System and method for correlating network information with subscriber information in a mobile network environment

摘要

A method is provided in one example embodiment and includes receiving information for network traffic in a wireless network; correlating the information with a subscriber of a plurality of subscribers; and generating a behavior profile for the subscriber based on the information over a period of time.

主权项

1. A method comprising:
receiving, at an out of band network threat behavior analysis engine, a plurality of records containing information related to network traffic associated with a network connection between a packet data network and a subscriber device of a plurality of subscriber devices in a mobile network, wherein the information is to include a network address and application metadata of at least one application used by the subscriber device, wherein the network traffic is intercepted by a network security device that generates the plurality of records; extracting at least some of the application metadata from the plurality of records; correlating the information with a mobile telephone number of the subscriber device based on the network address from the information being mapped to subscriber device information of the subscriber device in a memory element that maps subscriber device information of authenticated subscriber devices in the mobile network to real-time network addresses of the authenticated subscriber devices; and generating a network behavior profile for the subscriber device based, at least in part, on the extracted application metadata, wherein the network behavior profile is to include a characterization of network traffic sent by the subscriber device, an identification of one or more applications used by the subscriber device, and an identification of communications by the subscriber device to one or more websites.