Security protection method and device in 5g network, network element and storage medium
By generating user information tables within each network element of the 5G network and parsing the source IP address and user-related ID in the data packets, the problem of identifying spoofed and hijacked network elements sending attack messages is solved, thus improving the security and identification accuracy of the 5G network.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- CHINA UNITED NETWORK COMM GRP CO LTD
- Filing Date
- 2022-09-28
- Publication Date
- 2026-07-03
AI Technical Summary
Existing technologies cannot effectively identify attack messages sent by counterfeit and hijacked 5G network elements, leading to security risks for 5G networks.
Within the 5G network, each network element generates a user information table, parses the source IP address and user-related ID in the data packet, matches it against the user information table to determine the legality of the data packet, and implements corresponding security protection measures.
It improves the accuracy of identifying abnormal data sent by counterfeit and hijacked network elements, enhances the security of 5G networks, and reduces reliance on external security devices.
Smart Images

Figure CN115567942B_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of communication technology, and in particular to a method, apparatus, network element, and computer-readable storage medium for security protection inherent in 5G networks. Background Technology
[0002] 5G networks face the risk of attackers impersonating or hijacking 5G network elements to launch attacks. If these impersonated or hijacked network elements send attack messages to users or other network elements, it will have serious consequences for the 5G network.
[0003] Currently, attack messages are mainly filtered through a 5G network element whitelist. This method is effective in identifying attack messages sent by impersonating 5G core network elements, but it requires manual configuration, has low timeliness, and cannot identify attack messages sent by hijacked 5G network elements, thus leading to security risks for 5G networks. Summary of the Invention
[0004] The technical problem to be solved by the present invention is to address the above-mentioned shortcomings of the prior art by providing a security protection method, device, network element and computer-readable storage medium inherent in 5G networks, so as to at least solve the problem that the related technologies cannot effectively identify attack messages sent by counterfeit network elements and cannot identify attack messages sent by hijacked network elements, which leads to security risks to 5G networks.
[0005] In a first aspect, the present invention provides a security protection method inherent in a 5G network, comprising: parsing data packets of a target user sent by a target network element to obtain the source IP address and the target user-related ID (IdentityDocument) in the data packets; obtaining a preset user information table of the target user based on the target user-related ID; determining whether the IP address (Internet Protocol Address) of the target network element in the user information table is consistent with the source IP address in the data packets; and implementing security protection measures for the data packets based on the determination result.
[0006] Preferably, before parsing the data packets of the target user sent by the target network element, the method further includes: providing network services to the accessed target user; generating a corresponding user information table for the target user to obtain a preset user information table of the target user, wherein the user information table includes the ID related to the target user and the IP addresses of other network elements that interact with it and provide network services to the target user.
[0007] Preferably, the target user-related ID includes at least one of the following: Packet Data Unit (PDU) Session ID, User Permanent Identifier (SUPI), User Hidden Identifier (SUCI), Globally Unique Temporary Identifier (5G-GUTI), Access and Mobility Management Function (AMF) UE NGAP ID, Radio Access Network (RAN) UE NGAP ID, and Full Session Endpoint Identifier (F-SEID).
[0008] Preferably, the step of implementing security protection measures for the data packet based on the judgment result specifically includes: in response to the inconsistency of the judgment result, determining that the data packet is abnormal data and implementing security protection measures for the data packet; in response to the consistency of the judgment result, determining that the data packet is normal data and processing the data packet accordingly according to the network service process.
[0009] Preferably, the implementation of security protection measures for the data packet specifically includes: discarding the data packet and issuing a warning to other network elements to indicate that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
[0010] Preferably, after the response is consistent with the judgment result and the data packet is determined to be normal data, the method further includes: receiving data packets of the target user sent by the target network element within a preset time period; determining whether the number of data packets of the target user exceeds a risk threshold; and, in response to the number of data packets of the target user exceeding the risk threshold, issuing a warning to other network elements to indicate that the target network element is a risky network element, and discarding subsequent data packets sent by the target network element.
[0011] Secondly, the present invention also provides a 5G network-inherent security protection device, comprising: a parsing module, used to parse data packets of a target user sent by a target network element to obtain the source IP address and the target user-related ID in the data packet; an acquisition module, connected to the parsing module, used to acquire a preset user information table of the target user based on the target user-related ID; a judgment module, connected to the parsing module and the acquisition module, used to judge whether the IP address of the target network element in the user information table is consistent with the source IP address in the data packet; and an implementation module, connected to the judgment module, used to implement security protection measures for the data packet based on the judgment result.
[0012] Preferably, the device further includes a service module and a generation module. The service module is used to provide network services to the accessed target users, and the generation module, connected to the service module, is used to generate a corresponding user information table for the target users to obtain a preset user information table for the target users. The user information table includes the ID related to the target user and the IP addresses of other network elements that interact with the target user and provide network services to the target user.
[0013] Preferably, the implementation module includes a security protection unit. The security protection unit is used to discard data packets and issue warnings to other network elements, indicating that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
[0014] Thirdly, the present invention also provides a network element, including a memory and a processor, wherein the memory stores a computer program, and the processor is configured to run the computer program to implement the 5G network-inherent security protection method as described in any of the first aspects.
[0015] Fourthly, the present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein when the computer program is executed by a processor, it implements the 5G network-inherent security protection method as described in any one of the first aspects.
[0016] The present invention provides a 5G network-inherent security protection method, device, network element, and computer-readable storage medium. This method generates a preset user information table for each user served within each network element, then parses the source IP address and user-related ID from the data packets sent by the target network element. Based on the user-related ID, it locates the preset user information table, and then matches the source IP address in the data packet with the IP address of the target network element in the user information table. Based on the matching result, it determines whether the data packet is normal and provides corresponding security protection measures to prevent hijacked or impersonated network elements from sending abnormal data for network attacks, thus threatening 5G network security. Attached Figure Description
[0017] Figure 1 This is an application scenario of a 5G network-inherent security protection method as described in Example 1;
[0018] Figure 2 This is a flowchart illustrating a 5G network-inherent security protection method according to Embodiment 1 of the present invention.
[0019] Figure 3 A schematic diagram of the user information table stored in a 5G base station gNB;
[0020] Figure 4 A schematic diagram of the user information table stored in the AMF for access and mobility management functions;
[0021] Figure 5 A schematic diagram of the user information table stored in SMFSMF for session management functions;
[0022] Figure 6 A schematic diagram of the user information table stored in the UPF for the user face function;
[0023] Figure 7A diagram illustrating the user information table stored by AUSF for the authentication service function;
[0024] Figure 8 User information stored in the Unified Data Management (UDM) system represents intent;
[0025] Figure 9 This is a schematic diagram of the structure of a 5G network-inherent security protection device according to Embodiment 2 of the present invention;
[0026] Figure 10 This is a schematic diagram of the structure of a network element in Embodiment 3 of the present invention. Detailed Implementation
[0027] To enable those skilled in the art to better understand the technical solution of the present invention, the embodiments of the present invention will be further described in detail below with reference to the accompanying drawings.
[0028] It is understood that the specific embodiments and accompanying drawings described herein are merely for explaining the invention and are not intended to limit the invention.
[0029] It is understood that, without conflict, the various embodiments and features in the embodiments of the present invention can be combined with each other.
[0030] It is understood that, for ease of description, only the parts related to the present invention are shown in the accompanying drawings, while the parts unrelated to the present invention are not shown in the drawings.
[0031] It is understood that each unit or module involved in the embodiments of the present invention may correspond to only one entity structure, or may be composed of multiple entity structures, or multiple units or modules may be integrated into one entity structure.
[0032] It is understood that, without conflict, the functions and steps marked in the flowcharts and block diagrams of this invention may occur in a different order than that marked in the accompanying drawings.
[0033] It is understood that the flowcharts and block diagrams of this invention illustrate the possible architecture, functions, and operations of systems, apparatuses, devices, and methods according to various embodiments of this invention. Each block in the flowchart or block diagram may represent a unit, module, program segment, or code, containing executable instructions for implementing the specified function. Furthermore, each block or combination of blocks in the block diagram and flowchart can be implemented using a hardware-based system to achieve the specified function, or using a combination of hardware and computer instructions.
[0034] It is understood that the units and modules involved in the embodiments of the present invention can be implemented by software or by hardware. For example, the units and modules can be located in a processor.
[0035] Example 1:
[0036] like Figure 1 The diagram illustrates an application scenario for an inherent security protection method in 5G networks. After a user accesses the 5G network, they are provided with services by 5G network elements such as base stations, Access and Mobility Management Functions (AMF), Session Management Functions (SMF), and User Plane Functions (UPF), which exchange data normally with each other. Simultaneously, there is also normal data exchange between these network elements. However, 5G network elements such as base stations, AMF, SMF, and UPF may be maliciously impersonated or hijacked by attackers, resulting in abnormal data being sent to legitimate users. These abnormal data are then analyzed and discarded by each network element, and the security risk is reported to the network management system to improve the security of the 5G network.
[0037] like Figure 2 As shown, this embodiment provides a 5G network-inherent security protection method, applied to network elements. The network element can be any 5G network element among 5G base station gNB, Access and Mobility Management Function (AMF), Session Management Function (SMF), User Plane Function (UPF), Authentication Service Function (AUSF), and Unified Data Management Function (UDM). The 5G network-inherent security protection method includes:
[0038] Step 101: Parse the data packets sent by the target network element to the target user to obtain the source IP address and the ID related to the target user in the data packets.
[0039] In this embodiment, after a 5G user accesses the 5G network, they will camp on a specific base station. Simultaneously, corresponding 5G network elements such as AMF, SMF, UPF, and AUSF will interact with the user to provide network services. For example, in data packets exchanged between the current 5G network element and other network elements, the source IP address, destination IP address, and user-related ID will be carried. When the current network element receives a data packet from another target network element, it parses the source IP address and the target user-related ID from the data packet. The target user-related ID is an ID used to identify the user, and the ID may have various forms in different network elements.
[0040] Optionally, before parsing the data packets sent by the target network element to the target user, the 5G network-native security protection method further includes: providing network services to the accessed target user; generating a corresponding user information table for the target user to obtain a preset user information table for the target user, wherein the user information table includes the target user's ID and the IP addresses of other network elements that interact with it and provide network services to the target user.
[0041] In this embodiment, the user is the unit of measurement. After a target user accesses the 5G network, the gNB, AMF, SMF, UPF, AUSF, and UDM network elements that interact with the target user generate and maintain a user information table for each target user. When a target user goes offline or a network element stops providing services to a target user, the user information table corresponding to that target user is deleted from the network element's local database. Therefore, after a target user accesses the 5G network, each network element providing network services to the target user will generate a user information table. It should be noted that, due to the different functions of different network elements, the user-related IDs in the preset user information tables generated by different network elements may be different. For example, the user-related ID fields stored in the gNB include the user's SUPI, SUCI, 5G GUTI, PDU session ID, AMF UE NGAP ID, RAN UE NGAP ID, etc.; the user-related ID fields stored in the AMF include the user's SUPI, SUCI, 5G GUTI, PDU session ID, AMF UE NGAP ID, RAN UE NGAP ID, etc.; the user-related ID fields stored in the SMF include the user's PDU session ID, F-SEID, etc.; the user-related ID fields stored in the UPF include the PDU session ID, F-SEID, etc.; the user-related ID fields stored in the AUSF include the user's SUPI, SUCI, etc.; and the user-related ID fields stored in the UDM include the user's SUPI, SUCI, etc. Figure 3 As shown, columns 1, 2, and 3 of the user information table header stored in the gNB are the user-related IDs, and columns 4 and 5 are the IP addresses of other network elements (AMF and UPF) that interact with the gNB and provide network services to the user. Figure 4 As shown, in the header of the user information table stored in the AMF, columns 1, 2, and 3 are the user-related IDs; columns 4-8 are the IP addresses corresponding to the base station, SMF, UDM, AUSF, and NSSF, respectively; and the network elements in columns 4-8 are the network elements that interact with the AMF network elements and provide network services to the same user. Figure 5 As shown, in the header of the user information table stored in SMF, columns 1 and 2 are the user's ID, and columns 3-6 are the IP addresses of other network elements that interact with SMF network elements and provide network services to this user. Figure 6 As shown, the first and second columns of the header of the user information table stored in the UPF are the user's ID, and the third and fourth columns are the IP addresses of other network elements that interact with the UPF network element and provide network services to this user. Figure 7 As shown, the first column of the user information table stored in AUSF contains the user's ID, and the second and third columns contain the IP addresses of other network elements that interact with AUSF network elements and provide network services to this user. Figure 8As shown, the first column of the header of the user information table stored in the UDM is the user's ID, and columns 2-4 are the IP addresses of other network elements that interact with the UDM network element and provide network services to this user. Since each network element sees a different user's identity information ID, and each network element connects and interacts with different network elements, the content of the user information table generated and maintained by each network element is different.
[0042] Optionally, the target user-related ID includes at least one of the following: Packet Data Unit (PDU) Session ID, User Permanent Identifier (SUPI), User Hidden Identifier (SUCI), Globally Unique Temporary Identifier (5G-GUTI), Access and Mobility Management Function (AMF) UE NGAP ID, Radio Access Network (RAN) UE NGAP ID, and Full Session Endpoint Identifier (F-SEID).
[0043] Step 102: Obtain the preset user information table of the target user based on the target user's related ID.
[0044] In this embodiment, taking the data interaction between two network elements, AMF and SMF, as an example, the main interaction between them is the exchange of PDU sessions to establish or release related messages. The user-related IDs included are primarily PDU Session IDs. For example, when the current network element AMF receives a data packet from the target network element SMF for a target user, it parses the data packet to obtain the source IP address (i.e., the IP address of the target network element SMF) and the target user's related ID. In this case, the target user's related ID refers to the PDU Session ID. The current network element AMF then retrieves the target user's user information table stored locally based on the parsed PDU Session ID, because the current network element AMF stores the user information table corresponding to this PDU Session ID.
[0045] Step 103: Determine whether the IP address of the target network element in the user information table is consistent with the source IP address in the data packet.
[0046] In this embodiment, it is determined whether the IP address of the target network element SMF obtained through parsing matches the IP address of the SMF in the acquired user information table. In other words, a matching analysis is performed based on the source IP address in the data packet and the target user's user information table stored locally on the current network element. In a 5G network, there are multiple 5G network elements, especially SMF, UPF, and gNB, which are more vulnerable to hijacking or spoofing by attackers when deployed to the user side. If a 5G network element A is hijacked by an attacker, it may send abnormal data packets to the user to launch an attack. Taking network element B as an example, since the IP addresses of each network element in its stored user information table are the IP addresses of other network elements that provide network services to a certain user and interact with network element B, if the source IP address in the data packet received by network element B is not in its stored user information table, it indicates that the data packet is abnormal data. It may be a data packet sent to network element B by a network element impersonated by an attacker, or it may be a data packet sent to network element B by network element A after being hijacked by an attacker. Therefore, by judging whether the IP address is consistent, it is possible to determine whether the target network element is an impersonated network element or a hijacked network element, thereby identifying whether the data packet it sends is normal data. This method is simple to identify attack information and has high accuracy.
[0047] Step 104: Implement security protection measures for the data packet based on the judgment result.
[0048] Specifically, in response to inconsistent judgment results, the data packet is determined to be abnormal data, and security protection measures are implemented for the data packet; in response to consistent judgment results, the data packet is determined to be normal data, and the data packet is processed accordingly according to the network service process.
[0049] Optionally, security protection measures are implemented for the data packets, specifically including: discarding the data packets and issuing warnings to other network elements to indicate that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
[0050] In this embodiment, for example, when network element A provides services to a target user, it normally only communicates with network elements C and D, and not with network element B. Therefore, the user information table of the target user stored in network element B does not contain the IP address of network element A. When network element A is hijacked, the attacker may use network element A to send a message to network element B. Upon receiving the message, network element B will find that the source IP address of the data packet does not exist in the user information table (i.e., network element B finds that the network element with the source IP address of the data packet should not be interacting with network element B), and thus determines that this data packet is abnormal. Similarly, if an attacker impersonates a network element, and the IP address of the newly impersonated network element is not in the user information table stored in the normal network element B, if network element B finds that the source IP address of the received data packet does not exist in the user information table, then it will determine that this data packet is abnormal. If it is determined to be normal data, the data packet is processed according to the normal procedure. If the data is determined to be abnormal, the current network element discards the data packet without processing it; at the same time, it reports the security risk to the network management system or control center to indicate that the target network element may be a counterfeit or hijacked network element. The network management center or control center then verifies and controls the risky target network element, or issues an early warning to other network elements in the network to indicate that the target network element may be a counterfeit or hijacked network element. Other network elements then discard the data sent by the risky target network element, thereby improving network security.
[0051] Optionally, since the hijacked network element may simultaneously send attack data to the original communicating network element, and the original communicating network element stores the IP address of the hijacked network element in its user information table, in order to better identify abnormal data and hijacked risky network elements, after the response is consistent with the judgment result and the data packet is determined to be normal data, the method further includes: receiving data packets of the target user sent by the target network element within a preset time period; determining whether the number of data packets of the target user exceeds a risk threshold; and in response to the number of data packets of the target user exceeding the risk threshold, issuing a warning to other network elements to indicate that the target network element is a risky network element, and discarding subsequent data packets sent by the target network element.
[0052] In this embodiment, the security of the 5G network is improved by further determining whether the target network element has been hijacked based on whether the frequency of the data packets sent by the target network element exceeds the risk threshold.
[0053] This embodiment of the 5G network's inherent security protection method enhances security within each network element by generating a user information table for the users it serves. It then parses the source IP address and user-related ID from data packets sent by the target network element. Based on the user-related ID, it locates a pre-defined user information table and matches the source IP address in the data packet with the target network element's IP address in the user information table. The matching result determines whether the data packet is normal and provides corresponding security protection measures to prevent hijacked or spoofed network elements from sending abnormal data for network attacks, threatening 5G network security. Furthermore, by judging whether the IP address matches, it determines whether the target network element is a spoofed or hijacked element, thereby identifying whether the data packets it sends are normal. This method is simple and highly accurate in identifying attack information, capable of identifying abnormal data sent by network elements not in the asset list, as well as abnormal data sent by network elements in the asset list that have been hijacked by attackers. Moreover, the 5G network element itself discovers and processes abnormal data without relying on external security devices and systems. In addition, security risks are reported to the network management system or control center to indicate that the target network element may be a counterfeit or hijacked network element. The network management center or control center can then verify and control the risky target network element, or issue a warning to other network elements in the network, which can then discard the data sent by the risky target network element, thereby improving the security of 5G networks.
[0054] Example 2:
[0055] like Figure 9 As shown, this embodiment provides a 5G network-inherent security protection device, including:
[0056] The parsing module 91 is used to parse the data packets of the target user sent by the target network element to obtain the source IP address and the ID related to the target user in the data packets.
[0057] The acquisition module 92, connected to the parsing module 91, is used to obtain a preset user information table of the target user based on the ID related to the target user.
[0058] The judgment module 93, connected to the parsing module 91 and the acquisition module 92, is used to determine whether the IP address of the target network element in the user information table is consistent with the source IP address in the data packet.
[0059] The implementation module 94, connected to the judgment module 93, is used to implement security protection measures for the data packet based on the judgment result.
[0060] Optionally, the security protection devices inherent in 5G networks also include service modules and generation modules.
[0061] The service module is used to provide network services to the target users who have accessed the network.
[0062] The generation module, connected to the service module, is used to generate a corresponding user information table for the target user to obtain a preset user information table for the target user. The user information table includes the ID related to the target user and the IP addresses of other network elements that interact with it and provide network services to the target user.
[0063] Optionally, the target user-related ID includes at least one of the following: Packet Data Unit (PDU) Session ID, User Permanent Identifier (SUPI), User Hidden Identifier (SUCI), Globally Unique Temporary Identifier (5G-GUTI), Access and Mobility Management Function (AMF) UE NGAP ID, Radio Access Network (RAN) UE NGAP ID, and Full Session Endpoint Identifier (F-SEID).
[0064] The implementation module is used to determine that the data packet is abnormal data in response to a discrepancy in the judgment results, and to implement security protection measures for the data packet. It is also used to determine that the data packet is normal data in response to a consistent judgment result, and to process the data packet accordingly according to the network service process.
[0065] Optionally, the implementation module includes a security protection unit.
[0066] The security protection unit is used to discard data packets and issue warnings to other network elements to indicate that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
[0067] Optionally, the implementation module may also include a receiving component, a judging component, and a processing component.
[0068] The receiving component is used to receive data packets from the target user sent by the target network element within a preset time period.
[0069] The judgment component, connected to the receiving component, is used to determine whether the number of data packets of the target user exceeds the risk threshold.
[0070] The processing component, connected to the judgment component, is used to issue a warning that the target network element is a risky network element in response to the number of data packets of the target user exceeding the risk threshold, and to discard subsequent data packets sent by the target network element.
[0071] Example 3:
[0072] like Figure 10 As shown, this embodiment provides a network element, including a memory 11 and a processor 12. The memory 11 stores a computer program, and the processor 12 is configured to run the computer program to implement the 5G network-inherent security protection method as described in Embodiment 1.
[0073] Example 4:
[0074] This embodiment provides a computer-readable storage medium storing a computer program thereon. When the computer program is executed by a processor, it implements the 5G network-inherent security protection method as described in Embodiment 1.
[0075] The 5G network-inherent security protection device in Embodiment 2, the network element in Embodiment 3, and the computer-readable storage medium in Embodiment 4 are used to enhance the security of each network element, generate user information tables for the users it serves, parse the source IP address and user-related ID in the data packets sent by the target network element, locate the preset user information table based on the user-related ID, and match whether the source IP address in the data packet matches the IP address of the target network element in the user information table. Based on the matching result, it determines whether the data packet is normal and provides corresponding security protection measures to prevent hijacked or spoofed network elements from sending abnormal data to launch network attacks and threaten 5G network security. Furthermore, it is used to determine whether the IP address matches to determine whether the target network element is a spoofed or hijacked network element, thereby identifying whether the data packets it sends are normal. This method is simple and accurate in identifying attack information, and can identify abnormal data sent by network elements not in the asset list, as well as abnormal data sent by network elements in the asset list that have been hijacked by attackers. Moreover, the 5G network element itself discovers and processes abnormal data without relying on external security devices and systems. In addition, risk warnings are issued to the network management center, control center, or other network elements in the network to indicate that the target network element is a counterfeit or hijacked network element, thereby improving the security of 5G networks.
[0076] It is understood that the above embodiments are merely exemplary implementations used to illustrate the principles of the present invention, and the present invention is not limited thereto. For those skilled in the art, various modifications and improvements can be made without departing from the spirit and essence of the present invention, and these modifications and improvements are also considered to be within the scope of protection of the present invention.
Claims
1. A security protection method inherent in 5G networks, characterized in that, Applied to network elements, including: Parse the data packets sent by the target network element to the target user to obtain the source IP address and the target user's ID in the data packets; Retrieve the preset user information table of the target user based on the target user's related ID; Determine whether the IP address of the target network element in the user information table is consistent with the source IP address in the data packet; Based on the judgment result, implement security protection measures for the data packet. Prior to parsing the data packets sent by the target network element to the target user, the method further includes: Provide network services to the target users who have accessed the network; A corresponding user information table is generated for the target users to be served, so as to obtain a preset user information table for the target users. The user information table includes the ID related to the target user and the IP address of other network elements that interact with it and provide network services to the target user. The content of the user information table generated by each network element is different, and the user-related IDs in the user information tables generated by different network elements are different.
2. The 5G network-inherent security protection method according to claim 1, characterized in that, The target user-related ID includes at least one of the following: Packet Data Unit (PDU) Session ID, User Permanent Identifier (SUPI), User Hidden Identifier (SUCI), Globally Unique Temporary Identifier (5G-GUTI), Access and Mobility Management Function (AMF) UE NGAP ID, Radio Access Network (RAN) UE NGAP ID, and Full Session Endpoint Identifier (F-SEID). The security protection measures implemented for the data packet based on the judgment result specifically include: In response to the inconsistency in the judgment results, the data packet is determined to be abnormal data, and security protection measures are implemented for the data packet; If the judgment result is consistent, the data packet is determined to be normal data, and the data packet is processed accordingly according to the network service process.
3. The 5G network-inherent security protection method according to claim 2, characterized in that, Implementing security protection measures for the data packets specifically includes: The data packet is discarded, and a warning is issued to other network elements to indicate that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
4. The 5G network-inherent security protection method according to claim 2, characterized in that, After the response matches the judgment result and the data packet is determined to be normal data, the method further includes: Receive data packets from the target user sent by the target network element within a preset time period; Determine whether the number of data packets for the target user exceeds the risk threshold; In response to the number of data packets from the target user exceeding the risk threshold, an early warning is issued to other network elements to indicate that the target network element is a risky network element, and subsequent data packets sent by the target network element are discarded.
5. A security protection device inherent in a 5G network, characterized in that, include: The parsing module is used to parse data packets sent by the target network element to the target user, in order to obtain the source IP address and the target user's related ID from the data packets. The acquisition module, connected to the parsing module, is used to retrieve a preset user information table for the target user based on the target user's associated ID. The judgment module, connected to the parsing module and the acquisition module, is used to determine whether the IP address of the target network element in the user information table is consistent with the source IP address in the data packet. The implementation module, connected to the judgment module, is used to implement security protection measures for the data packet based on the judgment result. It also includes service modules and generation modules. The service module is used to provide network services to the target users who have accessed the network. The generation module, connected to the service module, is used to generate a corresponding user information table for the target user to obtain a preset user information table for the target user. The user information table includes the ID related to the target user and the IP addresses of other network elements that interact with it and provide network services to the target user. The content of the user information table generated by each network element is different, and the user-related IDs in the user information tables generated by different network elements are different.
6. The 5G network-inherent security protection device according to claim 5, characterized in that, The implementation module includes a security protection unit. The security protection unit is used to discard data packets and issue warnings to other network elements to indicate that the target network element is a risky network element, including impersonated network elements and hijacked network elements.
7. A network element, characterized in that, It includes a memory and a processor, wherein the memory stores a computer program and the processor is configured to run the computer program to implement the 5G network-inherent security protection method as described in any one of claims 1-4.
8. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by the processor, it implements the 5G network-inherent security protection method as described in any one of claims 1-4.