TR2021010056A2 - AN ADAPTABLE SYSTEM TO PREVENT DETECTION AND TRANSFER OF ATTACKS TO THE TARGET - Google Patents

Abstract

In order to protect equipment using diameter protocol from fuzzing attacks by sending messages contrary to 3GPP standards, this invention is a system that enables the detection of messages that do not comply with 3GPP standards, the prevention of sending inappropriate messages to the target receiver, and the adaptive management of exceptional situations by adapting to the diameter interface (1 ) It is related to.

Description

DESCRIPTION DETERMINING AND TRANSFERRING ATTACKS TO THE TARGET AN ADAPTABLE SYSTEM THAT PREVENT Technical Area This invention introduces equipment using diameter protocol SGPP (The 3rd Generation). Partnership Project-3. Messages against the standards of the 2nd Generation Partnership Project in diameter to protect it from fuzzing attacks made by sending Detection of messages that do not comply with 3GPP standards by adapting to the to prevent inappropriate messages from being sent to the target recipient. prevention, adaptive management of exceptional situations. It is about a System that Provides. Prior Art With the increasing use of LTE (long term evolution) today, The attacks faced by systems speaking diameter protocol are also increasing.

One of the attacks that systems face is fuzzing attack. The attacker sent It causes fuzzy attack because it cannot send messages in accordance with 3GPP standards. can happen. With a fuzzing attack, the system can be broken (crash) and rendered inoperable. is brought. Most diameter protocol equipment incoming messages 3GPP maintained in accordance with its standards. Diameter with fuzzing attack method There are errors (bugs) on the protocol equipment and their working can be prevented. In this method, the structure and content of diameter messages is 3GPP. set against standards. The sample must be sent numerically. AVP (attrib ute value pair-ad value pair) is sent in text format. Moreover diameter by sending messages and AVPaler of the interface that the equipment does not support cause the system to increase in density and decrease the performance of the system. can happen.

Considering the studies available in the current technique diameter to be protected from ûizzing attacks by being in front of systems using the protocol. There is a need for a system that provides is understood. In his document, a spoof sent for attack in a diameter protocol A system and method that enables the detection of messages is described. Promise The subject invention is a diameter protocol fraud attack according to a technical problem. contains detection equipment and a packet derived from a 5G core network. to analyze a network interface and a german packet and retrieve an abnormal packet a computer that can install and execute a program to detect includes; computer program, eV network from a Mobile Management Entity (MME) diameter protocol transmitted to a Home Subscriber Server (HSS) To obtain a normal IMSI (International Mobile Subscriber Identity) from the package provides an instruction and inserts the normal IMSl included record into the first session table. contains an instruction to add; By Mobile Management Entity (MME) from the Create Session Request message of the created GTP-C protocol. An instruction to obtain an International Mobile Subscriber Identity (IMSI) and a normal diameter protocol The first session of the Söa protocol included in an IDR message obtaining the table; It searches tables and shows an abnormal IDR message. Brief Description of the Invention The purpose of this invention is to detect messages that do not comply with the 3GPP standards. and a system that ensures that they are prevented from being sent to the target system is to perform.

Another object of this invention is fuzzing diameter protocol equipment. which ensures the prevention of attacks and non-fuzzing exceptional situations. to implement an adaptive protection system.

Detailed Description of the Invention In order to achieve the purpose of this invention, the “Detection of Attacks and An Adaptive System that Prevents Delivery to the Destination” is shown as appendix. and this figure; Figure-1; The subject of the invention is a schematic view of the system.

The parts in the figures are numbered one by one. the responses are given below. 1. System 2.Electronic device 3. Application 4.Server Equipment using the diameter protocol, which is the subject of the invention, is against 3GPP standards. to protect it from fuzzing attacks by sending messages, diameter Detection of messages that do not comply with 3GPP standards by adapting to the to prevent inappropriate messages from being sent to the target recipient. prevent, manage exceptions in an harmonious manner. a System (1) that provides; - at least one that is configured to run at least one application on it electronic device (2), - flexible diameter interface types executed on the electronic device (2) to include, to enter the rules related to the control and to control the desired At least one application configured to promote messages - in accordance with the definitions entered through the application (3) Checking and blocking inappropriate messages contains at least one server (4) configured to

At least one application on the electronic device (2) in the system (1) which is the subject of the invention (3) is configured to run. Electronic device (2) in the form of a computer it is a device.

The application (3) in the system (1), which is the subject of the invention, is on the electronic device (2). to include flexible diameter interfaces is being configured. Application (3) transmitted to equipment using diameter protocol In the event that interfaces and messages will not be controlled, these contents will be directly configured to transmit to equipment. Application (3) will be checked all the messages and messages that are prepared for each diameter interface and expected in the interface. containing the definitions of the AVPs that make up the message contents according to the 3GPP standards. message resolution XML (extensible markup Ianguage-extensible markup language). Application (3) rules to be used in interface and message control, interface types, message It is configured to store lists. Invention preferred application (3) is a Fuzzing Attack Firewall. Firewall-FAFW) application.

Control over the server (4) application (3) in the system (1) which is the subject of the invention Application (3) application ID field in the message defined to be (According to the application IDlve command code information, the corresponding message analysis XML to decipher the incoming message and check it according to the rules is configured to. The server (4) does not accept any messages in accordance with the rules. to prevent the transmission of the relevant message in case it detects an error. is being configured. If the server (4) decryption is successful, a It is configured to move on to the next control. Server (4) to forward your message entered in the application (3) for the interface types supported by the desired target. detecting messages that are not suitable for the target in accordance with the definitions, and configured to prevent transmission. Server (4) decode the message If there is target information in the message after the checks are made, it is defined for the target. to check whether the interface types are in the rules and if there are any incoming It is configured to check if the interface message is in the list.

The server (4) confirms that the destination information of the message is not in one of the defined interface types. and/or determines whether the interface message is in the list, is configured to prevent the transmission of the message.

Application of the Invention to Industry In the system (l) subject to the invention, first of all, an electronic device (2) works. in terms of diameter interface types supported by a FAFW application with It has a flexible structure. For example application (3) while supporting SOA traffic, the need Any code development for another diameter interface when heard It has an adaptive structure that can support a new interface without

Application (3) interfaces and messages that are undesirable to be controlled It is transmitted directly to the target without being inserted. To be controlled on the application (3] The requested interface and messages are in accordance with the rules defined in the application (4). It is controlled by the server (4). Messages deemed appropriate are sent to the relevant destination. messages are forwarded and inappropriate messages are blocked. 3GPP standards new AVPs that may come in new versions are code-based on application (3). These controls can be accessed by entering definitions in the configuration files without any development. will be included.

Thanks to this invention, it is ahead of the systems using the diameter protocol. fUZzing, which provides protection from attacks and can adapt to exceptional situations. a system is obtained.

Electronic device (2), application (3) and server in the inventive system (1) (4) provides the user with information and approval in accordance with data privacy principles. It operates within the scope of the Personal Data Protection Law (KVKK). shows.

Around these basic concepts, there are many different types of systems related to the inventive system (1). development of applications is possible, and the invention is illustrated by the examples described herein. not limited, essentially as claimed in the claims.

Claims (1)

REQUIREMENTS To protect equipment using Diameter protocol from fuzzing attacks by sending messages contrary to 3GPP standards, by adapting to the diameter interface, it enables the detection of messages that do not comply with 3GPP standards, the prevention of sending inappropriate messages to the target receiver, and the management of exceptional situations in an adaptable way; - at least one electronic device (2) configured to run at least one application on it (3) and - characterized by at least one server (4) configured to check messages and block inappropriate messages in accordance with the definitions entered through the application (3) (at least one application (3 on 1 l. .) ) is running on an Electronic device (2) as in claim 1, characterized by a computer-shaped electronic device (2) configured to operate, and an application as in claim 1 or ? system (1).In the case where the interfaces and messages transmitted to the equipment using the Diameter protocol will not be brought under control A system (1) as in any one of the above claims, characterized by the application (3) configured to transmit these contents directly to the equipment. A system (1) as in any of the above claims, characterized by the application (3) configured to provide the definition of the message analysis XMLt prepared for each diameter interface to be controlled, containing the definitions of AVPs according to 3GPP standards, which create all the messages and message contents expected in the interface. . A system as in any of the above claims characterized by the application (3) configured to store the rules, interface types, message lists to be used in interface and message control. A system (1) as in any of the above prompts, characterized by the server (4) configured to decode the incoming message and check it according to the rules using the relevant message decoding XML according to the command code information (1). In case it detects any error in the messages according to the rules A system (1) as in any of the above claims, characterized by a server (4) configured to prevent the transmission of the relevant message. . A system (1) as in any of the above claims, characterized by a server (4) configured to detect messages that are not suitable for the target in accordance with the definitions entered in the application (3) for the interface types supported by the target to which the message is intended to be transmitted, and to prevent its transmission. A system as in any of the above requests (1 ). A system as in any of the above claims, characterized by the server (4) configured to prevent the transmission of the relevant message in case the target information of the message is not in one of the defined interface types and/or it determines whether the interface message is in the list.