the signaling and judging whether the registration rejection message exists, the potential pseudo base station activity can be found in time, the judgment score of the current pseudo base station can provide information about the threat level of the pseudo base station, a pseudo base station judgment score can be calculated according to different factors through a predefined algorithm or rule, the score reflects the possibility or credibility of the current pseudo base station, the threat level can be evaluated, corresponding processing measures are adopted, security management and response measures can be supported by recording the pseudo base station judgment score and the registration rejection message, the records can be used for subsequent data analysis, trend analysis and inquiry to better understand the activity rule and mode of the pseudo base station, and when the high-score pseudo base station activity is detected, a corresponding security response mechanism such as an alarm system, a blocking mechanism and the like can be triggered, statistics and analysis can be performed by recording the judgment score and the registration rejection message, the evolution of the data can be made to help to know the security policy and the evolution of the pseudo base station, and the security policy can be adjusted in time.
In step S6, a judgment score of the pseudo base station is acquired: the judgment score of the current pseudo base station is obtained from the data storage system, whether the base station is judged to be the pseudo base station can be determined according to objective evaluation standards by comparing the judgment score of the pseudo base station with a set judgment threshold value, the situation of false alarm and missing alarm can be avoided as much as possible by setting a proper judgment threshold value, the judgment accuracy is improved, and the judgment threshold value is set: and setting a judgment threshold according to the actual demand and the safety strategy. The threshold value can be a predetermined fixed value or a dynamically adjusted value, for example, according to historical data or an adaptive threshold value obtained by a machine learning algorithm, the existence of the pseudo base station can be found in time by acquiring the judgment score of the pseudo base station in real time and comparing the judgment score with the judgment threshold value, so that corresponding safety measures can be rapidly taken to prevent the possible safety threat caused by the pseudo base station to the mobile network, and the judgment score and the judgment threshold value are compared: comparing the obtained judgment score of the pseudo base station with a set judgment threshold, if the judgment score is greater than or equal to the judgment threshold, the pseudo base station is considered to exist, and the flexibility of setting the judgment threshold enables the system to adjust according to different environments, different situations and requirements, for example, the judgment threshold can be automatically adjusted according to historical data or a machine learning algorithm so as to adapt to the situations of different time periods, places and user groups, the judgment sensitivity and the intelligent degree are improved, and an alarm is sent: when the judgment score exceeds or reaches the judgment threshold value, an alarm mechanism is triggered, and alarm information is sent to related personnel, systems or equipment. The method can alarm in the modes of mail, short message, push notification and the like, and can quickly notify related personnel and systems by triggering an alarm mechanism and sending alarm information, so that the related personnel and systems can timely take corresponding measures aiming at the pseudo base station, and the alarm information can comprise the position information, judgment scores and the like of the base station so as to help the related personnel to better understand and process the problems.
It will be appreciated by those skilled in the art that various changes and modifications can be made to the embodiments disclosed above without departing from the spirit of the invention. Accordingly, the scope of the invention should be limited only by the attached claims.
It should be noted that not all the steps and units in the above flowcharts and the system configuration diagrams are necessary, and some steps or units may be omitted according to actual needs. The order of execution of the steps is not fixed and may be determined as desired. The apparatus structures described in the above embodiments may be physical structures or logical structures, that is, some units may be implemented by the same physical entity, or some units may be implemented by multiple physical entities, or may be implemented jointly by some components in multiple independent devices.
The detailed description set forth above describes exemplary embodiments, but does not represent all embodiments that may be implemented or fall within the scope of the claims. The term "exemplary" used throughout this specification means "serving as an example, instance, or illustration," and does not mean "preferred" or "advantageous over other embodiments. The detailed description includes specific details for the purpose of providing an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described embodiments.
The previous description of the disclosure is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the scope of the disclosure. Thus, the disclosure is not limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
Claims (7)
- A method and a device for setting other pseudo base stations in 1.4G and 5G mobile communication comprise the following specific steps:step S1: CPU obtains real-time signaling in the process of registering baseband chip to base station;step S2: the CPU performs brushing and selecting on the real-time signaling to obtain a part of effective signaling;step S3: by analyzing the signaling, judging whether Tracking Area Code in log is consistent with the value of the TAC stored last time, and recording the judgment score of the current pseudo base station;step S4: judging whether the SIBType2 and the SIBType4 messages exist in the log through analysis of the signaling, and recording the judgment score of the current pseudo base station;step S5: the log is judged to be a registration rejection (REGISTRATION REJECT) message through the analysis of the signaling, and the judgment score of the current pseudo base station is recorded;step S6: comparing the judgment score of the pseudo base station with a judgment threshold value to obtain whether the base station is the pseudo base station or not, and giving an alarm if the base station is the pseudo base station;step S7: and repeating the above process, and judging the pseudo base station in real time.
- 2. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S1, the communication technology and the network type used are determined, for example GSM, CDMA, LTE, on the hardware level, to ensure that there is a correct connection and communication interface between the CPU and the baseband chip, configuration and adjustment are required according to specific devices and chips, on the software level, a suitable driver or library is written or used to communicate with the baseband chip on the CPU, and the driver or library is used to obtain real-time signaling for the process of registering the baseband chip to the base station, which includes key signaling for registration request, channel allocation, authentication process, etc., and during the process of signaling acquisition, relevant information is transferred to a subsequent processing module or algorithm for judging the possibility of a pseudo base station or other required analysis processing.
- 3. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S2, the CPU may perform screening according to the characteristics and formats of the signaling, and only select signaling related to base station registration to perform subsequent processing, in mobile communications, the signaling refers to control information for establishing, maintaining, and releasing a communication connection, when a large amount of signaling is received, the efficiency and performance of the system may be improved by screening and selecting a specific type of signaling to perform processing, and for signaling related to base station registration, the CPU may perform screening by analyzing a signaling header or other identification information, so that only a required signaling is selected to perform subsequent processing, thereby reducing the processing load and improving the overall system efficiency, and at the same time, the CPU may also perform classification and priority ordering on different types of signaling according to specific service requirements and priorities, so as to ensure that the critical signaling is timely processed and responded.
- 4. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S3, tracking Area Code is an identification code for distinguishing between different tracking areas, which is commonly used for location tracking and handover in a mobile communication network, which may mean that there is a case of a pseudo base station if Tracking Area Code transmitted by the pseudo base station is inconsistent with a normal base station, because the pseudo base station may interfere with or track the mobile location of the user by transmitting the pseudo Tracking Area Code, thereby infringing on the privacy and security of the user, so the user should be alerted and avoid connecting to the network where the pseudo base station may exist.
- 5. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S4, in the program or code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, each signaling is parsed, the message Type field therein is extracted, the corresponding protocol specification and parsing library are used for processing, in the parsing process, whether SIB Type2 and SIB Type4 messages exist is searched, SIB (System Information Block) is one of the message types carrying system information in the mobile communication network, if SIB Type2 and SIB Type4 messages are found in the parsed signaling, the situation that the pseudo base station may exist can be inferred, according to the situation, the judgment score is increased by a fixed value, which indicates the possibility of the existence of the pseudo base station, the subsequent signaling is continuously processed, steps 2 and 3 are repeated so as to continuously monitor and judge the possibility of the pseudo base station, and finally, the degree of the pseudo base station can be determined according to the accumulated judgment score.
- 6. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S5, in the program or code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, each signaling is parsed, the message type field therein is extracted, the operations related to decoding and parsing the signaling are involved, the corresponding protocol specification and parsing library are used for processing in the parsing process, whether there is a registration rejection (REGISTRATION REJECT) message is searched, the registration rejection message typically includes a rejection reason code indicating the specific reason for rejecting the registration, and if the registration rejection message is found in the parsed signaling, the situation that the pseudo base station may exist can be inferred.
- 7. The method and apparatus for setting other pseudo base stations in 4G and 5G mobile communications according to claim 1, wherein: in step S6, in the program or code, a variable is defined for recording the judgment score (which may be a counter or an accumulated score value) of the pseudo base station, a judgment threshold is defined, which determines how much the judgment score is reached, and is considered as the pseudo base station, the threshold is set according to specific requirements and practical situations, the judgment score is increased by a fixed value each time the probability of judging the pseudo base station increases, the judgment score increment obtained according to the condition judgment in steps S4 and S5 is performed, after each time the judgment score changes, the comparison of the judgment score and the threshold is performed, if the judgment score is greater than or equal to the threshold, the base station is likely to be the pseudo base station, if the judgment score exceeds the set threshold, an alarm mechanism is triggered, and alarm processing is performed by logging, sending notification or performing other defined operations.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311226510.6A CN117376919A (en) | 2023-09-21 | 2023-09-21 | Method and device for setting other pseudo base stations in 4G and 5G mobile communication |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202311226510.6A CN117376919A (en) | 2023-09-21 | 2023-09-21 | Method and device for setting other pseudo base stations in 4G and 5G mobile communication |
Publications (1)
Publication Number | Publication Date |
---|---|
CN117376919A true CN117376919A (en) | 2024-01-09 |
Family
ID=89390165
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202311226510.6A Pending CN117376919A (en) | 2023-09-21 | 2023-09-21 | Method and device for setting other pseudo base stations in 4G and 5G mobile communication |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN117376919A (en) |
-
2023
- 2023-09-21 CN CN202311226510.6A patent/CN117376919A/en active Pending
Similar Documents
Publication | Publication Date | Title |
---|---|---|
KR20170062301A (en) | Method and apparatus for preventing connection in wireless intrusion prevention system | |
CN112769833B (en) | Method and device for detecting command injection attack, computer equipment and storage medium | |
KR102102835B1 (en) | Wips sensor | |
CN112953971A (en) | Network security traffic intrusion detection method and system | |
CN105825129A (en) | Converged communication malicious software identification method and system | |
CN111556473A (en) | Abnormal access behavior detection method and device | |
US9838878B2 (en) | Detecting undesirable signalling traffic | |
CN114339767B (en) | Signaling detection method and device, electronic equipment and storage medium | |
CN116599747A (en) | Network and information security service system | |
CN117376919A (en) | Method and device for setting other pseudo base stations in 4G and 5G mobile communication | |
CN116346433A (en) | Method and system for detecting network security situation of power system | |
CN115442159A (en) | Household routing-based risk management and control method, system and storage medium | |
CN113067835B (en) | Integrated self-adaptive collapse index processing system | |
CN111698683B (en) | Network security control method and device, storage medium and computer equipment | |
CN114124453A (en) | Network security information processing method and device, electronic equipment and storage medium | |
US20180114021A1 (en) | Optimizing data detection in communications | |
CN116743507B (en) | Intrusion detection method and system based on intelligent door lock | |
CN111510443A (en) | Terminal monitoring method and terminal monitoring device based on equipment portrait | |
CN110535886A (en) | For detecting method, apparatus, system, equipment and the medium of man-in-the-middle attack | |
CN111698684B (en) | Service security control method, device and storage medium | |
KR20200054495A (en) | Method for security operation service and apparatus therefor | |
US20080022402A1 (en) | Method of detecting that a unit is sending a large number of frames over a network | |
CN116260640B (en) | Information interception control method and system for big data analysis based on artificial intelligence | |
CN117118561B (en) | Signal shielding device for information network security | |
CN112887288B (en) | Internet-based E-commerce platform intrusion detection front-end computer scanning system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |