| Sonstiges: |
- Nachgewiesen in: USPTO Patent Grants
- Sprachen: English
- Patent Number: 11799,897
- Publication Date: October 24, 2023
- Appl. No: 17/880895
- Application Filed: August 04, 2022
- Assignees: T-Mobile USA, Inc. (Bellevue, WA, US)
- Claim: 1. At least one non-transitory computer-readable storage medium, storing instructions, which, when executed by at least one processor of a telecommunications system, cause a fifth-generation (5G) telecommunications network to: instantiate a security service configured to monitor multiple network functions (NFs) or associated services of a service-based architecture (SBA) of the 5G telecommunications network, wherein the multiple NFs are communicatively interconnected over a hypertext transfer protocol version 2 (HTTP/2) interface, and wherein the security service is configured to protect the SBA against a cyberattack; detect potentially malicious network traffic communicated over the HTTP/2 interface in real time or near real-time; identify a set of NFs or associated services of the SBA that are susceptible to a cyberattack based on the detected potentially malicious network traffic; and allocate one or more security resources for the set of NFs or associated services.
- Claim: 2. The at least one non-transitory computer-readable storage medium of claim 1 , wherein the 5G telecommunications network is further caused to, prior to allocation of the one or more security resources: characterize the HTTP/2 traffic in relation to a vulnerability parameter that relates to a susceptibility of an NF or associated service to a cyberattack, a risk parameter that relates to a scope of a cyberattack, and a threat parameter that relates to a source of the cyberattack; and identify the HTTP/2 traffic as the potentially malicious network traffic based on the vulnerability parameter, the risk parameter, and the threat parameter.
- Claim: 3. The at least one non-transitory computer-readable storage medium of claim 1 , wherein the system is further caused to: utilize the one or more security resources to: identify malicious network traffic; and dynamically redirect the malicious network traffic to a collection, management, or sanitization component of the 5G telecommunications network.
- Claim: 4. The at least one non-transitory computer-readable storage medium of claim 1 , wherein a security resource is allocated for an most frequently used (MFU) service that exposes its functionality through the HTTP/2 interface.
- Claim: 5. The at least one non-transitory computer-readable storage medium of claim 1 , wherein a security resource is allocated for an most recently used (MRU) service that exposes its functionality through the HTTP/2 interface.
- Claim: 6. The at least one non-transitory computer-readable storage medium of claim 1 , wherein the HTTP/2 interface is a Service Based Interface (SBI) that employs a representational state transfer (REST) interface using HTTP/2.
- Claim: 7. A method performed by a cybersecurity system for a service-based architecture (SBA) of a wireless telecommunications network, the method comprising: monitoring multiple network functions (NFs) or associated services of the SBA in the wireless telecommunications network, wherein the multiple NFs are communicatively interconnected over a common interface, and wherein any of the multiple NFs communicates with any other of the multiple NFs over the common interface; detecting potentially malicious network traffic communicated over the common interface in real-time or near real-time; identifying an NF or associated service of the SBA that is susceptible to a cyberattack based on the detected potentially malicious network traffic; and allocating a security resource for the NF or associated service.
- Claim: 8. The method of claim 7 , wherein the common interface is a Service Based Interface (SBI) using an HTTP/2 protocol.
- Claim: 9. The method of claim 7 further comprising, prior to allocating the security resource: characterizing network data communicated over the common interface in relation to a vulnerability parameter that relates to a susceptibility of an NF or associated service to a cyberattack, a risk parameter that relates to a scope of the cyberattack, and a threat parameter that relates to a source of the cyberattack; and identifying the NF or associated service based on the vulnerability parameter, the risk parameter, and the threat parameter.
- Claim: 10. The method of claim 7 further comprising: utilizing the security resource to identify malicious network traffic; and dynamically redirect the malicious network traffic to a quarantine component of the wireless telecommunications network.
- Claim: 11. A cybersecurity system comprising: a data processor; and a memory including instructions which, when executed by the data processor, cause the system to: monitor network traffic communicated over a common interface that interconnects multiple network functions (NFs) of a service-based architecture (SBA) in a wireless telecommunications network; detect potentially malicious network traffic communicated over the common interface based on an inspection of the network traffic communicated over the common interface; identify an NF or associated service of the SBA that is a source or destination of the potentially malicious network traffic; and provision one or more security resources for the NF or associated service.
- Claim: 12. The system of claim 11 , further comprising causing the system to: perform deep packet inspection (DPI) to analyze a header or a payload of network data packets to determine characteristics indicative of the potentially malicious network traffic.
- Claim: 13. The system of claim 11 , wherein the cybersecurity system is communicatively coupled to the common interface.
- Claim: 14. The system of claim 11 , further comprising prior to provisioning the one or more security resources, causing the system to: characterize network data communicated over the common interface in relation to a vulnerability parameter that relates to a susceptibility of an NF or associated service to a cyberattack, a risk parameter that relates to a scope of the cyberattack, and a threat parameter that relates to a source of the cyberattack; and identify the NF or associated service based on the vulnerability parameter, the risk parameter, and the threat parameter.
- Claim: 15. The system of claim 11 , wherein the system is further caused to: cause the one or more security resources to perform actions to mitigate a risk of the potentially malicious network traffic at the NF or the associated service.
- Claim: 16. The system of claim 15 , wherein the actions comprise blocking, quarantining, or redirecting the potentially malicious network traffic.
- Claim: 17. The system of claim 15 , further comprising causing the system to: monitor the network traffic in real-time or near real-time; and provision the one or more security resources in real-time or near real-time.
- Claim: 18. The system of claim 11 , further comprising causing the system to provision the one or more security resources to the NF or associated service effective to cause the one or more security resources to redirect the potentially malicious network traffic to a collection, management, or sanitization component of the network.
- Claim: 19. The system of claim 11 , further comprising causing the system to: identify the NF or associated service as a most recently used (MRU) or most frequently used (MFU) NF or associated service; and provision the one or more security resources for the MRU or MFU NF or associated service.
- Claim: 20. The system of claim 11 , further comprising causing the system to simultaneous monitor the multiple NFs of the SBA in the wireless telecommunications network.
- Patent References Cited: 7841008 November 2010 Cole et al. ; 8132260 March 2012 Mayer et al. ; 8201257 June 2012 Andres et al. ; 8495745 July 2013 Schrecker et al. ; 8495747 July 2013 Nakawatase et al. ; 8621637 December 2013 Al-Harbi et al. ; 8650637 February 2014 Beresnevichiene et al. ; 8918883 December 2014 Boyle et al. ; 9021595 April 2015 Schrecker et al. ; 9602529 March 2017 Jones et al. ; 9992217 June 2018 Taylor ; 10387657 August 2019 Belfiore et al. ; 10972508 April 2021 Dods ; 11304115 April 2022 Berzin ; 11431746 August 2022 Shaw et al. ; 20080028470 January 2008 Remington et al. ; 20090106843 April 2009 Kang et al. ; 20120180133 July 2012 Al-Harbi et al. ; 20120185945 July 2012 Andres et al. ; 20130055394 February 2013 Beresnevichiene et al. ; 20130340084 December 2013 Schrecker et al. ; 20140157405 June 2014 Joli ; 20160112375 April 2016 Cohen et al. ; 20180115563 April 2018 Lueken ; 20180124090 May 2018 Koren ; 20180137288 May 2018 Polyakov ; 20180146004 May 2018 Belfiore et al. ; 20190052665 February 2019 Mahieu et al. ; 20190123975 April 2019 Telles ; 20190372939 December 2019 Kalliola ; 20190380037 December 2019 Lifshitz ; 20200042716 February 2020 Belfiore et al. ; 20200210589 July 2020 Sood ; 20200313996 October 2020 Krishan ; 20200314672 October 2020 Farooq ; 20210258872 August 2021 Mihály ; 20210306235 September 2021 Al-Dulaimi ; 20210377212 December 2021 Holtmanns ; 20220007192 January 2022 Shaw ; 20220021538 January 2022 Madisetti ; 20220052992 February 2022 Zhang ; 20220060491 February 2022 Achleitner ; 20220103588 March 2022 Shaw ; 20220103596 March 2022 Shaw ; 20220117040 April 2022 Pocha ; 101374051 February 2009 ; 101436967 May 2009 ; 103716177 April 2014 ; 104965972 October 2015 ; 107819771 March 2018 ; 109167786 January 2019 ; 105871882 February 2019 ; 105763562 April 2019 ; 102016219457 April 2018 ; 112017006109 August 2019 ; 2284775 February 2011 ; 2014503099 February 2014 ; 5955863 July 2016 ; 20090039524 April 2009 ; 100955281 April 2010 ; 101292640 August 2013 ; 101310487 September 2013 ; 20160141457 December 2016 ; 20180068268 June 2018 ; 20180121459 November 2018 ; 2008004498 January 2008 ; 2012096916 July 2012 ; 2015025694 February 2015 ; 2015070466 May 2015 ; 2017137778 August 2017 ; 2018049437 March 2018 ; 2018098294 May 2018 ; 2020060503 March 2020
- Primary Examiner: Jacobs-Burton, Lashonda
- Attorney, Agent or Firm: Perkins Coie LLP
|
