The exemplary embodiments of the present disclosure provide a method and an apparatus for detecting an abnormal roaming request which acquires information of user equipment which sends a roaming request message, calculates a risk of the roaming request message using a roaming request location and a roaming request time of the user equipment, and safely processes the request according to the risk.

A device may receive provisioning data identifying an application server and a user equipment. The device may provide a request for reachability data associated with the user equipment and may receive the reachability data. The device may cause a trigger for a packet and data identifying the application server to be provided to the user equipment. The device may receive, from the user equipment, the packet that includes a network address and a port identifier of a port of the user equipment. The device may provide, to a firewall associated with the application server, an identifier, the network address, and the port identifier. The device may cause, via the firewall, the reachability data, the network address, and the port identifier to be provided to the application server to enable the application server to provide data to the user equipment.

A device may receive provisioning data identifying an application server and a user equipment. The device may provide a request for reachability data associated with the user equipment and may receive the reachability data. The device may cause a trigger for a packet and data identifying the application server to be provided to the user equipment. The device may receive, from the user equipment, the packet that includes a network address and a port identifier of a port of the user equipment. The device may provide, to a firewall associated with the application server, an identifier, the network address, and the port identifier. The device may cause, via the firewall, the reachability data, the network address, and the port identifier to be provided to the application server to enable the application server to provide data to the user equipment.

Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

Systems and methods for inspection of traffic between UE and the core network to mitigate DDoS attacks on mobile networks are provided. According to one embodiment, the method involves parsing SCTP packets and monitoring header anomalies to block anomalous packet floods. According to another embodiment, a memory table maintains requesting S1AP-IDs which have sent certain monitored commands and then blocking those which are sending these messages at abnormally high rates. According to yet another embodiment, a packet classifier parses the GTP-U protocol, unwraps the encapsulated IP packet and then monitors layer 3, 4 and 7 rate-based attacks such as UDP, ICMP, SYN, HTTP GET floods and drops them to protect the targeted Internet server as well as mobile infrastructure (e.g., the MME, the SGW, the PGW, and the PDN) downstream from the DDoS mitigation system.

The present disclosure relates to a 4G or 5G core network system (10). The system (10) comprises a plurality of network functions (15) in a 4G or 5G core network (11), wherein the network functions (15) are configured to communicate with each other using data packets. The system (10) further comprises at least one deep packet inspection (DPI) engine (13) which is configured to process the data packets and to analyze a protocol stack of said data packets in order to detect security-relevant activities in the 4G or 5G core network (11).

An encrypted intelligence networking system that takes car to car communication/C-V2X to the next stage of vehicle safety by enhancing how auto owners report vehicles stolen, while affording law enforcement tools that allow disabling and faster detection of stolen vehicles. Secured Network Intelligence That Contacts Help (SNITCH) system, designed for installation on vehicles which require DMV registration, would rely on 4G LTE and or 5G networks to quickly transmit data through secured bluetooth features, enabling stolen vehicles to release stolen status info and other vehicle information (e.g. VIN, direction of travel, owner contact information, etc.) exclusively to law enforcement vehicles within the desired range for communication. Upon detection of a stolen vehicle, officers would have the option to activate Offender Apprehension Mode (OAM), a feature designed to disable accelerating components and prevent high-speed chases that often end with deadly crashes.

Device Assisted Services (DAS) for protecting network capacity is provided. In some embodiments, DAS for protecting network capacity includes monitoring a network service usage activity of the communications device in network communication; classifying the network service usage activity for differential network access control for protecting network capacity; and associating the network service usage activity with a network service usage control policy based on a classification of the network service usage activity to facilitate differential network access control for protecting network capacity.

Device Assisted Services (DAS) for protecting network capacity is provided. In some embodiments, DAS for protecting network capacity includes monitoring a network service usage activity of the communications device in network communication; classifying the network service usage activity for differential network access control for protecting network capacity; and associating the network service usage activity with a network service usage control policy based on a classification of the network service usage activity to facilitate differential network access control for protecting network capacity.

A method for automatic steering of client devices accessing a network to a different access point on the network is provided. A network controller of the network device automatically identifies a pre-determined type of electronic client device gaining access to the network and automatically designates the client device as non-steerable when identified as the predetermined type of electronic client device. Thus, when the network controller selects a client device for being steered to a different access point of the network during a steering event, client devices designated as non-steerable by the network controller are prevented from being steered and only client devices that are not designated as non-steerable are available as candidates to be steered. A network device is also provided.