Relay apparatus
US-2019028479-A1 · Jan 24, 2019 · US
System to detect behaviour in a telecommunications network
US10924500B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10924500-B2 |
| Application number | US-201314646554-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 22, 2013 |
| Priority date | Nov 22, 2012 |
| Publication date | Feb 16, 2021 |
| Grant date | Feb 16, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system is provided for detecting behaviour of a mobile telecommunications device in a telecommunications network. Malware in mobile devices can cause malicious behaviour in the device, for example sequential attaching and detaching of an infected device relative to a telecommunications network. A telecommunications network is provided which is configured to identify at least one mobile telecommunications device and to receive signals from the mobile telecommunications device and process the signals into data streams. The data streams include data of a first type arranged to cause an event of a first type within the telecommunications network. The network is arranged to monitor an occurrence in the data streams of the data of the first type and to register when the occurrence exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network. A device for detection of mobile device behaviour is also described.
First claim
Opening claim text (preview).
The invention claimed is: 1. A system comprising: a telecommunications network configured to identify mobile telecommunications device and comprising a core network and a base station, wherein the base station is configured to receive radio signals from the mobile telecommunications device and further process the radio signals into processed signals and to transmit the processed signals to the core network, wherein the telecommunications network is arranged to count in the core network a number of occurrences of a certain predetermined signal associated with the mobile telecommunications device, the certain predetermined signal representing an interaction between network devices in the core network for normal processing of signals, and wherein the telecommunications network is further arranged to register when the number of occurrences of the certain predetermined signal exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network, wherein the certain predetermined signal indicates handover of the mobile telecommunications device. 2. The system according to claim 1 , wherein the telecommunications network is arranged to count in the core network the number of occurrences of the certain predetermined signal by counting a number of times occurrence of the certain predetermined signal is detected when the number of occurrences exceed a predetermined temporal rate, and wherein the telecommunications network is further arranged to register when the number of times the occurrence of the certain predetermined signal detected exceeds a predetermined threshold. 3. The system according to claim 2 , wherein the telecommunications network is arranged to count the number of occurrences of the certain predetermined signal when a time between a detected occurrence and a previously detected occurrence is within a predetermined time interval. 4. The system according to claim 3 , wherein the telecommunications network includes a counter and a timer, and wherein the telecommunications network is arranged to start the counter upon detection of the occurrence and further to start the timer, and wherein the telecommunications network is further arranged to increase the counter by one unit if a following occurrence is within the predetermined time interval as measured by the timer. 5. The system according to claim 1 , wherein the telecommunications network is further configured to detect when the number of occurrences of the certain predetermined signal exceeds a predetermined rate. 6. The system according to claim 5 , wherein the telecommunications network includes a counter and a timer, and wherein the telecommunications network is arranged to start the counter upon detection of the occurrence and further to start the timer, and wherein the telecommunications network is further arranged to calculate a rate as a ratio of a counted number of detected occurrences to time as measured by the timer. 7. The system according to claim 1 , wherein the telecommunications network is arranged to register when the number of occurrences of the certain predetermined signal exceeds the level for acceptable behaviour by setting a flag and/or starting a back off timer. 8. The system according to claim 1 , wherein the telecommunications network is further arranged to monitor a tracking area of the mobile telecommunications device and to register the number of occurrences of the certain predetermined signal only when the monitoring of tracking area shows that the mobile telecommunications device remains within a single tracking area. 9. The system according to claim 1 , wherein the telecommunications network is arranged to count the number of occurrences of the certain predetermined signal in a Mobility Management Entity or Serving Gateway Support Node or Mobile Switching Center of the telecommunications network. 10. The system according to claim 1 , wherein the telecommunications network is further configured to: identify at least one additional mobile telecommunications device, receive radio signals from the at least one additional mobile telecommunications device and to process these radio signals into processed signals and to transmit the processed signals to the core network, count in the core network a number of occurrences of a certain predetermined signal associated with the at least one additional mobile telecommunications device, the certain predetermined processed signal representing an interaction between network devices for normal processing of signals, register when the number of occurrences of a certain predetermined signal associated with the at least one additional mobile telecommunications device exceeds a level indicating acceptable behaviour of the at least one additional mobile telecommunications device within the telecommunications network, wherein the telecommunications network is further arranged to aggregate registered data of the mobile telecommunications device and the at least one additional mobile telecommunications device, and wherein the certain predetermined signal associated with the at least one additional mobile telecommunications device indicates handover of the at least one additional mobile telecommunications device. 11. A method for detecting behaviour of a mobile telecommunications device in a telecommunications network comprising a core network, the telecommunications network including a base station, the method comprising: at the base station, receiving radio signals from the mobile telecommunications device, and processing the radio signals into processed signals and transmitting the processed signals to the core network; in the telecommunications network, identifying the mobile telecommunications device; the telecommunications network counting, in the core network, a number of occurrences of a certain predetermined signal associated with the mobile telecommunications device, the certain predetermined signal representing an interaction between network devices in the core network for normal processing of signals; and registering when the number of occurrences of the certain predetermined signal exceeds a level indicating acceptable behaviour of the mobile telecommunications device in the telecommunications network, wherein the certain predetermined signal indicates handover of the mobile telecommunications device.
Assignees
Inventors
Classifications
- H04L63/1425Primary
Traffic logging, e.g. anomaly detection · CPC title
- H04W24/08Primary
Testing, {supervising or monitoring} using real traffic · CPC title
Terminal devices · CPC title
- H04L63/14Primary
for detecting or protecting against malicious traffic · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10924500B2 cover?
- A system is provided for detecting behaviour of a mobile telecommunications device in a telecommunications network. Malware in mobile devices can cause malicious behaviour in the device, for example sequential attaching and detaching of an infected device relative to a telecommunications network. A telecommunications network is provided which is configured to identify at least one mobile teleco…
- Who is the assignee on this patent?
- Koninklijke Kpn Nv, TNO, Nederlandse Organisatie Voor Toegepast—Natuurwetenschappelijk Onderzoek Tno
- What technology area does this patent fall under?
- Primary CPC classification H04L63/1425. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 16 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).