Method and system for defending a mobile network from a fraud

摘要

A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

主权项

1. A method comprising:
receiving information associated with a general packet radio service (GPRS) tunneling protocol (GTP) request from a serving node to a gateway node in a mobile network, wherein the information associated with the GTP request is a GTP control plane request or a call detail record (CDR) associated with the GTP request; intercepting network traffic between the serving node and the gateway node by an intercept node; redirecting the network traffic from the intercept node to a monitoring node; analyzing parameters contained in the information associated with the GTP request at the monitoring node; and determining that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network.