| 摘要 |
The present invention relates to a method of detecting anomalies in signaling flows in a communication device connected to a database. In accordance with the method, a communication device receives (301) labeled learning signaling flows and feeds these flows to the database, the signaling flows being labeled to either normal signaling flows or to different signaling flows indicative of attacks. Then a profile specific classification model is built (307) by using the learning signaling flows contained in the database, the profile being a model that characterizes a signaling flow that corresponds to either a packet, transaction or dialog. Next the learning signaling flows are classified (309), the signaling flows being classified to either normal signaling flows or to different signaling flows indicative of attacks, the classification being based on the classification model. Then a new signaling flow is received (317) and at least one attribute is extracted from the received signaling flow, and by using the at least one extracted (319) attribute for the received signaling flow is classified either to a normal signaling flow or to a signaling flow indicative of an attack, the classification being based on the classification model.
|
