TR2021017334A2 - A DETECTION AND PREVENTION SYSTEM - Google Patents

Abstract

The present invention relates to a system (1) that can prevent attacks coming over the networks of neighboring countries with Diameter signaling and make border crossings difficult within the scope of accidental international roaming.

Description

DESCRIPTION A DETECTION AND PREVENTION SYSTEM Technical Area This invention is transmitted over the networks of neighboring countries with Diameter signaling. preventing attacks and limiting accidental international circulation. It is about a System that makes their transition difficult. Prior Art Diameter protocol Authentication, authorization in LTE and IMS networks It is a protocol used to exchange accounting and accounting information. It provides a more reliable and flexible transmission mechanism to data networks.

After the start of international roaming in LTE networks, diameter Various attacks are made in the signaling process over the protocol, attacks are classified in various categories, and different blocking is available for each category. methods are used. The most difficult attack among the attacks carried out today. The one is fake network selection that can come from neighboring country operators. attacks. The said attacks are based on the flight speed available in the state of the art. It is not solved with advanced controls such as control. Therefore, nowadays There is a need for solutions to prevent these attacks. In the document, a deceptive sent attacker in a Diameter protocol A system and method for detecting messages is described. Promise The subject invention is a Diameter protocol fraud according to a technical problem. It contains intrusion detection equipment and is a source of a 5G core network. a network interface to receive the packet and analyze the received packet and detect an abnormal a computer that can install and execute a program to detect the packet includes; computer program, home network from a Mobile Management Entity (MME) a Diameter protocol Söa protocol transmitted to a Home Subscriber Server (HSS) to obtain a normal lMSl (International Mobile Subscriber Identity) from the package provides an instruction and the normal IMSI included record into the first session table contains an instruction to add; By Mobile Management Entity (MME) from the Create Session Request message of the created CTP-C protocol. An instruction to obtain an International Mobile Subscriber Identity (IMSI) and a normal Diameter protocol The first session of the Söa protocol included in an IDR message obtaining the table; It searches tables and shows an abnormal IDR message. Brief Description of the Invention The purpose of this invention is to understand that the incoming message in the work flow comes from the border and After the checks are carried out, the subscriber's own network by enabling it to be determined whether it is accessible or not. It is possible to prevent attacks coming over the network and to prevent accidental international a system that makes border crossings difficult within the scope of circulation is to perform.

Another object of the invention is that LTE signaling is combined with 4G as well as 5G and 3GPP Non- If used in a Standalone Architecture (NSA) is to implement a system that provides a control method.

Another aim of the invention is to prevent attacks from neighboring countries' networks. prevention and accidental border crossings within the scope of international circulation blockage of telecommunication operators by ensuring that increase their competence and due to accidental international circulation additional charges that may occur by the subscribers and the subsequent customer To implement a system that reduces the problems of dissatisfaction.

Another purpose of the invention is to prevent attacks from neighboring countries' networks. prevention and accidental border crossings within the scope of international circulation the difficulties of operators in wage reimbursement processes. and to implement a system that alleviates call center traffic.

Detailed Description of the Invention “A Detection and Blocking” carried out to achieve the purpose of this invention. System” is shown in the attached figure, this figure; Figure 1 The subject of the invention is a schematic view of a detection and inhibition system.

The parts in the figure are numbered one by one. are given below: 1. System 2. Aircraft unit 3. Neural firewall With Diameter signaling, attacks coming over the networks of neighboring countries preventing and accidental border crossings within the scope of international circulation. system (1 l; -Signal foreign operator network selection request messages over IIESme carriers receive, detect that the request message is coming from the nerve operator, and then at least one Diameter end agent unit configured to make referrals, and - receiving network selection request messages from the Diameter terminal (2), a home subscriber Incoming calls by paging on the HSS-home subscriber server. to examine the answer, request in case the call is not answered or an error is received. forwarding the message to a core network of the operator and answering the call When received, the message is to prevent the operator from going to a core network. It contains at least one at least a border firewall (3) configured to

In the inventive system (1) Diameter end agent unit (2) from foreign operators receiving network selection requests on signaling carriers, routing and processing the message by making checks and detecting that the message came from the neural operator. is configured to do so. Diameter end agent unit (2) AIR, ULR Receiving messages and looking at the Realm, Host information of the message, the limit of the request message It is configured to detect that it is coming from the operator.

In the inventive system (1) neural firewall (3) Diameter end agent unit (2) to be in contact with the neural operator through this communication. get the detected request message and paging on the promise HSS is configured to. Neural firewall (3) CS over HSS (Circuit switched) and EPS domains and to search for the call answer. is set up for review. Neural firewall (3) via HSS Whether search requests to CS and EPS domains were answered, and in case of a reply, to ensure that the answers received are recorded. is being configured.

In the inventive system (1) the border firewall (3) over the HSS When the call is not answered or an error is received, the incoming call result to record the response and send the message to the home subscriber server (HSS-home). subscriber server) Border firewall (3) to save the answer when the call is not answered. to enable the message to reach the home subscriber server (HSS-home subscriber server). to block and block the message with predetermined error codes. is being configured.

In the inventive system (1), the neural firewall (3) has previously been CS or EPS in case of information on its condition and location use the saved information without triggering a call via and subscribe to the home of the message To prevent access to the server (HSS-home subscriber server) or to allow is made to give. In this way, the signaling traffic in the network is being reduced.

In the subject system of the invention (1), the firewall (3) records the call answers. at least one No-SQL database (to communicate with the DLL and promise to ensure that the search results are recorded in the database in question. is being configured. The neural firewall (3) also allows neural operators to at least one piece of data that holds information, application settings, and system logs It is configured to communicate with its base (DZ).

Thanks to the system (1), which is the subject of the invention, the neighboring countries are provided with Diameter signaling. The attacks coming through the networks are prevented and the international Within the scope of circulation, it is ensured that the border crossings are made difficult. For this In the inventive system (l), a home subscriber can be reached by using the network selection prompt messages. Searching (paging) is made on the server (HSS-home subscriber server), In case the call is not answered or an error is received, the request message is sent to the operator. it is routed to a core network and when the call is answered, the message is is blocked.

Around these basic concepts, the subject of the invention is “A Detection and Prevention System. It is possible to develop a wide variety of applications related to (1)", the invention being described here. not limited to the examples described, essentially as claimed in the claims.

Claims (11)

REQUESTS 1. Receiving the foreign operator network selection request messages over the signaling carriers, detecting that the request message comes from the neural operator, and then making diameter routing at least To receive the end agent unit and -network selection request messages from the Diameter terminal (2), to examine the incoming Answer by paging on a home subscriber server (HSS-home subscriber server), to send the request message to the operator in case the call is not answered or an error is received. a system (1) characterized by at least one at least a border firewall (3) configured to forward the message to the core network and, when the call is answered, to prevent the operator from going to a core network. 2. A system (1) as in Claim 1, characterized by the Diameter terminal agent unit (2), which is configured to receive network selection requests from foreign operators on signaling carriers, to process the message by performing routing and controls, and to detect that the message is coming from the neural operator. 3. A device as in claim 1 or 27, characterized by the Diameter end agent unit (2), which is configured to receive AIR, ULR messages and detect that the request message comes from the neural operator by looking at the Realm, Host information of the message. 4. As in any of the above claims, characterized by the border firewall (3] configured to communicate with the Diameter end agent unit (2), to receive the request message detected from the neural operator over this established communication, and to make paging on the promised HSS. One 5. A system (1) as in any one of the above claims, characterized by a border firewall (3) configured to search for CS (Circuit switched) and EPS domains over HSS and to examine the search response. 6. A system (1) as in any one of the above requests, characterized by a border firewall (3) configured to ensure whether a response can be received to call requests made over HSS to CS and EPS domains, and if a response is received, the received responses are recorded. 7. As in any of the above prompts, characterized by the border firewall (3] configured to record the answer received as a result of the call and to allow the message to reach the home subscriber server (HSS-home subscriber server) when the call made over HSS is not answered or an error is received. a system (1). 8. A system as in any of the above prompts ( one). 9. Characterized by a border firewall (3), which is configured to use the recorded information without triggering a call via CS or EPS in case of previous information about the subscriber's status and location, and to prevent or allow the message to reach the home subscriber server (HSS-home subscriber server). A system (1) as in any one of the preceding claims. 10. A system as in any of the above prompts, characterized by a border firewall (3) configured to communicate with at least one No-SQL database (DI) that records the search answers and to record the search results in the said database. (one). 11. A system (1) as in any one of the above claims, characterized by a border firewall (3) configured to communicate with at least one database (DZ) that holds information of the border operators, application settings and system transaction records.