System and method for detecting GTP (GPRS Tunnel Protocol) attack

A technology of attacking packets and monitoring units, applied in transmission systems, electrical components, wireless communications, etc., can solve problems such as service interruption, firewalls that cannot filter GTP attacks, disconnection, etc., to achieve the effect of resisting GTP attacks

Inactive Publication Date: 2012-08-15
SIEMENS AG
View PDF2 Cites 14 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

In addition, since SGSN and GGSN only delete or update the PDP context according to the tunnel endpoint identifier (TEID), where TEID is a 4-byte integer, in this case, if the attacker traverses all TEIDs, online users using these TEIDs Will be forced to disconnect from the GPRS connection, causing business interruption
At present, for GTP attacks, the common solution is to deploy firewalls on the Gp interface, but ordinary firewalls cannot filter GTP attacks, and even high-cost GTP-aware firewalls cannot detect GTP attacks using forged source IP addresses.

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • System and method for detecting GTP (GPRS Tunnel Protocol) attack
  • System and method for detecting GTP (GPRS Tunnel Protocol) attack
  • System and method for detecting GTP (GPRS Tunnel Protocol) attack

Examples

Experimental program
Comparison scheme
Effect test

Embodiment 1

[0037] The system for detecting GTP attacks provided by this embodiment is mainly used for in-depth detection of GTP layer features of GTP control plane data packets, and its internal structure is as follows: image 3 As shown, that is, in the present embodiment, the above-mentioned GTP feature information monitoring unit 1 includes: a GTP monitoring module 11, which is used to monitor the GTP control plane data packet on the Gp interface of the GPRS network, and record the GTP control plane data packet monitored. GTP layer characteristics.

[0038] At this point, the GTP attack analysis and alarm unit 2 includes: a first judging module 21 for judging whether the monitored GTP control plane data packet is a GTP attack packet according to the GTP layer characteristics of the GTP control plane data packet reported by the GTP monitoring module 11.

[0039] Specifically, the above-mentioned GTP monitoring module 11 can capture the GTP control plane data packet on the Gp interface ...

Embodiment 2

[0065] The system for detecting GTP attacks provided by this embodiment is mainly used for in-depth detection of IP layer characteristics of GTP control plane data packets, and its internal structure is as follows: Figure 5 As shown, that is, in the present embodiment, the above-mentioned GTP characteristic information monitoring unit 1 includes: an IP monitoring module 12, which is used to monitor the GTP control plane data packets on the Gp interface of the GPRS network, and record the monitored GTP control plane data packets IP layer characteristics.

[0066] At this point, the GTP attack analysis and alarm unit 2 includes: a second judging module 22 for judging whether the monitored GTP control plane data packets are GTP attack packets according to the IP layer characteristics of the GTP control plane data packets reported by the IP monitoring module 12.

[0067] Specifically, the above-mentioned IP monitoring module 12 can capture the GTP control plane data packet on the...

Embodiment 3

[0080] The system for detecting GTP attacks provided by this embodiment is mainly used for in-depth detection of the flow behavior of GTP control plane data packets, and its internal structure is as follows: Figure 7 As shown, that is, in the present embodiment, the above-mentioned GTP characteristic information monitoring unit 1 includes: a traffic behavior monitoring module 13, which is used to monitor the GTP control plane data packets on the Gp interface of the GPRS network, and record the monitored GTP control plane data packets traffic behavior characteristics.

[0081] At this point, the GTP attack analysis and alarm unit 2 includes: a third judging module 23, for judging whether the monitored GTP control plane data packet is a GTP attack according to the traffic behavior characteristics of the GTP control plane data packet reported by the traffic behavior monitoring module 13 Bag.

[0082] Wherein, the traffic behavior monitoring module 13 calculates the sending freq...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention discloses a system and method for detecting GTP (GPRS Tunnel Protocol) attack, wherein the system for detecting the GTP attack comprises a GTP characteristic information monitoring unit and a GTP attack analyzing and alarming unit, wherein the GTP characteristic information monitoring unit is used for monitoring a GTP control plane data packet on a general packet radio service (GPRS) network Gp interface (roaming interface) and recording characteristic information of the monitored GTP control plane data packet; and the GTP attack analyzing and alarming unit is used for judging whether the monitored GTP control plane data packet is a GTP attack packet according to the characteristic information reported by the GTP characteristic information monitoring unit, wherein the characteristic information of the GTP control plane data packet comprises a GTP layer characteristic and / or a IP layer characteristic and / or a flow behavior characteristic of the GTP control plane data packet. According to the invention, the GTP attack can be effectively detected and resisted.

Description

technical field [0001] The invention relates to the technical field of General Packet Radio Service (GPRS), in particular to a system and method for detecting GPRS Tunneling Protocol (GTP) attacks. Background technique [0002] The GPRS network has a data network architecture and can provide mobile users with packet-switched data services connected to the Internet or enterprise networks. In the existing GPRS network, the mobile station connects to the GPRS system through the Serving GPRS Support Node (SGSN). The main function of SGSN is to provide data support services for MS. The SGSN is connected to the GPRS Gateway Support Node (GGSN) through the GPRS Tunneling Protocol (GTP). GGSN provides the data gateway function from GPRS network to external network (such as public Internet or enterprise network). SGSN and GGSN may be collectively referred to as a GPRS Support Node (GSN). The interface between GSNs in the same public land mobile communication network (PLMN) is cal...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Applications(China)
IPC IPC(8): H04L29/06H04W12/06
Inventor 隋爱芬郭代飞李高
Owner SIEMENS AG
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap