WO2023207984A1 - Procédé et appareil de traitement de comportement, ainsi que terminal, dispositif côté réseau et support - Google Patents

Procédé et appareil de traitement de comportement, ainsi que terminal, dispositif côté réseau et support Download PDF

Info

Publication number
WO2023207984A1
WO2023207984A1 PCT/CN2023/090602 CN2023090602W WO2023207984A1 WO 2023207984 A1 WO2023207984 A1 WO 2023207984A1 CN 2023090602 W CN2023090602 W CN 2023090602W WO 2023207984 A1 WO2023207984 A1 WO 2023207984A1
Authority
WO
WIPO (PCT)
Prior art keywords
target
terminal
pdu session
information
behavior
Prior art date
Application number
PCT/CN2023/090602
Other languages
English (en)
Chinese (zh)
Inventor
张鹏飞
吕华章
康艳超
Original Assignee
维沃移动通信有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 维沃移动通信有限公司 filed Critical 维沃移动通信有限公司
Publication of WO2023207984A1 publication Critical patent/WO2023207984A1/fr

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/04Arrangements for maintaining operational condition
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W24/00Supervisory, monitoring or testing arrangements
    • H04W24/08Testing, supervising or monitoring using real traffic

Definitions

  • This application belongs to the field of communication technology, and specifically relates to a behavior processing method, device, terminal, network side equipment and medium.
  • the terminal can select and/or establish a corresponding PDU session for the application's traffic based on the traffic characteristics associated with the application.
  • the terminal may experience some abnormal behavior on the PDU session. How to intelligently handle the abnormal behavior of the terminal to select and/or establish an appropriate PDU session has become an urgent problem. The problem.
  • Embodiments of the present application provide a behavior processing method, device, terminal, network side device and medium, which can solve the problem of how to intelligently process abnormal behavior of the terminal to select and/or establish an appropriate PDU session.
  • a behavior processing method includes: a terminal receiving target information from a network side device, where the target information includes an analysis result of the terminal's abnormal behavior; and the terminal makes a decision on the terminal's behavior based on the target information.
  • a behavior processing device includes: a receiving module for receiving target information from a network side device, where the target information includes analysis results of abnormal behavior of the terminal; a decision-making module for based on the target information, Make decisions about the behavior of the terminal.
  • a behavior processing method includes: the network side device analyzes the behavior of the terminal; the network side device sends target information to the terminal, and the target information includes the analysis results of the terminal's abnormal behavior.
  • a behavior processing device includes: an analysis module for analyzing the behavior of the terminal; and a sending module for sending target information to the terminal, where the target information includes analysis results of the terminal's abnormal behavior.
  • a terminal in a fifth aspect, includes a processor and a memory.
  • the memory stores programs or instructions that can be run on the processor.
  • the program or instructions are executed by the processor, the following implementations are implemented: The steps of the method described in one aspect.
  • a terminal including a processor and a communication interface, wherein the communication interface is used to receive target information from a network side device, where the target information includes analysis results of abnormal behavior of the terminal, and the processor is used to Based on the target information, make decisions on the behavior of the terminal.
  • a network side device in a seventh aspect, includes a processor and a memory.
  • the memory stores programs or instructions that can be run on the processor.
  • the program or instructions are executed by the processor.
  • a network side device including a processor and a communication interface, wherein the processor is used to analyze the behavior of the terminal, and the communication interface is used to send target information to the terminal, where the target information includes the terminal Analysis results of abnormal behavior.
  • a ninth aspect provides a communication system, including: a terminal and a network side device.
  • the terminal can be used to perform the steps of the behavior processing method as described in the first aspect.
  • the network side device can be used to perform the steps of the behavior processing method as described in the third aspect. The steps of the behavioral processing method.
  • a readable storage medium is provided. Programs or instructions are stored on the readable storage medium. When the programs or instructions are executed by a processor, the steps of the method described in the first aspect are implemented, or the steps of the method are implemented as described in the first aspect. The steps of the method described in the third aspect.
  • a chip in an eleventh aspect, includes a processor and a communication interface.
  • the communication interface is coupled to the processor.
  • the processor is used to run programs or instructions to implement the method described in the first aspect. method, or implement a method as described in the third aspect.
  • a computer program/program product is provided, the computer program/program product is stored in a storage medium, and the computer program/program product is executed by at least one processor to implement as described in the first aspect The steps of behavioral processing method.
  • the network side device can detect and analyze the behavior of the terminal, and then send the analysis result of the terminal's abnormal behavior to the terminal. After receiving the analysis result sent by the network side device, the terminal can perform the analysis according to the analysis result. , make decisions on the behavior of the terminal.
  • the terminal can make decisions on the terminal's behavior based on the analysis results of the terminal's abnormal behavior by the network-side device, so that the terminal can handle the terminal's abnormal behavior more intelligently and accurately based on the assistance of the network.
  • Figure 1 is a schematic architectural diagram of a communication system provided by an embodiment of the present application.
  • Figure 2 is a schematic diagram of a behavior processing method provided by an embodiment of the present application.
  • Figure 3 is one of the structural schematic diagrams of a behavior processing device provided by an embodiment of the present application.
  • Figure 4 is the second structural schematic diagram of a behavior processing device provided by an embodiment of the present application.
  • Figure 5 is a schematic diagram of the hardware structure of a communication device provided by an embodiment of the present application.
  • Figure 6 is a schematic diagram of the hardware structure of a terminal provided by an embodiment of the present application.
  • FIG. 7 is a schematic diagram of the hardware structure of a network-side device provided by an embodiment of the present application.
  • first, second, etc. in the description and claims of this application are used to distinguish similar objects and are not used to describe a specific order or sequence. It is to be understood that the terms so used are interchangeable under appropriate circumstances so that the embodiments of the present application can be practiced in sequences other than those illustrated or described herein, and that "first" and “second” are distinguished objects It is usually one type, and the number of objects is not limited.
  • the first object can be one or multiple.
  • “and/or” in the description and claims indicates at least one of the connected objects, and the character “/" generally indicates that the related objects are in an "or” relationship.
  • LTE Long Term Evolution
  • LTE-Advanced, LTE-A Long Term Evolution
  • LTE-A Long Term Evolution
  • CDMA Code Division Multiple Access
  • TDMA Time Division Multiple Access
  • FDMA Frequency Division Multiple Access
  • OFDMA Orthogonal Frequency Division Multiple Access
  • SC-FDMA Single-carrier Frequency Division Multiple Access
  • NR New Radio
  • FIG. 1 shows a block diagram of a wireless communication system to which embodiments of the present application are applicable.
  • the wireless communication system includes a terminal 11 and a network side device 12.
  • the terminal 11 may be a mobile phone, a tablet computer (Tablet Personal Computer), a laptop computer (Laptop Computer), or a notebook computer, a personal digital assistant (Personal Digital Assistant, PDA), a palmtop computer, a netbook, or a super mobile personal computer.
  • Tablet Personal Computer Tablet Personal Computer
  • laptop computer laptop computer
  • PDA Personal Digital Assistant
  • PDA Personal Digital Assistant
  • UMPC ultra-mobile personal computer
  • UMPC mobile Internet device
  • Mobile Internet Device MID
  • AR augmented reality
  • VR virtual reality
  • robots wearable devices
  • VUE vehicle-mounted equipment
  • PUE pedestrian terminal
  • smart home home equipment with wireless communication functions, such as refrigerators, TVs, washing machines or furniture, etc.
  • PC personal computers
  • teller machines or self-service Terminal devices such as mobile phones
  • wearable devices include: smart watches, smart bracelets, smart headphones, smart glasses, smart jewelry (smart bracelets, smart bracelets, smart rings, smart necklaces, smart anklets, smart anklets, etc.), Smart wristbands, smart clothing, etc.
  • the network side device 12 may include an access network device or a core network device, where the access network device 12 may also be called a radio access network device, a radio access network (Radio Access Network, RAN), a radio access network function or Wireless access network unit.
  • the access network device 12 may include a base station, a WLAN access point or a WiFi node, etc.
  • the base station may be called a Node B, an evolved Node B (eNB), an access point, a Base Transceiver Station (BTS), a radio Base station, radio transceiver, Basic Service Set (BSS), Extended Service Set (ESS), Home Node B, Home Evolved Node B, Transmitting Receiving Point (TRP) or all some other appropriate term in the field described, as long as To achieve the same technical effect, the base station is not limited to specific technical terms. It should be noted that in the embodiment of this application, only the base station in the NR system is used as an example for introduction, and the specific type of the base station is not limited.
  • Core network equipment may include but is not limited to at least one of the following: core network nodes, core network functions, mobility management entities (Mobility Management Entity, MME), access mobility management functions (Access and Mobility Management Function, AMF), session management functions (Session Management Function, SMF), User Plane Function (UPF), Policy Control Function (PCF), Policy and Charging Rules Function (PCRF), Edge Application Service Discovery function (Edge Application Server Discovery Function, EASDF), Unified Data Management (UDM), Unified Data Repository (UDR), Home Subscriber Server (HSS), centralized network configuration ( Centralized network configuration (CNC), Network Repository Function (NRF), Network Exposure Function (NEF), Local NEF (Local NEF, or L-NEF), Binding Support Function (Binding Support Function, BSF), application function (Application Function, AF), etc.
  • MME mobility management entities
  • AMF Access and Mobility Management Function
  • SMF Session Management Function
  • UPF User Plane Function
  • PCF Policy Control Function
  • NWDAF 3rd generation partnership project
  • 3GPP 3rd generation partnership project
  • NWDAF has certain intelligent analysis functions. It collects some data and uses built-in algorithms and analysis capabilities to analyze and obtain results, which are provided to 5G core network elements to perform some operational optimization or statistical analysis.
  • the network data analytics function can provide an observation service experience analysis function by collecting the quality of service (QoS) information of the terminal accessing a certain server, such as the uplink rate or Downlink rate, packet loss rate, etc., and output a statistical information, which includes the user experience of the terminal accessing the server; alternatively, NWDAF can predict based on the historical experience of the terminal accessing the server, for example, in a certain time period in the future In a certain area, if the terminal accesses the server, what is the user experience (such as QoS situation) that the terminal may obtain.
  • QoS quality of service
  • the analysis content and/or prediction content that NWDAF can provide are distinguished by analysis IDs.
  • NWDAF can provide corresponding analysis results and/or predictions. result.
  • NWDAF provides observation service experience analysis. Therefore, as long as you obtain the network element of the NWDAF service and enter the analytic ID when requesting analysis or prediction, NWDAF can provide the corresponding analysis results and/or prediction results.
  • the analysis or prediction results corresponding to the analytic ID that NWDAF can currently provide are shown in Table 1.
  • NWDAF can provide the following performance analysis:
  • NWDAF can provide the performance of the access method, for example, the performance of 3GPP access (such as 4G access and 5G access) or non-3GPP access (such as WLAN access) performance; wherein, the performance of this access method includes: the uplink rate or downlink rate after using this access method, the packet loss rate after using this access method, and the reference signal after using this access method Received power (reference signal received power, RSRP), reference signal received quality (reference signal received quality, RSRQ), received signal strength indicator (received signal strength indicator, RSSI), etc.
  • RSRP reference signal received power
  • RSRQ reference signal received quality
  • RSSI received signal strength indicator
  • NWDAF can provide the performance of the slice, for example, the load status of the currently used slice or the service experience of the currently used slice; where, the performance of the currently used slice
  • the load situation includes: the resource usage of the currently used slice, the load level of the currently used slice, etc.
  • the service experience of the currently used slice includes: the uplink rate or downlink rate after using the slice, and the packet loss rate after using the slice. , the delay after using this slice, etc.
  • NWDAF can provide the performance of the DN, such as the average uplink rate or average downlink rate when accessing a certain DN, the packet loss rate when accessing a certain DN, and the average when accessing a certain DN.
  • the packet delay of a DN the maximum packet delay of accessing a certain DN, etc.
  • NWDAF can provide location analysis of the terminal, for example, the start and end time of the terminal at a certain location, the stay interval of the terminal at a certain location, etc.
  • FIG. 2 shows a flow chart of a behavior processing method provided by an embodiment of the present application.
  • the behavior processing method provided by the embodiment of the present application includes the following steps 201 to 204.
  • Step 201 The network side device analyzes the behavior of the terminal.
  • the network side device can detect and analyze the behavior of the terminal, and then send the analysis result of the terminal's abnormal behavior to the terminal. After receiving the analysis result sent by the network side device, the terminal can, based on the analysis result, Make decisions about the behavior of the terminal, so as to handle abnormal behavior of the terminal more intelligently and accurately.
  • the network side device may be a NWDAF, or may be other network elements with the same function or type, which is not limited in the embodiment of the present application.
  • the network side device can detect and analyze the behavior of the terminal after receiving the request message from the terminal.
  • the network-side device automatically detects and analyzes whether the terminal has abnormal behavior without requesting it from the terminal.
  • Step 202 The network side device sends target information to the terminal.
  • the above target information includes analysis results of abnormal behavior of the terminal.
  • the network side device when the network side device determines that the terminal has abnormal behavior, the network side device may send target information to the terminal.
  • the above target information may include analysis results of the terminal's historical behavior, and may also include prediction results of the terminal's future performance.
  • the analysis results of the abnormal behavior of the terminal include at least one of the following: exception ID (except ID), traffic description information, protocol data unit (PDU) session ID, target unit Network slice selection assistance information (single network slice selection assistance information, S-NSSAI), target data network name (DNN) information, target QoS parameters, periodic time (periodic time), scheduled communication time (scheduled communication time) , scheduled communication type, communication duration time, traffic profile, expected transaction dispersion.
  • the above-mentioned anomaly identification is used to indicate a risk detected by the network-side device, and the risk includes at least one of the following: unexpected long-live/large rate flows, suspected distributed Distributed denial of service (DDoS) attack (suspicion of DDoS attack), too frequent Service access (too frequent service access);
  • DDoS distributed Distributed denial of service
  • the above traffic description information includes at least one of the following: application descriptors, Internet protocol (IP) descriptors (IP descriptors), domain name descriptors (domain descriptors), non-IP descriptors (non-IP descriptors), DNN, connection capabilities.
  • IP Internet protocol
  • IP descriptors IP descriptors
  • domain name descriptors domain descriptors
  • non-IP descriptors non-IP descriptors
  • DNN connection capabilities.
  • the above-mentioned application descriptor may include an operating system identifier (operating system identifier, OS ID) and an operating system application identifier (OS application identifier, OS APP ID).
  • the above-mentioned IP descriptor can be a destination IP triplet (IP address or IPv6 network prefix, port number, protocol ID of a protocol above IP) or IP five-tuple information.
  • the above domain name descriptor can be a fully qualified domain name (Fully Qualified Domain Name, FQDN) used as a domain name matching condition.
  • the above-mentioned non-IP descriptor may be source information and/or destination information of non-IP traffic.
  • the above-mentioned DNN is a data network accessed or connected by application traffic. The above connection capabilities match the information provided by the application when requesting a network connection with certain capabilities.
  • the DNN in the above traffic description information may be a characteristic description of abnormal traffic.
  • the target S-NSSAI may be the S-NSSAI recommended for use by the network side device, or may be the S-NSSAI corresponding to abnormal traffic.
  • the above target QoS parameters may be QoS parameters recommended for use by network-side devices, or may be QoS parameters corresponding to abnormal traffic.
  • the above target DNN information can be the DNN recommended for network-side devices, or it can be the DNN corresponding to abnormal traffic. Specifically, it can be determined according to actual usage requirements, and is not limited by the embodiments of this application.
  • the target DNN information is the DNN corresponding to the abnormal traffic
  • the target DNN information and the DNN content in the traffic description information are the same, but the sending form is different.
  • the network side device can send DNN directly to the terminal, or it can send DNN in the form of traffic description.
  • Step 203 The terminal receives target information from the network side device.
  • Step 204 The terminal makes decisions on the behavior of the terminal based on the target information.
  • the behavior of the terminal is first detected and analyzed through the network side device to obtain the analysis result of the abnormal behavior of the terminal, and then the terminal can judge the behavior of the terminal again based on the analysis result to determine the behavior of the terminal. Handle abnormal terminal behavior.
  • Embodiments of the present application provide a behavior processing method.
  • the network side device can detect and analyze the behavior of the terminal, and then send the analysis results of the terminal's abnormal behavior to the terminal. After receiving the analysis results sent by the network side device, the terminal can Based on the analysis results, decisions are made on the behavior of the terminal.
  • the terminal can make decisions on the terminal's behavior based on the analysis results of the terminal's abnormal behavior by the network-side device, so that the terminal can handle the terminal's abnormal behavior more intelligently and accurately based on the assistance of the network.
  • the behavior processing method provided by the embodiment of the present application further includes the following steps 301 and 302.
  • Step 301 The terminal sends a first message to the network side device.
  • the above-mentioned first message includes an abnormal behavior identifier, and the above-mentioned abnormal behavior identifier is used to request analysis or prediction of whether abnormal behavior occurs in the terminal.
  • the above target information is the analysis result corresponding to the abnormal behavior identification.
  • Step 302 The network side device receives the first message sent by the terminal.
  • step 204 can be specifically implemented through the following steps 204a and 204b.
  • Step 204a If it is determined that the behavior of the terminal is abnormal based on the target information, the terminal performs the target operation.
  • Step 204b If it is determined that the behavior of the terminal is normal based on the target information, the terminal ignores the target information.
  • the terminal can determine whether the terminal's behavior is abnormal based on the target information. If it is determined that the terminal's behavior is abnormal, the terminal performs the target operation. If it is determined that the terminal's behavior is normal, the terminal ignores the target information.
  • the terminal determines that the unexpected long duration/large rate traffic is normal operation, the target information is ignored.
  • the network side device will independently handle the abnormal behavior of the terminal.
  • the network side device can analyze the abnormal behavior of the terminal, and then the terminal makes decisions on the terminal's behavior based on the analysis results of the network side device. , so that the abnormal behavior of the terminal can be handled more intelligently and accurately.
  • the analysis results of the abnormal behavior of the terminal include traffic description information.
  • the above target operations include any of the following:
  • the terminal discards or ignores the uplink or downlink data packets corresponding to the traffic description information.
  • the analysis result of the abnormal behavior of the terminal includes a PDU session identifier.
  • the above target operations include any of the following:
  • the above-mentioned PDU session is a PDU session carrying abnormal traffic.
  • the analysis results of the abnormal behavior of the terminal also include at least one of the following: target QoS parameters, target S-NSSAI, and target DNN information.
  • the above process of modifying the PDU session corresponding to the initiated PDU session identifier includes at least one of the following:
  • If the analysis results include target QoS parameters, modify the Qos parameters in the PDU session to the target QoS parameters;
  • If the analysis result includes the target S-NSSAI, modify the S-NSSAI in the PDU session to the target S-NSSAI;
  • the target S-NSSAI is the S-NSSAI recommended by the network side device
  • the target QoS parameter is the QoS parameter recommended by the network side device
  • the target DNN information is the DNN recommended by the network side device.
  • the terminal can modify certain parameters in the PDU session to parameters recommended by the network side device, so that an appropriate PDU session can be intelligently and accurately selected and/or established.
  • the analysis result of the abnormal behavior of the terminal includes at least one of the following: target QoS parameters, target S-NSSAI, and target DNN information
  • the above target operation is not allowed to establish the target information.
  • the corresponding PDU session when the analysis result of the abnormal behavior of the terminal includes at least one of the following: target QoS parameters, target S-NSSAI, and target DNN information, the above target operation is not allowed to establish the target information.
  • target QoS parameters target S-NSSAI, and target DNN information
  • the target S-NSSAI is the S-NSSAI corresponding to the abnormal traffic
  • the target QoS parameter is the QoS parameter corresponding to the abnormal traffic
  • the target DNN information is the DNN corresponding to the abnormal traffic.
  • the terminal since the target information is information corresponding to abnormal traffic, the terminal is not allowed to establish a PDU session corresponding to the target information, so that an appropriate PDU session can be intelligently and accurately selected and/or established.
  • the above target operation is to set the session management (session management, SM) back-off timer (SM back-off timer).
  • the terminal is not allowed to initiate a service request before the expiration of the session management backoff timer.
  • the terminal can set the SM back-off timer using default parameters; or, the terminal can set the SM back-off timer according to the target information (such as cycle time).
  • the target information such as cycle time
  • the execution subject may be a behavior processing device.
  • a behavior processing device executing a behavior processing method is used as an example to illustrate the behavior processing device provided in the embodiments of this application.
  • the behavior processing device 500 includes: a receiving module 501 and a decision-making module 502.
  • the receiving module 501 is used to receive target information from the network side device, where the target information includes the analysis results of the abnormal behavior of the terminal.
  • the decision-making module 502 is used to make decisions on the behavior of the terminal based on the target information.
  • the above-mentioned behavior processing device 500 further includes: a sending module.
  • the sending module is configured to send the first message to the network side device before the receiving module 501 receives the target information from the network side device.
  • the above-mentioned first message includes an abnormal behavior identifier, and the abnormal behavior identifier is used to request analysis or prediction of whether abnormal behavior occurs in the terminal.
  • the above-mentioned decision-making module 502 is specifically configured to perform the target operation when it is determined that the behavior of the terminal is abnormal based on the target information; when it is determined that the behavior of the terminal is normal based on the target information, ignore the target. information.
  • the above analysis results include at least one of the following: exception identification, traffic description information, PDU session identification, target S-NSSAI, target DNN information, target QoS parameters, cycle time, scheduled communication time, Scheduled communication type, communication duration, traffic profile, expected business dispersion.
  • the above-mentioned abnormality identification is used to indicate the risk detected by the network-side device, and the risk includes at least one of the following: unexpected long duration/large rate traffic, suspected DDoS attack, and too frequent service access.
  • the above traffic description information includes at least one of the following: application descriptor, IP descriptor, domain name descriptor, non-IP descriptor, DNN, Connectivity.
  • the above analysis results include traffic description information.
  • the above target operations include any of the following:
  • the terminal discards or ignores the uplink or downlink data packets corresponding to the traffic description information.
  • the above analysis results include a PDU session identifier.
  • the above target operations include any of the following:
  • the PDU session is a PDU session carrying abnormal traffic.
  • the above analysis results also include at least one of the following: target QoS parameters, target S-NSSAI, and target DNN information.
  • the above process of modifying the PDU session corresponding to the initiated PDU session identifier includes at least one of the following:
  • If the analysis results include target QoS parameters, modify the Qos parameters in the PDU session to the target QoS parameters;
  • If the analysis result includes the target S-NSSAI, modify the S-NSSAI in the PDU session to the target S-NSSAI;
  • the above target operation is to not allow the establishment of a PDU session corresponding to the target information.
  • the above target operation is to set a session management backoff timer.
  • the terminal is not allowed to initiate a service request before the expiration of the session management backoff timer.
  • Embodiments of the present application provide a behavior processing device that can make decisions on the behavior of the terminal based on the analysis results of the abnormal behavior of the terminal by the network side device, so that the terminal can more intelligently and accurately respond to the abnormal behavior of the terminal based on the assistance of the network. for processing.
  • a behavior processing device provided by an embodiment of the present application is applied to network side equipment.
  • the behavior processing device 600 includes: an analysis module 601 and a sending module 602.
  • the analysis module 601 is used to analyze the behavior of the terminal.
  • the sending module 602 is configured to send target information to the terminal, where the target information includes the analysis results of the abnormal behavior of the terminal.
  • the above-mentioned behavior processing device 600 further includes: a receiving module.
  • the receiving module is configured to receive the first message sent by the terminal before the analysis module 601 analyzes the behavior of the terminal.
  • the above-mentioned One message includes an abnormal behavior identifier, which is used to request analysis or predict whether abnormal behavior occurs on the terminal.
  • the above analysis results include at least one of the following: exception identification, traffic description information, PDU session identification, target S-NSSAI, target DNN information, target QoS parameters, cycle time, scheduled communication time, Scheduled communication type, communication duration, traffic profile, expected business dispersion;
  • the above-mentioned abnormality identification is used to indicate the risk detected by the network-side device, and the risk includes at least one of the following: unexpected long duration/large rate traffic, suspected DDoS attack, and too frequent service access.
  • the above traffic description information includes at least one of the following: application descriptor, IP descriptor, domain name descriptor, non-IP descriptor, DNN, and connection capability.
  • Embodiments of the present application provide a behavior processing device that can analyze the behavior of a terminal and send analysis results of the terminal's abnormal behavior to the terminal, so that the terminal can make decisions about the behavior of the terminal based on the analysis results, so that the terminal can Network-based assistance handles abnormal terminal behavior more intelligently and accurately.
  • the behavior processing device in the embodiment of the present application may be an electronic device, such as an electronic device with an operating system, or may be a component in the electronic device, such as an integrated circuit or chip.
  • the electronic device may be a terminal or other devices other than the terminal.
  • terminals may include but are not limited to the types of terminals 11 listed above, and other devices may be servers, network attached storage (Network Attached Storage, NAS), etc., which are not specifically limited in the embodiment of this application.
  • NAS Network Attached Storage
  • the behavior processing device provided by the embodiment of the present application can implement each process implemented by the method embodiment in Figure 2 and achieve the same technical effect. To avoid duplication, the details will not be described here.
  • this embodiment of the present application also provides a communication device 700, which includes a processor 701 and a memory 702.
  • the memory 702 stores programs or instructions that can be run on the processor 701, such as , when the communication device 700 is a terminal, when the program or instruction is executed by the processor 701, each step of the above behavior processing method embodiment is implemented, and the same technical effect can be achieved.
  • the communication device 700 is a network-side device, when the program or instruction is executed by the processor 701, each step of the above behavior processing method embodiment is implemented, and the same technical effect can be achieved. To avoid duplication, the details will not be described here.
  • Embodiments of the present application also provide a terminal, including a processor and a communication interface.
  • the communication interface is used to receive target information from a network side device.
  • the target information includes analysis results of abnormal behaviors of the terminal.
  • the processor is used to perform analysis on the terminal based on the target information. behavior decisions.
  • This terminal embodiment corresponds to the above-mentioned terminal-side method embodiment.
  • Each implementation process and implementation manner of the above-mentioned method embodiment can be applied to this terminal embodiment, and can achieve the same technical effect.
  • FIG. 6 is a schematic diagram of the hardware structure of a terminal that implements an embodiment of the present application.
  • the terminal 800 includes but is not limited to: a radio frequency unit 801, a network module 802, an audio output unit 803, an input unit 804, a sensor 805, a display unit 806, a user input unit 807, an interface unit 808, a memory 809, a processor 810, etc. At least some parts.
  • the terminal 800 may also include a power supply (such as a battery) that supplies power to various components.
  • the power supply may be logically connected to the processor 810 through a power management system, thereby managing charging, discharging, and power consumption through the power management system. Management and other functions.
  • the terminal structure shown in Figure 6 does not constitute a limitation on the terminal.
  • the terminal can include It may include more or fewer components than those shown in the figures, or combine certain components, or arrange different components, which will not be described again here.
  • the input unit 804 may include a graphics processing unit (Graphics Processing Unit, GPU) 8041 and a microphone 8042.
  • the graphics processor 8041 is responsible for the image capture device (GPU) in the video capture mode or the image capture mode. Process the image data of still pictures or videos obtained by cameras (such as cameras).
  • the display unit 806 may include a display panel 8061, which may be configured in the form of a liquid crystal display, an organic light emitting diode, or the like.
  • the user input unit 807 includes a touch panel 8071 and at least one of other input devices 8072 .
  • Touch panel 8071 also known as touch screen.
  • the touch panel 8071 may include two parts: a touch detection device and a touch controller.
  • Other input devices 8072 may include but are not limited to physical keyboards, function keys (such as volume control keys, switch keys, etc.), trackballs, mice, and joysticks, which will not be described again here.
  • the radio frequency unit 801 after receiving downlink data from the network side device, the radio frequency unit 801 can transmit it to the processor 810 for processing; in addition, the radio frequency unit 801 can send uplink data to the network side device.
  • the radio frequency unit 801 includes, but is not limited to, an antenna, amplifier, transceiver, coupler, low noise amplifier, duplexer, etc.
  • Memory 809 may be used to store software programs or instructions as well as various data.
  • the memory 809 may mainly include a first storage area for storing programs or instructions and a second storage area for storing data, wherein the first storage area may store an operating system, an application program or instructions required for at least one function (such as a sound playback function, Image playback function, etc.) etc.
  • memory 809 may include volatile memory or non-volatile memory, or memory 809 may include both volatile and non-volatile memory.
  • non-volatile memory can be read-only memory (Read-Only Memory, ROM), programmable read-only memory (Programmable ROM, PROM), erasable programmable read-only memory (Erasable PROM, EPROM), electrically removable memory. Erase programmable read-only memory (Electrically EPROM, EEPROM) or flash memory.
  • Volatile memory can be random access memory (Random Access Memory, RAM), static random access memory (Static RAM, SRAM), dynamic random access memory (Dynamic RAM, DRAM), synchronous dynamic random access memory (Synchronous DRAM, SDRAM), double data rate synchronous dynamic random access memory (Double Data Rate SDRAM, DDRSDRAM), enhanced synchronous dynamic random access memory (Enhanced SDRAM, ESDRAM), synchronous link dynamic random access memory (Synch link DRAM) , SLDRAM) and direct memory bus random access memory (Direct Rambus RAM, DRRAM).
  • RAM Random Access Memory
  • SRAM static random access memory
  • DRAM dynamic random access memory
  • DRAM synchronous dynamic random access memory
  • SDRAM double data rate synchronous dynamic random access memory
  • Double Data Rate SDRAM Double Data Rate SDRAM
  • DDRSDRAM double data rate synchronous dynamic random access memory
  • Enhanced SDRAM, ESDRAM enhanced synchronous dynamic random access memory
  • Synch link DRAM synchronous link dynamic random access memory
  • SLDRAM direct memory bus
  • the processor 810 may include one or more processing units; optionally, the processor 810 integrates an application processor and a modem processor, where the application processor mainly handles operations related to the operating system, user interface, application programs, etc., Modem processors mainly process wireless communication signals, such as baseband processors. It can be understood that the above modem processor may not be integrated into the processor 810.
  • the radio frequency unit 801 is used to receive target information from the network side device, where the target information includes the analysis results of the abnormal behavior of the terminal.
  • the processor 810 is used to make decisions on the behavior of the terminal based on the target information.
  • the radio frequency unit 801 is also configured to send the first message to the network side device before receiving the target information from the network side device.
  • the first message is used to request analysis or prediction of whether abnormal behavior occurs in the terminal.
  • the processor 810 is specifically configured to determine abnormal behavior of the terminal based on the target information. If the behavior of the terminal is determined to be normal based on the target information, the target information is ignored.
  • Embodiments of the present application also provide a network side device, including a processor and a communication interface.
  • the processor is used to analyze the behavior of the terminal, and the communication interface is used to send target information to the terminal.
  • the target information includes the analysis results of the terminal's abnormal behavior.
  • This network-side device embodiment corresponds to the above-mentioned network-side device method embodiment.
  • Each implementation process and implementation manner of the above-mentioned method embodiment can be applied to this network-side device embodiment, and can achieve the same technical effect.
  • the network side device 900 includes: a processor 901, a network interface 902 and a memory 903.
  • the network interface 902 is, for example, a common public radio interface (CPRI).
  • CPRI common public radio interface
  • the network side device 900 in this embodiment of the present invention also includes: instructions or programs stored in the memory 903 and executable on the processor 901.
  • the processor 901 calls the instructions or programs in the memory 903 to execute each of the steps shown in Figure 4. The method of module execution and achieving the same technical effect will not be described in detail here to avoid duplication.
  • Embodiments of the present application also provide a readable storage medium.
  • Programs or instructions are stored on the readable storage medium.
  • the program or instructions are executed by a processor, each process of the above behavioral processing method embodiment is implemented, and the same can be achieved. The technical effects will not be repeated here to avoid repetition.
  • the processor is the processor in the terminal described in the above embodiment.
  • the readable storage medium includes computer readable storage media, such as computer read-only memory ROM, random access memory RAM, magnetic disk or optical disk, etc.
  • An embodiment of the present application further provides a chip.
  • the chip includes a processor and a communication interface.
  • the communication interface is coupled to the processor.
  • the processor is used to run programs or instructions to implement the above behavior processing method embodiment. Each process can achieve the same technical effect. To avoid duplication, it will not be described again here.
  • chips mentioned in the embodiments of this application may also be called system-on-chip, system-on-a-chip, system-on-chip or system-on-chip, etc.
  • Embodiments of the present application further provide a computer program/program product.
  • the computer program/program product is stored in a storage medium.
  • the computer program/program product is executed by at least one processor to implement the above behavioral processing method embodiment.
  • Each process can achieve the same technical effect. To avoid repetition, we will not go into details here.
  • Embodiments of the present application also provide a communication system, including: a terminal and a network side device.
  • the terminal can be used to perform the steps of the behavior processing method as described above.
  • the network side device can be used to perform the behavior processing as described above. Method steps.
  • the methods of the above embodiments can be implemented by means of software plus the necessary general hardware platform. Of course, it can also be implemented by hardware, but in many cases the former is better. implementation.
  • the technical solution of the present application can be embodied in the form of a computer software product that is essentially or contributes to the existing technology.
  • the computer software product is stored in a storage medium (such as ROM/RAM, disk , CD), including several instructions to cause a terminal (which can be a mobile phone, computer, server, air conditioner, or network device, etc.) to execute the methods described in various embodiments of this application.

Abstract

La présente demande divulgue un procédé et un appareil de traitement de comportement, ainsi qu'un terminal, un dispositif côté réseau et un support. Le procédé de traitement de comportement dans les modes de réalisation de la présente demande comprend les étapes suivantes : un terminal reçoit des informations cibles en provenance d'un dispositif côté réseau, les informations cibles comprenant un résultat d'analyse d'un comportement anormal du terminal ; et le terminal prend une décision concernant un comportement du terminal sur la base des informations cibles.
PCT/CN2023/090602 2022-04-27 2023-04-25 Procédé et appareil de traitement de comportement, ainsi que terminal, dispositif côté réseau et support WO2023207984A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202210459394.1A CN117014922A (zh) 2022-04-27 2022-04-27 行为处理方法、装置、终端、网络侧设备及介质
CN202210459394.1 2022-04-27

Publications (1)

Publication Number Publication Date
WO2023207984A1 true WO2023207984A1 (fr) 2023-11-02

Family

ID=88517783

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2023/090602 WO2023207984A1 (fr) 2022-04-27 2023-04-25 Procédé et appareil de traitement de comportement, ainsi que terminal, dispositif côté réseau et support

Country Status (2)

Country Link
CN (1) CN117014922A (fr)
WO (1) WO2023207984A1 (fr)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109698760A (zh) * 2017-10-23 2019-04-30 华为技术有限公司 一种流量处理方法和用户面装置以及终端设备
CN111770490A (zh) * 2019-04-02 2020-10-13 电信科学技术研究院有限公司 一种确定终端行为分析的方法和设备
CN111918280A (zh) * 2019-05-07 2020-11-10 华为技术有限公司 一种终端信息的处理方法、装置及系统
US20200396657A1 (en) * 2019-06-11 2020-12-17 Spirent Communications, Inc. Abnormal mobility pattern detection for misbehaving devices
CN113271541A (zh) * 2020-02-17 2021-08-17 大唐移动通信设备有限公司 终端行为数据的获取方法、发送方法、装置及网络设备
CN114390567A (zh) * 2020-10-22 2022-04-22 大唐移动通信设备有限公司 一种异常处理方法、终端及存储介质

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109698760A (zh) * 2017-10-23 2019-04-30 华为技术有限公司 一种流量处理方法和用户面装置以及终端设备
CN111770490A (zh) * 2019-04-02 2020-10-13 电信科学技术研究院有限公司 一种确定终端行为分析的方法和设备
CN111918280A (zh) * 2019-05-07 2020-11-10 华为技术有限公司 一种终端信息的处理方法、装置及系统
US20200396657A1 (en) * 2019-06-11 2020-12-17 Spirent Communications, Inc. Abnormal mobility pattern detection for misbehaving devices
CN113271541A (zh) * 2020-02-17 2021-08-17 大唐移动通信设备有限公司 终端行为数据的获取方法、发送方法、装置及网络设备
CN114390567A (zh) * 2020-10-22 2022-04-22 大唐移动通信设备有限公司 一种异常处理方法、终端及存储介质

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
CHINA MOBILE, NEC: "TS 23.288 Performance Improvement and Supervision of general mode for mIoT Terminals", 3GPP DRAFT; S2-1900504-TS 23.288 PERFORMANCE IMPROVEMENT AND SUPERVISION OF GENERAL MODE FOR MIOT TERMINALS, 3RD GENERATION PARTNERSHIP PROJECT (3GPP), MOBILE COMPETENCE CENTRE ; 650, ROUTE DES LUCIOLES ; F-06921 SOPHIA-ANTIPOLIS CEDEX ; FRANCE, vol. SA WG2, no. Kochi, India; 20190121 - 20190125, 15 January 2019 (2019-01-15), Mobile Competence Centre ; 650, route des Lucioles ; F-06921 Sophia-Antipolis Cedex ; France , XP051568589 *

Also Published As

Publication number Publication date
CN117014922A (zh) 2023-11-07

Similar Documents

Publication Publication Date Title
WO2023093720A1 (fr) Procédé et appareil de traitement de données
WO2023207984A1 (fr) Procédé et appareil de traitement de comportement, ainsi que terminal, dispositif côté réseau et support
CN116846771A (zh) 业务操作方法、装置、终端及可读存储介质
WO2023185850A1 (fr) Procédés et appareils d'optimisation de règles de politique ursp, terminal, dispositif côté réseau et support
WO2023179558A1 (fr) Procédé de collecte de données et dispositif de communication
WO2023179571A1 (fr) Procédé et appareil d'accès à un réseau non public et terminal
KR20210048836A (ko) 네트워크 기능 통합방법 및 장치
WO2023143414A1 (fr) Procédé et appareil de transmission de données, procédé et appareil de configuration, terminal et dispositif côté réseau
WO2024061091A1 (fr) Procédé et appareil de communication de réseau, et dispositif côté réseau, terminal et support
WO2023179709A1 (fr) Procédé et appareil de traitement d'informations, dispositif de communication et support de stockage lisible
WO2023143423A1 (fr) Procédé et dispositif d'acquisition, de stockage et de rapport d'informations, terminal et fonction de réseau
WO2023179595A1 (fr) Procédé et appareil d'établissement de canal de session pour un dispositif non 3gpp, et dispositif
WO2024017244A1 (fr) Procédé et appareil d'envoi d'informations, procédé et appareil de réception d'informations, et dispositif associé
WO2024088195A1 (fr) Procédé de communication et procédé de réception de résultat d'exécution, et terminal et dispositif côté réseau
WO2023143436A1 (fr) Procédé et appareil de transfert de données, dispositif terminal et dispositif de réseau
WO2023216961A1 (fr) Procédé et appareil de traitement d'informations de protection de confidentialité, et dispositif de communication
WO2023151585A1 (fr) Procédés de rapport et d'acquisition de capacité de surface cible de terminal, terminal, et dispositif de réseau
WO2024022370A1 (fr) Procédés d'acquisition et de transmission d'informations, procédés d'accès au serveur et d'établissement de session, et dispositif
WO2023165480A1 (fr) Procédé et appareil de transmission de données, terminal, dispositif et support de stockage
WO2024078589A1 (fr) Procédé et appareil de rapport d'informations, dispositif de communication et support de stockage
WO2024012373A1 (fr) Procédé et appareil de transmission d'informations de modèle d'ia, et dispositif
WO2024067331A1 (fr) Procédé de commutation de dispositif dans un réseau personnel de l'internet des objets, et procédé et dispositif de communication
WO2024061256A1 (fr) Procédé et appareil de configuration de règle de transfert, terminal, et dispositif côté réseau
WO2024017191A1 (fr) Procédé et appareil d'interaction, et dispositif et support de stockage
WO2023185728A1 (fr) Procédé et appareil de traitement de service, et terminal, dispositifs côté réseau et support de stockage lisible

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 23795416

Country of ref document: EP

Kind code of ref document: A1