| 发明名称 | System and method for correlating security events with subscriber information in a mobile network environment | ||
| 摘要 | A method is provided in one example embodiment and includes receiving a subscriber accounting start packet for a subscriber device in a mobile network environment. The method also includes extracting, from the subscriber accounting start packet, subscriber device information and a network address of the subscriber device. The method further includes mapping the network address to the subscriber device information, and then correlating the subscriber device information and a security event when the security event is detected in subscriber data network traffic associated with the subscriber device. In a specific embodiment, the subscriber device information includes at least one of an International Mobile Equipment Identity (IMEI), an International Mobile Subscriber Identity (IMSI), a Mobile Station International Subscriber Directory Number (MSISDN), and an access point name (APN). In further embodiments, an identification of the security event and one or more items of the subscriber device information are provided to a user. | ||
| 申请公布号 | US9338657(B2) | 申请公布日期 | 2016.05.10 |
| 申请号 | US201213652923 | 申请日期 | 2012.10.16 |
| 申请人 | McAfee, Inc. | 发明人 | Gupta Bikram Kumar;Ammoor Anbalagan Elanthiraiyan;Subramanian Sakthikumar;Gupta Manish |
| 分类号 | H04W72/04;H04W12/12;H04L12/26;H04L29/06;H04L29/12 | 主分类号 | H04W72/04 |
| 代理机构 | Patent Capital Group | 代理人 | Patent Capital Group |
| 主权项 | 1. A method, comprising: identifying one or more first packets as subscriber accounting traffic associated with a subscriber device in a mobile network environment; extracting, from a subscriber accounting start packet of the one or more first packets, subscriber device information and a network address of the subscriber device; mapping, in a first memory element, the network address to the subscriber device information; identifying one or more second packets as subscriber data network traffic; and correlating the subscriber device information and a security event if the security event is detected in the one or more second packets and if the one or more second packets are associated with the subscriber device, wherein the correlating comprises: searching the first memory element for at least one of a source network address and a destination network address of the one or more second packets;obtaining, from the first memory element, the subscriber device information mapped to the network address of the subscriber device, when the network address of the subscriber device corresponds to one of the source network address and the destination network address. | ||
| 地址 | Santa Clara CA US | ||