• 专利附录
  • 专利说明
  • 权利要求
  • 类似技术
  • 同族专利
  • 引用文献
  • 法律状态
  • 优先权
    • 专利摘要:
    A method in a telecommunication network using slices using Network slicing technology to implement telecommunication connections. The method provides a communication service in a production slice (21), and directs communications related to potential security threats to a test slice (31) emulating said production environment for further analysis.
    公开号:FI20175322A1
    申请号:FI20175322
    申请日:2017-04-07
    公开日:2018-10-08
    发明作者:Lauri Isotalo
    申请人:Elisa Oyj;
    IPC主号:
    专利说明:

    TELECOMMUNICATIONS SECURITY
    The present invention relates generally to data security in telecommunications networks.
    Information security is an important aspect of data processing and telecommunications.
    We now offer a new kind of security solution.
    A first aspect of the invention provides a method in a telecommunication network using slices according to network slicing technology for implementing telecommunication connections. The method provides a teleservice in a production slice, and directs communications related to potential security threats to a test slice emulating said production environment for further analysis.
    In one embodiment, communication in said production slice is examined, a potential security threat is detected as a result of said investigation, and the communication associated with the detected potential security threat is routed to a test slice emulating said production environment for more detailed analysis.
    In one embodiment, said control comprises the steps of disconnecting a communication link communicating communication related to said security threat in a slice in production, and opening the communication connection in said test slice.
    In one embodiment, the communication of the new application or terminal is directed to said test environment emulating test slice 30 for further analysis before connecting the traffic of said new application or terminal to the production environment.
    20175322 prh 07-04-2017
    In one embodiment, communication is conditional from said test slice to said in-use slice based on analysis performed on said test slice.
    In one embodiment, said method is implemented in a security logical network element.
    In one embodiment said security threats searching a logical network element responsible for the specification of the terminal or an application communication lähtöviipaleesta kohdeviipaleeseen controlling the said terminal or application of network elements involved in establishing a communications link to break the open communications link, and altering establishing a communications link connection settings of the participating network elements of said certain terminal or application corresponding to said kohdeviipaletta, wherein said terminal device or an application when requested to open a new connection, said new connection is opened to said target slice.
    In one embodiment, said output slice is said production slice and said target slice is said test slice or said output slice is said test slice and said target slice is said production slice.
    In one embodiment, said test slice offers greater opportunities for exploiting security vulnerabilities than the slice in production. For example, a test slice may provide one or more of the following: extended permissions to transport to different locations or addresses, in-use slices to use different protocols, in-use slices to provide more limited security protections in network devices and / or terminals and / or applications.
    Another aspect of the invention provides a device comprising a processor configured to control said device to perform a method according to the first aspect or one of its related embodiments.
    A third aspect of the invention provides a computer program comprising computer executable program code which, when executed, directs the device to perform a method according to the first aspect or one of its related embodiments.
    The computer program of the third aspect may comprise program code which may be executed, for example, by any of the following: a general-purpose processor, a microprocessor, an application-specific integrated circuit, and a digital signal processor. The computer program according to the third aspect may be stored on computer-readable media. Such media may be, for example, a floppy disk, CDROM, DVD, memory stick or other magnetic or optical storage media.
    The invention will now be described, by way of example, with reference to the accompanying drawings, in which:
    Figure 1
    Figure 2
    Figure 3
    Figure 4
    Figure 5
    Fig. 6 is a simplified system view illustrating network slicing technology;
    illustrates a solution according to an embodiment;
    illustrates a solution according to another embodiment;
    20175322 prh 07-04-2017 is a communication scheme according to an embodiment;
    is a communication scheme according to an embodiment; and illustrates a device according to an embodiment.
    For 5G networks (Fifth Generation Telecommunication Network), network slicing technology has been defined which allows the physical resources 30 of the telecommunication network to be distributed to a plurality of logically separate virtual networks or network slices. Network slicing technology is defined in 3GPP Technical Report TR 23.799 V14.0.0 (2016-12).
    20175322 prh 07-04-2017
    Embodiments of the present invention provide a security solution for use in a telecommunications network using network slicing technology to implement communications connections. According to one embodiment, a test environment emulating the production environment is used to analyze the communication associated with a potential 5 security threat. In one embodiment, communication related to a potential security threat is routed from the production environment to a test slice emulating the production environment for more detailed analysis and follow-up. In one embodiment, the traffic is directed to a test slice emulating the production environment for more detailed analysis and follow-up before allowing the traffic to enter the production environment.
    In one embodiment, communication is investigated in a slice used in production and a potential security threat is detected as a result of said investigation. As a result, communications related to a potential security threat are routed to a test slice emulating 15 production environments for further analysis and follow-up. In other words, communication related to a potential security threat is isolated from the production environment in a separate test slice where traffic can be further investigated.
    In one embodiment, a parallel connection using a test slice is established alongside the communication using the slice in production and this communication passing through the parallel slice is further analyzed to detect possible security threats. Thus, in this case, the communication is not isolated from the production environment, but the use of 25 slices in production remains unchanged.
    In one embodiment, a new logical network element is provided, which may be referred to as, for example, the Network Security Controller. This new network element controls other logical and / or physical network elements of the communication network such that, if necessary, communication is directed to a test slice. In addition, this new network element examines traffic in production slices and test slices and detects potential security threats.
    The following are examples of things that a Network Security Controller element or a similar communications research element can do in a slice that is in production use. One or more of these may be performed.
    It looks for port knocking in traffic.
    It registers the domestic IP addresses to which you are attempting to communicate, but to which the device or application in question should not communicate.
    It registers the foreign IP addresses to which traffic is attempted.
    It registers incoming traffic, which should not be.
    It registers a significant increase in traffic from a particular terminal.
    It registers the protocols (eg telnet, http, https, ssh, rdp, ftp, IRC, etc.) that the device or application in question wants to open.
    It detects when the device or application in question attempts to authenticate (e.g., with a username and password) to the network device of the production slice or to one of the 15 IP addresses of the open traffic directions.
    It detects if a terminal intended for a specific restricted use (eg Elisa Entertainment) attempts to establish a direct IP connection to another similar terminal.
    If any of these are detected, in one embodiment, it is stated that a potential security threat and any or part of the traffic is diverted to a test slice out of the production environment or in a test slice of in-service communications. Here, a threat score can be given, which gives a score for the observations received in a particular time window, which can be used to establish the existence of a security threat.
    to use a slice along with being formed e.g.
    20175322 prh 07-04-2017
    The following is a list of features that can be implemented in a test slice. The test slice may implement one or more of these. At least some of the features are those that can activate features in the malicious application that would not otherwise be activated, and thus it may be possible to catch a malicious application not otherwise noticed in the test slice.
    The ip space used in the test slice may be wider than the production environment. In this way, the terminal or application in question and possibly there
    20175322 prh 07-04-2017 The malicious application can see corporate LANs, individual internet connections, bank ip addresses, foreign web addresses, etc. more than in a production environment. For the sake of simplicity, this wider ip space used by the test slice is not shown in Figures 2 and 3.
    The communication protocols used in the test slice are not limited at all, so the malicious application can also use eg IRC and peer-to-peer protocols.
    For example, a test slice can set up a telnet service on a network device in UserPlane, which allows the malicious application to try to create unauthorized remote management on it.
    The test slice may have access to network devices (such as servers, databases, other terminals) that use default user IDs and passwords.
    The test slice may have access to network devices (eg, servers, databases, other terminals) with weak passwords enabled.
    The test slice may have access to a DNS server that knows the addresses of malware and can direct traffic to these ip addresses within the test slice.
    The test slice may have access to terminals with compromised security settings.
    The test slice may have access to network devices (such as servers, databases, other terminals) that have old software versions. E.g.
    Software versions 6-18 months old can be used.
    The test slice may have access to network devices (such as servers, databases, other terminals) that do not have the latest vendor security patches installed. For example, security patches published in the last 18 months have not been installed.
    The test slice may have access to networked devices (e.g., servers, databases, other terminals) that have the same. is currently actively exploiting 30 exploited security holes.
    Fig. 1 is a simplified system view illustrating network slicing technology. The figure shows a logical device 10, a plurality of services 11 and physical resources 12 through which the terminal 10 may be
    20175322 prh 07-04-2017 one or more of the services 11. Physical resources 12 comprises all the physical network devices and connections through which the telecommunications connections pass. In 5G networks, one or more logical networks or network slices are defined over physical resources. Figure 1 comprises three such network slices, 13-15. The network slices 13-15 use the same physical resources 12 but are logically separate virtual networks.
    Figure 2 illustrates a solution according to one embodiment. The figure shows a network slice 21 in production use, three terminals 26-28, and a service 22. Terminals 26-28 use the service 22 through telecommunication connections over slice 21. The slice 21 comprises 1-n logical network functions 2325 which are responsible for establishing and operating the communication links passing through the slice.
    Further, Figure 2 shows a test slice 31 comprising a 1-n logical network function 33-35, similar to a slice in production use. The test slice 31 is for use with the service 32. Service 32 emulates a corresponding service 22 in production. At least one of the test slice functions 33-35 is adapted to perform a security analysis. In one embodiment, at least one of the functions of the test slice 33-35 is adapted to provide a wider range of traffic slices than otherwise used in production or otherwise a wider than normal security vulnerability. In this way, an application or terminal using a test slice may activate features of the malicious application that would not otherwise be activated, and thus allow the test slice to catch a malicious application that would otherwise not be noticed.
    Further, Figure 2 shows a Network Security Controller element 29, which is a logical network element that monitors security on production slice 21 and test slice 31 and, if necessary, directs traffic from production slice 21 to test slice 31 or vice versa. The Network Security Controller element 29 may perform security monitoring by one or more of functions 23-25 and 33-35.
    20175322 prh 07-04-2017
    Figure 2 illustrates an example case where a Network Security Controller 29 detects a potential security threat in the traffic of the terminal 28 in a slice 21. This detection may be based, for example, on information transmitted by a function 23-25. In response, the Network Security Controller 29 directs the traffic of the terminal 28 away from the slice 21 to the test slice 31, arrow 38. In one embodiment, the Network Security Controller 29 directs the functions 23-25 of the slice 21 to disconnect communication with the terminal 28 and change settings in network functions 23-25, 33-35. in the future, the communication connection of the terminal 28 10 uses a test slice 31. The network security controller 29 may also direct the terminal 28 to establish a new connection in the test slice, or the terminal 28 may automatically initiate a new connection in response to the connection disconnection. The new connection to be established then forms a test slice because the settings for network functions 23-25, 33-35 have been changed.
    After the communication of the terminal 28 has been transferred to the test slice 31, the traffic can be further analyzed and the necessary follow-up can be performed based on the analysis performed. For example, the follow-up might be one of the following:
    - It is noted that the threat was not significant and that terminal communication is being transferred back to the production slice 21.
    Disconnecting all connections to terminal 28 and blocking access to terminal 28 or any of its applications.
    Updating the terminal 28 or one of its applications and possibly other similar devices or applications. Thereafter, the terminal communication may be transferred back to the production slice 21.
    In one embodiment, the terminal 28 is provided with another corresponding connection using a test slice, in addition to a connection using a slice in production. Again, the Network Security Controller 29 controls the connection to the test slice, but there is no need to disconnect the production connection. Thus, in this alternative, a new connection to the test slice is established for testing and all other connections to the production slice remain unchanged. In this case, when testing is complete and
    20175322 prh 07-04-2017 states that production use can be continued, no need to move the connection from the test slice to the production slice, but simply disconnect the test slice. The connections used in production are still unchanged.
    Figure 3 illustrates a solution according to another embodiment.
    The scenario shown in Fig. 3 corresponds to the scenario of Fig. 2 in other respects, but Fig. 3 shows the initial situation in which the traffic of the terminal 28 passes through the test slice 31. In one embodiment, the terminal 28 is directed directly to the 10 slices when the terminal is in use. In another embodiment, the traffic of the terminal 28 is previously directed to the test slice 31 from the production slice 21.
    Figure 3 illustrates an example case in which Network Security Controller 29 15 notes that communication from terminal 28 can be transferred to production slice 21, arrow 39. This may be due, for example, to Network Security Controller 29 finding that there is no communication threat in terminal traffic e.g. 35 information provided. In another alternative, this follows the step of updating the terminal 28 or one of its applications 20 (to a more secure version). In one embodiment, the Network
    Security Controller 29 controls slice 31 functions 33-35 to disconnect communication with terminal 28 and changes settings in network functions 23-25, 33-35 such that in the future communication with terminal 28 uses production slice 21. Network Security Controller 29 may also control terminal 25 28 to establish a new connection to production slice or the terminal 28 may automatically initiate a new connection in response to a disconnection. The new connection to be established is then formed on the production slice as the settings for the network functions 23-25, 33-35 have been changed.
    FIG. 4 is a communication diagram according to an embodiment. The figure shows a Network Security Controller element 29, a UE (User Equipment) 28, an AN (Access Node) 41, an NSSF (Network Slice Selection Function) 42, a CPNF (Control Plane - Network Function) 43 and a subscriber database.
    20175322 prh 07-04-2017 (Subscriber Repository) 44. The NSSF element allows you to associate a Slice Instance associated with a slice to the correct CP-NF element. The CP-NF controls joining the functions of the new slice.
    Initially, 4-0 terminal or application traffic passes through the production slice.
    The Network Security Controller 29 detects the need to transfer the traffic of the terminal 28 to the test slice away from the production slice. As a result, the Network Security 10 Controller 29 sends a request to the NSSF element and the CP-NF element to start transmission 4-1, 4-2. In addition, the Network Security Controller 29 may send the slice change notification to the subscriber database 4-3 and the terminal 28 to the application 4-4.
    In one embodiment, the request 4-1 includes an update to the NSSF element database in addition to, or instead of, 15 transfer requests. Network
    The Security Controller 29 may update the NSS ID or address of the CP-NF element identification data of the test slice in the database of the NSSF element to the data for that terminal 28. Thus, the Network Security Controller can assign the desired CP-NF element to the NSSF element, but if it does not, the 20 NSSF elements already know the NF ID or address of the suitable CPNF element in their database.
    In one embodiment, request 4-1 may be omitted completely. The transfer from one slice to another is then performed under the control of a CP-NF element 25 known to the NSSF element.
    If the subscriber database receives information about a slice change, the subscriber database may send a Subscriber Modification message 4-5 to the CP-NF element informing about the change in subscriber information, but this message is not mandatory for the implementation of the invention. The CP-NF element transmits in response to Network Security
    To the Controller element request to the terminal Detach Request message 4-6 which disconnects the terminal in the production slice.
    20175322 prh 07-04-2017
    In response, the terminal begins to open a new connection either automatically or according to the instructions of the Network Security Controller in step 4-7 and sends an Attach Request message to the NSSF 4-8. The opening of the new connection proceeds as follows: the NSSF element sends 4-39 to the AN element 5 Response (with NF ID) and the AN element sends to the CP_NF element
    Attach Request Message 4-10. The CP-NF element directs the connection to the test slice according to the instructions from the Network Security Controller in step 4-11 and sends the AN element the Attach Response according to the test slice 4-12. The AN element forwards the Attach Response 4-13 to the terminal 28 28.
    If the Network Security Controller element updates the test slice information in the NSSFelement database by request 4-1, the NSSF element can respond to the Attach Request message 4-8 by providing in the Response message 4-9 the Network Security Controller 15 selected Eligible CP-NF element identification information.
    NF ID or address.
    Thereafter, the terminal or application traffic passes through the test slice 4-14.
    In one embodiment, the Network Security Controller starts the (test) application on the terminal 28 when the terminal traffic is connected to the test slice.
    It should be noted that according to Fig. 4, all communication connections of the terminal 28 or only the connection used by a particular application in the terminal 28 can be disconnected and connected to the test slice 25. Thus, the Detach Request 4-6 of Figure 4 may concern one application connection (s) or all connections of the terminal 28.
    In the embodiment where a new parallel connection to the test slice is established in parallel with the in-use connection, steps 4-5 and 4-6 of Figure 4 are not required, i.e. the in-use connection is not terminated. Here
    In the case of 20175322 prh 07-04-2017, the Network Security Controller may control the (test) application on the terminal 28 to open a connection to the test slice.
    FIG. 5 is a communication diagram according to an embodiment. Figure 5 shows a Network Security Controller element 29, a terminal (UE, User
    Equipment) 28, AN (Access Node) 41, NSSF (Network Slice Selection Function) 42, CP-NF (Control Plane - Network Function) 43, and Subscriber Repository 44. 44. In addition, Figure 5 shows the SDN (Software) Defined Network) Controller element 55 and AN Management 10 element 56.
    In this embodiment, the NSSF element is not utilized, but the subscriber database change and the CP-NF element inform the management layer that the ip layer of AccessNetwork's DataPlane is redirected by 15 SDN Controller elements 55 (e.g., OpenFlow commands) to the communication device 28. to transfer to the test slice and start a more detailed analysis in the test slice.
    At baseline 5-0, terminal or application traffic passes through 20 production slices.
    The Network Security Controller 29 detects the need to transfer the traffic of the terminal 28 to the test slice away from the production slice. Consequently, the Network Security Controller 29 sends a request 5-1 to switch slices to the subscriber database 44.
    The subscriber database receives the slice change notification and sends Subscriber Modification message 5-2 to the CP-NF to inform about the change in the subscriber information. The CP-NF element sends a message 5-3 to the Network Security Controller informing that the slice change has been registered. Network Security 30 Controller sends 55 requests to 5-4 to change slices to SDN Controller. The SDN Controller element controls 5-5 to AN Management element 56 to change slices. In one embodiment, the AN Management element consequently alters the physical network resources that
    20175322 prh 07-04-2017 Telecommunication connection running at 28 production slots of the terminal uses. For example, the AN Management element may change the IP addresses or ports used in terminal communications. In this way, the communication connection of the terminal 28 (one application connection or all of the connections of said terminal) 5 can be transferred to the test slice without the need for any action on the terminal.
    The Network Security Controller element confirms to the CP-NF element 43 and the subscriber database 44 the slice change by messages 5-6 and 5-7. The Network Security 10 Controller element can also control the terminal application via message 5-8 to operate in test mode 5-9, but this is not necessary.
    Thereafter, the terminal or application traffic passes through the test slice 5-10.
    It should be noted that according to Fig. 5, all communication connections of the terminal 28 or only the connection used by a particular application in the terminal 28 can be disconnected and connected to the test slice. Thus, messages 5-1 to 5-8 of Figure 5 may relate to a single application connection (s) or to all terminal 28 connections.
    It should be noted here that Figures 4 and 5 focus on transferring the communication link from the production slice to the test slice. One skilled in the art will appreciate that similar technology also works in the other direction, i.e. transfer from test slice to production slice.
    Fig. 6 shows an example of an apparatus 60 suitable for carrying out some embodiments of the invention. The device may be, for example, a general purpose computer or a server and may be adapted to provide, for example, the functionality of the Network Security Controller element of Figures 2-5 or any part thereof. It should be noted that the Network Security Controller element is a logical network element and the same physical device can implement the functionality of other network elements. Thus, the Network Security Controller may be implemented as part of one or more of the functions 23-25 and 33-35 of FIG.
    20175322 prh 07-04-2017 or emulated service 32. In addition, the Network Security Controller can also be a fully independent logical and / or physical element.
    The device 60 comprises a processor 61 for controlling the operation of the device and a memory 62 comprising 5 computer program / software 63 and a database 64. The computer software may comprise instructions for the processor to control the device 60, such as operating system and various applications. Further, the computer software 63 may comprise an application comprising instructions for controlling the device 60 so as to provide functionality according to an embodiment of the invention.
    The processor 61 may be, for example, a central processing unit (CPU), a microprocessor, a digital signal processor (DSP), a graphics processor, or the like. The figure shows one processor, but the device may have multiple processors.
    The memory 62 may be, for example, read-only memory (ROM), programmable read-only memory (PROM), erasable programmable read-only memory (EPROM), EEPROM (Electronically erasable programmable read-only memory) ), Random access memory (RAM), flash20, optical or magnetic memory or the like. Your device may have multiple memories. The memory may be part of the device 60 or it may be a separate module that can be connected to the device 60. The memory can only be used to store data or it can also be used for data processing.
    The device 60 further comprises a communication unit 65. The communication unit provides an interface for communicating with other devices. The interface can be, for example, a wired connection such as an Ethernet connection or an ADSLA / DSL connection, or a wireless connection such as WLAN, Bluetooth, GSM / GPRS, CDMA, WCDMA, LTE or 5G. The communication interface module may be integrated into the device 60 or may be part of an adapter, card, or the like which may be connected to the device 60. The communication unit may support one or more communication technologies or the device may have multiple communication units.
    20175322 prh 07-04-2017
    To receive input from the user and output to the user, the device 60 may also comprise a user interface unit (not shown), which may comprise, for example, a display and a keyboard (not shown) which may be an integral part of the device 60 or independent parts connectable to the device 60.
    However, the user interface may not be needed or the user interface may be implemented remotely through the communication unit 65. The device 60 may also comprise one or more databases 64.
    In addition to the elements shown in Figure 6, the device 60 may comprise other elements 10.
    The following is an example of a situation in which a solution according to an embodiment of the invention is used. This example attempts to use Elisa Entertainer in a DDOS attack as part of a so-called. Bot network:
    In the production slice, the entertainment device attempts to occasionally communicate with foreign IP addresses using the IRC protocol.
    In addition, the Entertainment Device tries to communicate with other Entertainment Equipment.
    The Network Security Controller detects this based on one or more in-slice network functions for reporting. This observation and the logic programmed into the Network Security Controller lead to the suspicion that the Entertainment Device is contaminated. Specifically, the logic programmed in the Network Security Controller element suspects that the Entertainment Device (or malware present on it) is attempting to connect to the host abroad and when this fails, the Entertainment Device attempts to connect to another Entertainment Device that has a botnet command & controller server. peer-topeer botnet).
    The logic of the Network Security Controller element directs the Entertainment Device traffic to the test slice in response to the above doubt.
    The contaminated entertainer will have free space to operate on the test slice.
    The contaminated Entertainer now sees foreign web addresses and tries to open an IRC connection to them.
    Contaminated Entertainer searches for botnet command &
    controller server.
    If a connection to a foreign web address is allowed in the test slice, the botnet traffic to the Entertainment Device will be stored and this will allow the vulnerability / botnet to be identified.
    The contaminated entertainment device connects with the test slice Elisa
    For entertainment devices with compromised security settings. This way
    The botnet traffic to the entertainment device is recorded and this allows the vulnerability / botnet to be identified.
    Once the vulnerability / botnet has been identified, the Entertainment Device can be upgraded to a non-vulnerable software version.
    After that, the Entertainment device traffic can be returned to the production slice. Additionally, other terminals and / or applications with similar vulnerabilities may be updated based on the vulnerability identified.
    20175322 prh 07-04-2017
    In one embodiment, tests are performed on the test slice to identify vulnerabilities in the terminal / application (1-n). Vulnerabilities and Exposures (CVE) values for vulnerabilities are being determined. If the severity value is not too high for the risk level to become too high, the terminal / application traffic can be returned to the production slice. Otherwise, the terminal / application must be updated before it can be reconnected to the production slice.
    In one embodiment, the transfer of traffic to the test slice is not visible at all to the end user of the terminal or application in question. In this case, the test slice provides access to the same content as the slice in production, but now the traffic to the terminal or application is just being controlled more closely.
    The foregoing description provides non-limiting examples of some embodiments of the invention. However, it will be apparent to one skilled in the art that the invention is not limited to the details set forth, but that the invention may also be practiced in other equivalent ways. For example, it will be appreciated that in the disclosed methods, the order of the individual process steps may be rearranged and that some steps may be repeated several times or omitted entirely. It is also to be understood that in this document the terms embrace and include are open expressions and are not intended to be restrictive.
    Further, some features of the disclosed embodiments may be utilized without the use of other features. The foregoing description is to be construed as merely explaining the principles of the invention and not limiting the invention. The scope of the invention is limited only by the appended claims.
    权利要求:
    Claims (5)
    [1]
    A method in a telecommunication network using network slicing technology slices (13-15) for implementing telecommunication connections,
    5, wherein the method directs communications related to potential security threats to a test slice (31) emulating said production environment for further analysis.
    [2]
    The method of claim 1, characterized in that the method examines communication in a slice of said production use, detects a potential security threat as a result of said investigation, and directs communications related to the detected potential security threat.
    15 of said production environment to emulate a test slice for further analysis.
    [3]
    The method of claim 2, characterized in that said control comprises steps
    20 interrupts the communication link communicating communication associated with said security threat in a production slice (21), and opens the communication connection in said test slice (31).
    [4]
    The process of claim 1, characterized in that
    25, directing the communication of the new application or terminal to said production environment emulation test slice (31) for further analysis before connecting the traffic of said new application or terminal to the production environment (21).
    5. A method according to any one of the preceding claims, characterized in that
    20175322 prh 07-04-2017 conditionally directing communication from said test slice to said in-use slice (21) based on analysis performed on said test slice (31).
    5
    A method as claimed in any one of the preceding claims, characterized in that said method is implemented in a security logical network element (29).
    The method of claim 6, characterized in that said security threats logical network element (29) controls the communication slice of a particular terminal or application (28) from the communication slice to the destination slice by controlling the network elements involved in establishing the communication connection to cut off
    By changing the connection settings of said particular terminal or application in the network elements involved in establishing the communication connection to correspond to said destination slice, wherein when said terminal or application requests a new connection, said new connection is opened to said destination slice.
    The method of claim 6, wherein said output slice is said production slice (21) and said target slice is said test slice (31) or said output slice is said test slice (31) and said target slice is said production slice (21).
    A method according to any one of the preceding claims, characterized in that said test slice offers greater opportunities for exploiting security vulnerabilities than the slice used in production.
    30
    Method according to any one of the preceding claims, characterized in that said test slice offers wider rights to operate to different locations than the slice used in production.
    Device (29, 60), characterized in that the device comprises a processor (61) configured to control said device to perform any method according to claim 110.
    [5]
    12. A computer program comprising computer executable program code, characterized in that, when executed, the program code directs the computer to perform any of the methods of claims 1-10.
    类似技术:
    公开号 | 公开日 | 专利标题
    Hong et al.2015|Poisoning network visibility in software-defined networks: New attacks and countermeasures.
    JP6924246B2|2021-08-25|Systems and methods for securing network endpoints
    US9838408B1|2017-12-05|System, device and method for detecting a malicious attack based on direct communications between remotely hosted virtual machines and malicious web servers
    US8990944B1|2015-03-24|Systems and methods for automatically detecting backdoors
    US8726338B2|2014-05-13|Dynamic threat protection in mobile networks
    Yu et al.2017|PSI: Precise Security Instrumentation for Enterprise Networks.
    US9680860B1|2017-06-13|Endpoint-based man in the middle attack detection using multiple types of detection tests
    US10542020B2|2020-01-21|Home network intrusion detection and prevention system and method
    US20060095961A1|2006-05-04|Auto-triage of potentially vulnerable network machines
    JP2017537562A5|2019-06-27|
    KR20060041865A|2006-05-12|Network security device and method for protecting a computing device in a networked environment
    US10129286B2|2018-11-13|Zero day threat detection using host application/program to user agent mapping
    Damopoulos et al.2013|User privacy and modern mobile services: are they on the same path?
    US9686311B2|2017-06-20|Interdicting undesired service
    US11038902B2|2021-06-15|Systems and methods for providing shifting network security via multi-access edge computing
    Abdelrahman et al.2021|Software‐defined networking security for private data center networks and clouds: Vulnerabilities, attacks, countermeasures, and solutions
    US10027627B2|2018-07-17|Context sharing between endpoint device and network security device using in-band communications
    Demetriou et al.2017|Guardian of the HAN: Thwarting mobile attacks on smart-home devices using OS-level situation awareness
    FI128425B|2020-05-15|Data security in a telecommunications network
    Sattolo et al.2019|Classifying poisoning attacks in software defined networking
    Ceron et al.2017|MARS: From traffic containment to network reconfiguration in malware-analysis systems
    KR102082889B1|2020-04-23|Apparatus and method for analyzing protocol
    US20200396259A1|2020-12-17|Cyber-Security in Heterogeneous Networks
    Taylor2017|Software-defined Networking: Improving Security for Enterprise and Home Networks
    Real et al.0|Designing an open source IoT Hub: bridging interoperability and security gaps with MQTT and your Android device
    同族专利:
    公开号 | 公开日
    FI128425B|2020-05-15|
    引用文献:
    公开号 | 申请日 | 公开日 | 申请人 | 专利标题
    法律状态:
    2020-05-15| FG| Patent granted|Ref document number: 128425 Country of ref document: FI Kind code of ref document: B |
    优先权:
    申请号 | 申请日 | 专利标题
    FI20175322A|FI128425B|2017-04-07|2017-04-07|Data security in a telecommunications network|FI20175322A| FI128425B|2017-04-07|2017-04-07|Data security in a telecommunications network|
    [返回顶部]