Methods, systems, and computer readable media for mitigating network security attacks by linking network function (NF) discovery results with subsequent messages at proxy NF

What is claimed is: 1 . A method for mitigating network security attacks by linking network function (NF) discovery results to subsequent messages, the method comprising: receiving, at a proxy NF, NF discovery messages; reading, by the proxy NF, consumer-NF-identifying parameters and producer-NF-identifying parameters from the NF discovery messages, wherein reading, by the proxy NF, consumer-NF-identifying parameters and producer-NF-identifying parameters from the NF discovery messages includes reading a consumer NF instance Id from an NF discovery request message and at least one producer NF instance Id from discovery results in an NF discovery response message; creating, by the proxy NF, records in an NF-discovery-linked security database maintained by the proxy NF, wherein the records include the consumer-NF-identifying parameters and the producer-NF-identifying parameters read from the NF discovery messages; receiving, by the proxy NF, a service-based interface (SBI) request message; screening, by the proxy NF and using the records in the NF-discovery-linked security database, the SBI request message; and performing, by the proxy NF, a network security action for the SBI request message based on results of the screening. 2 . The method of claim 1 wherein the proxy NF comprises a security edge protection proxy (SEPP). 3 . The method of claim 2 wherein receiving the NF discovery messages includes receiving inter-public land mobile network (PLMN) NF discovery messages. 4 . The method of claim 1 wherein the proxy NF comprises a service communication proxy (SCP). 5 . The method of claim 4 wherein receiving the NF discovery messages are transmitted between a mobile network operator (MNO) network and a mobile virtual network operator (MVNO) network. 6 . The method of claim 1 wherein creating the records includes creating a record that contains the consumer NF instance Id and the at least one producer NF instance Id. 7 . The method of claim 1 wherein screening the SBI request message includes: reading, from the SBI request message, a consumer-NF-identifying parameter and a producer-NF-identifying parameter; and determining whether the NF-discovery-linked security database includes a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter read from the SBI request message. 8 . The method of claim 7 wherein performing the network security action includes, when the NF-discovery-linked security database includes a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter read from the SBI request message, forwarding the SBI request message to a producer NF. 9 . The method of claim 7 wherein performing the network security action includes, when the NF-discovery-linked security database does not include a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter read from the SBI request message, blocking the SBI request message. 10 . A system for mitigating network security attacks by linking network function (NF) discovery results to subsequent messages, the system comprising: a proxy NF including at least one processor and a memory; and an NF-discovery-linked security manager executable by the at least one processor for receiving NF discovery messages, reading consumer-NF-identifying parameters and producer-NF-identifying parameters from the NF discovery messages, creating records in an NF-discovery-linked security database stored in the memory, wherein the records include the consumer-NF-identifying parameters and the producer-NF-identifying parameters read from the NF discovery messages, the NF-discovery-linked security manager for receiving a service-based interface (SBI) request message, screening, using the records in the NF-discovery-linked security database, the SBI request message, and performing a network security action for the SBI request message based on results of the screening, wherein the consumer-NF-identifying parameters include a consumer NF instance Id read from an NF discovery request message and at least one producer NF instance Id read from NF discovery results in an NF discovery response message and the records include a record that contains the consumer NF instance Id and the at least one producer NF instance Id. 11 . The system of claim 10 wherein the proxy NF comprises a security edge protection proxy (SEPP). 12 . The system of claim 11 wherein the NF discovery messages comprise inter-public land mobile network (PLMN) NF discovery messages. 13 . The system of claim 10 wherein the proxy NF comprises a service communication proxy (SCP). 14 . The system of claim 13 wherein the NF discovery messages are transmitted between a mobile network operator (MNO) network and a mobile virtual network operator (MVNO) network. 15 . The system of claim 10 wherein, in screening the SBI request message, the NF-discovery-linked security manager is configured to: read, from the SBI request message, a consumer-NF-identifying parameter and a producer-NF-identifying parameter; and determine whether the NF-discovery-linked security database includes a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter in the SBI request message. 16 . The system of claim 15 wherein, in performing the network security action, the NF-discovery-linked security manager is configured to, when the NF-discovery-linked security database includes a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter read from the SBI request message, forward the SBI request message to a producer NF. 17 . The system of claim 15 wherein, in performing the network security action, the NF-discovery-linked security manager is configured to, when the NF-discovery-linked security database does not include a record that contains the consumer-NF-identifying parameter and the producer-NF-identifying parameter read from the SBI request message, block the SBI request message. 18 . A non-transitory computer readable medium having stored thereon executable instructions that when executed by a processor of a computer control the computer to perform steps comprising: receiving, at a proxy network function (NF), NF discovery messages; reading, by the proxy NF, producer NF and consumer-NF-identifying parameters from the NF discovery messages, wherein reading, by the proxy NF, consumer-NF-identifying parameters and producer-NF-identifying parameters from the NF discovery messages includes reading a consumer NF instance Id from an NF discovery request message and at least one producer NF instance Id from discovery results in an NF discovery response message; creating, by the proxy NF, records in an NF-discovery-linked security database maintained by the proxy NF, wherein the records include the consumer NF and producer-NF-identifying parameters read from the NF discovery messages; receiving, by the proxy NF, a service-based interface (SBI) request message; screening, by the proxy NF and using the records in the NF-discovery-linked security database, the SBI request message; and performing, by the proxy NF, a network security action for the SBI request message based on results of the screening.