CN110753349B - Method and equipment for identifying pseudo base station - Google Patents
Method and equipment for identifying pseudo base station Download PDFInfo
- Publication number
- CN110753349B CN110753349B CN201911040187.7A CN201911040187A CN110753349B CN 110753349 B CN110753349 B CN 110753349B CN 201911040187 A CN201911040187 A CN 201911040187A CN 110753349 B CN110753349 B CN 110753349B
- Authority
- CN
- China
- Prior art keywords
- user
- base station
- accessed
- cell
- threshold
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/121—Wireless intrusion detection systems [WIDS]; Wireless intrusion prevention systems [WIPS]
- H04W12/122—Counter-measures against attacks; Protection against rogue devices
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/12—Detection or prevention of fraud
- H04W12/128—Anti-malware arrangements, e.g. protection against SMS fraud or mobile malware
Abstract
The invention discloses a method and equipment for identifying a pseudo base station, wherein the pseudo base station is mainly used for acquiring IMSI of a user or sending a spam message and cannot provide complete service for the user, so that the flow ratio of a control plane and a user plane of the pseudo base station is obviously different from that of a legal base station. The method has important significance for fighting illegal criminal behaviors of false base stations and maintaining social information safety.
Description
Technical Field
The invention belongs to the technical field of communication, and particularly relates to a method and equipment for identifying a pseudo base station.
Background
The pseudo base station is illegal radio communication equipment, pretends to be a legal base station of an operator to deceive the access of a user terminal, carries out illegal behaviors such as user information stealing and embezzlement, fraud short message sending and the like, and causes great hidden danger to public safety. Therefore, how to identify the fake base station is one of the important security issues for wireless communication. How the pseudo base station is implemented, how the capabilities depend to a large extent on the corresponding network, e.g. GSM, 4G, etc. Because the GSM network has a security hole of one-way authentication, the terminal cannot verify the identity of the base station, the pseudo base station is easy to adsorb the terminal, steal and steal user identity information, send spam short messages and even carry out man-in-the-middle attack, namely the pseudo base station serves as a man-in-the-middle between the terminal and a legal base station to carry out information eavesdropping, tampering and the like.
With the development of wireless communication technology, 4G networks have been commercialized on a large scale. The 4G adopts bidirectional authentication to make up the security problem exposed by the GSM. However, the pseudo base station problem is not completely solved, and a pseudo base station for a 4G network comes with it. The principle of the 4G pseudo base station mainly comprises the following steps: in order to acquire the IMSI of the user, the pseudo base station triggers the terminal to carry out a TAU (tracking area update) request, and replies a rejection signaling carrying an EMM reason #9, namely 'UE identity registration be derived by the network', so as to force the terminal to report the IMSI of the terminal; or the terminal replies the Identity information through the Identity Request in the Attach flow; the pseudo base station can redirect the terminal to the GSM network through Connection Release after rejecting the terminal Attach request, and further attack by using the one-way authentication vulnerability of the GSM network.
For the pseudo base station problem, the industry mainly focuses on three aspects of pseudo base station identification, positioning and tracking, and evidence obtaining method. The invention mainly focuses on the problem of pseudo base station identification. Currently, techniques for identifying pseudo base stations can be classified into the following three categories:
1) identifying the pseudo base station according to the access parameter characteristics:
in order to adsorb a large number of terminals, the pseudo base station needs to set relevant parameters related to cell selection and reselection extremely so as to frequently trigger the terminals to perform processes such as cell reselection and TAU update. In a GSM network, for example, the relevant parameters include a cell minimum access level, a cell reselection bias, and the like. The terminal selects whether to access or not by judging whether the access parameters of the cell to be accessed accord with the characteristics of the pseudo base station so as to reduce the risk of accessing the pseudo base station.
2) The operator identifies the pseudo base station according to the signaling abnormity:
the pseudo base station needs to kick out the access terminal after completing actions of acquiring the IMSI of the user or sending junk short messages and the like, so that a large number of unknown terminals can request access in legal cells around the pseudo base station. The operator can find out the signaling abnormal area through signaling analysis and judge whether the area has the pseudo base station. Due to the existence of the pseudo base station, a terminal in a coverage area of the pseudo base station receives a large amount of spam messages, and the situations of call drop and even service rejection occur, so that the user experience is reduced, and complaints are concentrated. The operator can analyze whether the complaint area has the pseudo base station or not by summarizing the complaint case.
3) Identifying the pseudo base station according to behavior abnormity after access:
if the terminal receives a large amount of spam messages or part of network functions cannot be realized after the terminal finishes the access process, the terminal can automatically judge whether to access the pseudo base station.
In summary, the prior art has the following defects and shortcomings:
1) limitation: at present, most of the technologies for identifying the pseudo base station can only identify the GSM pseudo base station.
2) The accuracy is as follows: with the isomerization of the network structure, the setting conditions of the network parameters become more complex and diversified, and the accuracy of identifying the pseudo base station according to the access parameter characteristics is difficult to guarantee.
3) Prevention ability: for a terminal, two methods, namely identifying a pseudo base station by analyzing signaling abnormity appearing in a network and identifying the pseudo base station according to behavior abnormity after access, cannot be prevented from being adsorbed by the pseudo base station. The terminal can only feed back the abnormal situation of the signaling after being kicked out by the pseudo base station and accessed into the public network, and waits for the judgment and the processing of an operator.
Disclosure of Invention
Aiming at the technical problems in the prior art, the invention provides a method and equipment for identifying a pseudo base station, aiming at improving the accuracy of pseudo base station identification and enhancing the capability of a terminal for preventing the pseudo base station from being adsorbed.
In order to solve the technical problems, the invention solves the problems by the following technical scheme:
a method of identifying a pseudo base station, comprising the steps of:
step 1: detecting PRACH of a cell to be accessed, monitoring a random access process of a request access user, and extracting C-RNTI corresponding to each user from N users successfully accessed;
step 2: in time T, blind detecting a PDCCH according to the C-RNTI corresponding to each user respectively, and acquiring the resource allocation information of the PDSCH of each user;
and step 3: according to the resource allocation information of the PDSCH of each user obtained in the step 2, counting the flow proportion of a control plane and a user plane in the PDSCH of each user within the time T;
and 4, step 4: and judging whether the cell to be accessed is a pseudo base station or not according to the flow ratio of the control plane to the user plane in the PDSCH of each user in the N users within the time T.
Further, the step 1 specifically includes the following steps:
step 1.1: detecting a PRACH of a cell to be accessed, and acquiring an RA-RNTI corresponding to a user requesting to be accessed;
step 1.2: detecting a PDCCH by using the RA-RNTI to obtain MSG2 on the PDSCH; acquiring TC-RNTI and PUSCH resource allocation information of MSG3 through ULGrant contained in MSG 2;
step 1.3: monitoring MSG3 according to the PUSCH resource allocation information of the MSG 3; obtaining the identity of the user for conflict resolution from the MSG 3;
step 1.4: after monitoring MSG3, detecting PDCCH by using TC-RNTI to obtain MSG4 on PDSCH;
step 1.5: if the obtained MSG4 includes the identity of the user for conflict resolution, the random access procedure of the user is successful, and C-RNTI is TC-RNTI.
Further, the step 3 specifically includes: and distinguishing flow of a control plane and a user plane according to the LCID of the MAC sub-header, acquiring the length of a PDCP packet through a PDCP layer header, counting the flow of the control plane and the user plane in the PDSCH within T time of each user, and calculating the flow ratio of the control plane and the user plane in the PDSCH within T time of each user.
Further, the step 4 specifically includes the following steps:
step 4.1: judging whether the flow ratio of a control plane to a user plane in a PDSCH of each user in time T is higher than a preset first threshold value or not;
step 4.2: counting the number of users of the N users, wherein the flow ratio of the control plane to the user plane in the PDSCH within the time T is higher than the first threshold value and recording the number as M according to the judgment result of the step 4.1;
step 4.3: if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station;
the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number of users M in which the flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number of detected users N.
Further, the first threshold and the second threshold are obtained in advance through neural network training.
Further, the first threshold and the second threshold are obtained in advance through training of a support vector machine.
Further, the step 4 specifically includes:
training by a neural network or a support vector machine in advance to obtain a detection model; inputting the type of an access network, the number N of users, the time T and the flow ratio of a control plane and a user plane of a corresponding user into the detection model; if the cell to be accessed is a pseudo base station, the detection model outputs that the cell to be accessed is the pseudo base station; and if the cell to be accessed is a legal base station, the detection model outputs that the cell to be accessed is the legal base station.
Further, the method also comprises the following steps:
and 5: when the cell to be accessed is judged to be the pseudo base station, the user terminal lists the cell to be accessed as a blacklist, cell selection is carried out again, and the step 1-the step 4 are executed until the cell to be accessed is judged to be a legal base station;
step 6: and after the legal cell is accessed, the user terminal reports the abnormal information to the legal base station.
An apparatus for identifying a pseudo base station, comprising:
the monitoring module is used for detecting the PRACH of the cell to be accessed, monitoring the random access process of the user requesting to be accessed, and extracting the C-RNTI corresponding to each user from N users successfully accessed; and the PDCCH is blindly detected according to the C-RNTI corresponding to each user in time T to obtain the resource allocation information of the PDSCH of each user;
a statistic module, configured to count a traffic ratio between a control plane and a user plane in the PDSCH of each user within time T;
the judging module is used for judging whether the cell to be accessed is a pseudo base station or not according to the flow proportion of the control plane and the user plane in the PDSCH of each user in the N users within the time T; specifically, whether the flow ratio of a control plane to a user plane in the PDSCH of each user within time T is higher than a preset first threshold is judged; counting the number of users with the flow ratio of the control plane to the user plane in the PDSCH in the time T higher than the first threshold value in the N users according to the judgment result, and recording as M; if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station;
the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number of users M in which the flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number of detected users N.
Further, still include: and the reporting module is used for listing the cell to be accessed as a blacklist and reporting the abnormal information to a legal base station when the cell to be accessed is a pseudo base station.
Compared with the prior art, the invention has at least the following beneficial effects: the invention relates to a method for identifying a pseudo base station, which monitors the random access process of a request access user by detecting the PRACH of a cell to be accessed, and extracts C-RNTI corresponding to each user from N users which are successfully accessed; in time T, blind detecting a PDCCH according to a C-RNTI corresponding to each user respectively, and acquiring resource allocation information of a PDSCH of each user; counting the flow proportion of a control plane and a user plane in the PDSCH of each user within the time T; judging whether a cell to be accessed is a pseudo base station or not according to the flow proportion of a control plane and a user plane in a PDSCH within T time of each user in N users; judging whether the flow ratio of a control plane to a user plane in a PDSCH within T time of each user is higher than a preset first threshold value or not; counting the number of users with the flow ratio of the control plane to the user plane in the PDSCH within T time among the N users higher than the first threshold value according to the judgment result, and recording as M; if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, the cell to be accessed is judged to be a legal base station. The invention firstly proposes a basic idea of identifying the type of the base station through the flow analysis of the control plane and the user plane, effectively improves the accuracy of identifying the pseudo base station, can finish the identification before the user terminal is accessed into the pseudo base station, enhances the capability of preventing the user terminal from being adsorbed by the pseudo base station, protects the safety of user identity information, and prevents the user from receiving the spam messages or fraud information. The method has important significance for fighting illegal criminal behaviors of false base stations and maintaining social information safety.
In order to make the aforementioned and other objects, features and advantages of the present invention comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present invention, the drawings used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without creative efforts.
Fig. 1 is a schematic view of an application scenario according to an embodiment of the present invention.
Fig. 2 is a flowchart of a 4G pseudo base station identification method according to an embodiment of the present invention.
Detailed Description
To make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is apparent that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
First, for the sake of understanding, the principle of the random access procedure involved in the various embodiments is briefly described.
The user terminal accesses the cell to be accessed through the random access process, and the random access process based on competition is divided into the following four steps:
firstly, a user terminal sends a random access preamble on a PRACH;
secondly, after receiving the random access preamble sent by the user terminal, the base station replies a random access response to the user terminal, wherein the random access response is called MSG 2;
the MSG2 comprises a temporary identifier TC-RNTI allocated to the user terminal by the base station and PUSCH resource allocation of the MSG 3;
the contention-based random access procedure requires access collision resolution through the third and fourth steps. In the third step, the message sent by the user terminal to the base station is collectively referred to as MSG 3; in the fourth step, the message replied by the base station to the user terminal is collectively called MSG 4;
thirdly, after receiving the MSG2, the user terminal sends the MSG3 to the base station on the PUSCH resource allocation of the MSG 3;
the MSG3 comprises an identity for conflict resolution, and when the user terminal is in a connected state, the identity for conflict resolution is C-RNTI; when the user terminal is in a non-connection state, the identity for conflict resolution is S-TMSI or a random number generated by the user terminal;
fourthly, the base station completes conflict resolution after receiving the MSG3 and sends the MSG4 to the user terminal; the user terminal receives the MSG4, and if the user terminal detects that the MSG4 contains the identity for conflict resolution, the random access process is considered to be successful, and the temporary identity TC-RNTI is changed into the C-RNTI.
When the random access process is carried out, the safety context is not established between the base station and the user terminal, and the messages between the base station and the user terminal are all sent in a clear text. Therefore, the C-RNTI of the user terminal which is successfully accessed can be obtained by monitoring the random access process of the user terminal.
An application scenario of the present invention is shown in fig. 1, which includes a 4G pseudo base station, a plurality of user equipments attached to the pseudo base station, and a user equipment to be accessed. The users adsorbed by the pseudo base stations do not have the capacity of identifying the pseudo base stations, and access requests are sent to the 4G pseudo base stations. Before a user to be accessed initiates an access request, whether a cell to be accessed is a pseudo base station is judged by the method for identifying the pseudo base station.
The application scenario of the present invention should not be limited to fig. 1, and may be used in the initial access process of the ue, the cell reselection process, and the like.
As shown in fig. 2, as a specific embodiment of the present invention, a method for identifying a pseudo base station includes the following steps:
step 1: detecting PRACH of a cell to be accessed, monitoring the random access process of a request access user, and extracting C-RNTI corresponding to each user from N users successfully accessed.
The method specifically comprises the following steps:
step 1.1: detecting a PRACH of a cell to be accessed, and acquiring an RA-RNTI corresponding to a user requesting to be accessed;
step 1.2: detecting a PDCCH by using the RA-RNTI to obtain MSG2 on the PDSCH; acquiring TC-RNTI and PUSCH resource allocation information of MSG3 through ULGrant contained in MSG 2;
step 1.3: monitoring MSG3 according to the PUSCH resource allocation information of the MSG 3; obtaining the identity of the user for conflict resolution from the MSG 3;
step 1.4: after monitoring MSG3, detecting PDCCH by using TC-RNTI to obtain MSG4 on PDSCH;
step 1.5: if the obtained MSG4 includes the identity of the user for conflict resolution, the random access procedure of the user is successful, and C-RNTI is TC-RNTI.
N successful access users and C-RNTIs corresponding to each user are obtained through the steps.
Step 2: and in the time T, blind detecting the PDCCH according to the C-RNTI corresponding to each user respectively, and acquiring the resource allocation information of the PDSCH of each user.
And step 3: counting the flow ratio of the control plane and the user plane in the PDSCH of each user within the time T, specifically: and distinguishing flow of a control plane and a user plane according to the LCID of the MAC sub-header, acquiring the length of a PDCP packet through a PDCP layer header, counting the flow of the control plane and the user plane in the PDSCH within T time of each user, and calculating the flow ratio of the control plane and the user plane in the PDSCH within T time of each user.
Ciphering of user data and ciphering and integrity protection of control signaling are provided by the PDCP layer, so that a PDCP layer header and a MAC layer header can be obtained regardless of whether ciphering or integrity protection is performed on data in the PDSCH.
Each MAC subheader contains a logical channel id (lcid). The LCID indicates whether the payload part of the corresponding MAC subheader is a MAC control element, and if not, which logical channel the MAC SDU belongs to.
And 4, step 4: and judging whether the cell to be accessed is a pseudo base station or not according to the flow ratio of the control plane to the user plane in the PDSCH within the time T of each user in the N users.
Because the pseudo base station is mainly used for acquiring the IMSI of the user or sending spam messages and cannot provide complete service for the user, the flow ratio of the control plane and the user plane of the pseudo base station is obviously different from that of a legal base station.
Specifically, as a preferred embodiment, the method comprises the following steps:
step 4.1: judging whether the flow ratio of a control plane to a user plane in a PDSCH within T time of each user is higher than a preset first threshold value or not;
step 4.2: counting the number of users with the flow ratio of the control plane to the user plane higher than a first threshold value in the PDSCH within T time among the N users according to the judgment result of the step 4.1, and recording as M;
step 4.3: if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station;
the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number M of users whose flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number N of detected users. The first threshold and the second threshold are obtained in advance through neural network training or support vector machine training.
As another preferred embodiment, the determination is performed by using a detection model obtained by training in advance by a neural network or a support vector machine or the like. The input information of the detection model comprises: the type of an access network, the number N of users, time T and the flow proportion of a control plane and a user plane of a corresponding user; the output information of the detection model comprises: the cell to be accessed is a pseudo base station or a legal base station. That is, a detection model is obtained by training a neural network or a support vector machine in advance; inputting the type of an access network, the number N of users, the time T and the flow proportion of a control plane and a user plane of a corresponding user into a detection model; if the cell to be accessed is a pseudo base station, the detection model outputs that the cell to be accessed is the pseudo base station; and if the cell to be accessed is a legal base station, the detection model outputs that the cell to be accessed is the legal base station.
And 5: and when the cell to be accessed is judged to be the pseudo base station, the user terminal lists the cell to be accessed as a blacklist, executes the step 1 to the step 4, and reselects the cell until the cell to be accessed is judged to be a legal base station.
Step 6: after accessing a legal cell, the user terminal reports the abnormal information to a legal base station; wherein the exception information may include one of: the physical ID of the cell to be accessed of the pseudo base station, the type of the access network, the time for detecting the pseudo base station and the position of the user terminal, the number N and the time T of the detected users, the detected flow ratio of the control plane and the user plane of each user and the like.
For example, before the user terminal adopting the method of the present invention accesses the cell to be accessed, 8 user terminals which successfully access the cell are detected through the step 1, and the C-RNTI of each user terminal which successfully accesses the cell is obtained. As shown in table 1:
TABLE 1 successful access of user terminals and corresponding C-RNTIs
| User terminal (N ═ 8) | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| C-RNTI (decimal) | 19841 | 19681 | 12381 | 10848 | 12684 | 12952 | 13558 | 10472 |
And 2, obtaining the PDSCH resource allocation of each user terminal in 1 minute according to the PDCCH of the C-RNTI corresponding to each user terminal in a blind test mode. And 3, counting the flow ratio of the control plane and the user plane in the PDSCH of each user terminal in the 1 minute according to the PDSCH resource allocation of each user terminal obtained in the step 2. As shown in table 2:
table 2 successful access to user terminals and corresponding control plane to user plane traffic ratios
| User terminal (N ═ 8) | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| CP/UP | 73% | 95% | 80% | 78% | 93% | 87% | 67% | 85% |
Wherein CP denotes a Control Plane, i.e., a Control Plane; UP denotes User Plane, i.e. User Plane; CP/UP denotes a traffic ratio of the control plane to the user plane.
And 4, judging whether the cell to be accessed is a pseudo base station or not.
In this example, the first threshold is set to 70% and the second threshold is set to 80%. Specifically, according to the first threshold and the traffic ratio of the control plane to the user plane of the user terminal 1-8 in table 2, the number M of the user terminals whose traffic ratio of the control plane to the user plane is higher than the first threshold may be obtained as 7; from N-8, M/N-87.5% can be obtained. And judging that the cell to be accessed is a pseudo base station because the M/N is more than the second threshold value by 87.5 percent.
The user terminal can list the cell to be accessed which is judged as the pseudo base station as a blacklist, reselect the cell and execute the steps 1 to 4 until the cell to be accessed is judged as a legal base station.
And after the legal cell is accessed, the user terminal reports the abnormal information to the legal base station.
It should be noted that the values of the parameters N, M, the first threshold and the second threshold are not limited to the values in this example.
The invention relates to a device for identifying a pseudo base station, which comprises:
the monitoring module is used for detecting the PRACH of the cell to be accessed, monitoring the random access process of the user requesting to be accessed, and extracting the C-RNTI corresponding to each user from N users successfully accessed; the method is used for blind detecting the PDCCH according to the C-RNTI corresponding to each user in T time respectively to obtain the resource allocation information of the PDSCH of each user; the concrete implementation means is as follows: detecting a PRACH of a cell to be accessed, and acquiring an RA-RNTI corresponding to a user requesting to be accessed; detecting a PDCCH by using the RA-RNTI to obtain MSG2 on the PDSCH; acquiring TC-RNTI and PUSCH resource allocation information of MSG3 through UL Grant contained in MSG 2; monitoring MSG3 according to the PUSCH resource allocation information of the MSG 3; obtaining the identity of the user for conflict resolution from the MSG 3; after monitoring MSG3, detecting PDCCH by using TC-RNTI to obtain MSG4 on PDSCH; if the obtained MSG4 includes the identity of the user for conflict resolution, the random access procedure of the user is successful, and C-RNTI is TC-RNTI.
And the counting module is used for counting the flow ratio of the control plane and the user plane in the PDSCH of each user in the T time.
The judging module is used for judging whether the cell to be accessed is a pseudo base station or not according to the flow proportion of the control plane and the user plane in the PDSCH within T time of each user in the N users; specifically, whether the flow ratio of a control plane to a user plane in the PDSCH within T time of each user is higher than a preset first threshold is judged; counting the number of users with the flow ratio of the control plane to the user plane in the PDSCH in the time T of the N users higher than a first threshold value according to the judgment result, and recording as M; if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station; the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number M of users whose flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number N of detected users.
And the reporting module is used for listing the cell to be accessed as a blacklist and reporting the abnormal information to a legal base station when the cell to be accessed is a pseudo base station.
Finally, it should be noted that: the above-mentioned embodiments are only specific embodiments of the present invention, which are used for illustrating the technical solutions of the present invention and not for limiting the same, and the protection scope of the present invention is not limited thereto, although the present invention is described in detail with reference to the foregoing embodiments, those skilled in the art should understand that: any person skilled in the art can modify or easily conceive the technical solutions described in the foregoing embodiments or equivalent substitutes for some technical features within the technical scope of the present disclosure; such modifications, changes or substitutions do not depart from the spirit and scope of the embodiments of the present invention, and they should be construed as being included therein. Therefore, the protection scope of the present invention shall be subject to the protection scope of the claims.
Claims (9)
1. A method of identifying a pseudo base station, comprising the steps of:
step 1: detecting PRACH of a cell to be accessed, monitoring a random access process of a request access user, and extracting C-RNTI corresponding to each user from N users successfully accessed;
step 2: in time T, blind detecting a PDCCH according to the C-RNTI corresponding to each user respectively, and acquiring the resource allocation information of the PDSCH of each user;
and step 3: according to the resource allocation information of the PDSCH of each user obtained in the step 2, counting the flow proportion of a control plane and a user plane in the PDSCH of each user within the time T;
and 4, step 4: judging whether a cell to be accessed is a pseudo base station according to the flow ratio of a control plane to a user plane in a PDSCH of each user in N users within a time T, and specifically comprising the following steps:
step 4.1: judging whether the flow ratio of a control plane to a user plane in a PDSCH of each user in time T is higher than a preset first threshold value or not;
step 4.2: counting the number of users of the N users, wherein the flow ratio of the control plane to the user plane in the PDSCH within the time T is higher than the first threshold value and recording the number as M according to the judgment result of the step 4.1;
step 4.3: if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station;
the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number of users M in which the flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number of detected users N.
2. The method according to claim 1, wherein the step 1 specifically comprises the following steps:
step 1.1: detecting a PRACH of a cell to be accessed, and acquiring an RA-RNTI corresponding to a user requesting to be accessed;
step 1.2: using the RA-RNTI to detect the PDCCH, and acquiring a random access response MSG2 replied to a user by a base station on the PDSCH; acquiring TC-RNTI and PUSCH resource allocation information of a message MSG3 sent to the base station by the user through UL Grant contained in a random access response MSG2 replied by the base station to the user;
step 1.3: monitoring a message MSG3 sent by a user to a base station according to PUSCH resource allocation information of the message MSG3 sent by the user to the base station; acquiring the identity of the user for conflict resolution from a message MSG3 sent by the user to the base station;
step 1.4: after monitoring a message MSG3 sent by a user to a base station, detecting a PDCCH by using TC-RNTI to obtain a message MSG4 replied to the user by the base station on the PDSCH;
step 1.5: and if the acquired message MSG4 of the base station reply user contains the identity of the user for conflict resolution, the random access process of the user is successful, and C-RNTI is TC-RNTI.
3. The method according to claim 1, wherein the step 3 specifically comprises: and distinguishing flow of a control plane and a user plane according to the LCID of the MAC sub-header, acquiring the length of a PDCP packet through a PDCP layer header, counting the flow of the control plane and the user plane in the PDSCH within T time of each user, and calculating the flow ratio of the control plane and the user plane in the PDSCH within T time of each user.
4. The method of claim 1, wherein the first threshold and the second threshold are obtained in advance by training a neural network.
5. The method of claim 1, wherein the first threshold and the second threshold are obtained by training a support vector machine in advance.
6. The method of claim 1, wherein the step 4 specifically comprises:
training by a neural network or a support vector machine in advance to obtain a detection model; inputting the type of an access network, the number N of users, the time T and the flow ratio of a control plane and a user plane of a corresponding user into the detection model; if the cell to be accessed is a pseudo base station, the detection model outputs that the cell to be accessed is the pseudo base station; and if the cell to be accessed is a legal base station, the detection model outputs that the cell to be accessed is the legal base station.
7. The method of claim 1, further comprising the steps of:
and 5: when the cell to be accessed is judged to be the pseudo base station, the user terminal lists the cell to be accessed as a blacklist, cell selection is carried out again, and the step 1-the step 4 are executed until the cell to be accessed is judged to be a legal base station;
step 6: and after the legal cell is accessed, the user terminal reports the abnormal information to the legal base station.
8. An apparatus for identifying a pseudo base station, comprising:
the monitoring module is used for detecting the PRACH of the cell to be accessed, monitoring the random access process of the user requesting to be accessed, and extracting the C-RNTI corresponding to each user from N users successfully accessed; and the PDCCH is blindly detected according to the C-RNTI corresponding to each user in time T to obtain the resource allocation information of the PDSCH of each user;
a statistic module, configured to count a traffic ratio between a control plane and a user plane in the PDSCH of each user within time T;
the judging module is used for judging whether the cell to be accessed is a pseudo base station or not according to the flow proportion of the control plane and the user plane in the PDSCH of each user in the N users within the time T; specifically, whether the flow ratio of a control plane to a user plane in the PDSCH of each user within time T is higher than a preset first threshold is judged; counting the number of users with the flow ratio of the control plane to the user plane in the PDSCH in the time T higher than the first threshold value in the N users according to the judgment result, and recording as M; if the value of the M/N is larger than a preset second threshold value, judging that the cell to be accessed is a pseudo base station; otherwise, judging the cell to be accessed as a legal base station;
the first threshold is a traffic proportion threshold of a control plane and a user plane corresponding to time T; the second threshold is a proportional threshold of the number of users M in which the flow rate ratio of the control plane to the user plane is higher than the first threshold to the total number of detected users N.
9. The apparatus for identifying pseudo base station according to claim 8, further comprising: and the reporting module is used for listing the cell to be accessed as a blacklist and reporting the abnormal information to a legal base station when the cell to be accessed is a pseudo base station.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911040187.7A CN110753349B (en) | 2019-10-29 | 2019-10-29 | Method and equipment for identifying pseudo base station |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201911040187.7A CN110753349B (en) | 2019-10-29 | 2019-10-29 | Method and equipment for identifying pseudo base station |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110753349A CN110753349A (en) | 2020-02-04 |
| CN110753349B true CN110753349B (en) | 2020-10-27 |
Family
ID=69280962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201911040187.7A Active CN110753349B (en) | 2019-10-29 | 2019-10-29 | Method and equipment for identifying pseudo base station |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110753349B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111586592B (en) * | 2020-05-27 | 2021-11-16 | 浙江云蛛科技有限公司 | Vehicle running state short information transmission method and system based on Internet of vehicles |
| CN113099456B (en) * | 2021-05-13 | 2022-05-03 | 中国联合网络通信集团有限公司 | Pseudo base station identification method, device, equipment and storage medium |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118766A (en) * | 2009-12-31 | 2011-07-06 | 成都市华为赛门铁克科技有限公司 | Method and device for identifying base station, and network system |
| CN106658512A (en) * | 2016-12-23 | 2017-05-10 | 广西英伦信息技术股份有限公司 | Method for rapidly locating malicious call number from bill statistics |
| CN108347789A (en) * | 2017-01-24 | 2018-07-31 | 华为技术有限公司 | A kind of accidental access method and device |
| WO2019028697A1 (en) * | 2017-08-09 | 2019-02-14 | Zte Corporation | Quality of service implementations for separating user plane |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9775045B2 (en) * | 2015-09-11 | 2017-09-26 | Intel IP Corporation | Slicing architecture for wireless communication |
| CN109275145B (en) * | 2018-09-21 | 2022-04-12 | 腾讯科技(深圳)有限公司 | Device behavior detection and barrier processing method, medium and electronic device |
-
2019
- 2019-10-29 CN CN201911040187.7A patent/CN110753349B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102118766A (en) * | 2009-12-31 | 2011-07-06 | 成都市华为赛门铁克科技有限公司 | Method and device for identifying base station, and network system |
| CN106658512A (en) * | 2016-12-23 | 2017-05-10 | 广西英伦信息技术股份有限公司 | Method for rapidly locating malicious call number from bill statistics |
| CN108347789A (en) * | 2017-01-24 | 2018-07-31 | 华为技术有限公司 | A kind of accidental access method and device |
| WO2019028697A1 (en) * | 2017-08-09 | 2019-02-14 | Zte Corporation | Quality of service implementations for separating user plane |
Non-Patent Citations (2)
| Title |
|---|
| SILVÈRE MAVOUNGOU等.Survey on Threats and Attacks on Mobile Networks.《IEEE》.2016, * |
| TETRA数字集群伪基站关键技术的研究;孙军;《中国优秀硕士学位论文全文数据库 信息科技辑(月刊 )》;20200115;全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110753349A (en) | 2020-02-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105873068B (en) | Method and device for identifying pseudo base station | |
| CN105722090B (en) | Control method and device for automatically identifying pseudo base station | |
| CN103155665B (en) | implicit reject response | |
| EP2874367B1 (en) | Call authentication method, device, and system | |
| KR102157661B1 (en) | Wireless intrusion prevention system, wireless network system, and operating method for wireless network system | |
| WO2020145005A1 (en) | Source base station, ue, method in wireless communication system | |
| CA3143371C (en) | Signaling storm blocking method, apparatus, and device, and storage medium | |
| US10595248B2 (en) | Method and device for identifying pseudo-base station by a mobile terminal | |
| CN104683965B (en) | The hold-up interception method and equipment of a kind of pair of pseudo-base station refuse messages | |
| US20130165077A1 (en) | Method and apparatus for identifying fake networks | |
| EP3119130B1 (en) | Restriction control device and restriction control method | |
| CN110753349B (en) | Method and equipment for identifying pseudo base station | |
| KR20170062301A (en) | Method and apparatus for preventing connection in wireless intrusion prevention system | |
| CN104125571A (en) | Method for detecting and suppressing pseudo-base station | |
| CN104486765A (en) | Wireless intrusion detecting system and detecting method | |
| CN108513301B (en) | Illegal user identification method and device | |
| CN104581731A (en) | Determining method and system for mobile phone terminal hijack process by pseudo base station | |
| CN109474932A (en) | A kind of identification of pseudo-base station and defence method and terminal | |
| CN110012470B (en) | Mobile communication 4G pseudo base station identification method based on TAU message process | |
| WO2019052464A1 (en) | Rogue base station recognition method and device, and computer readable storage medium | |
| KR102285257B1 (en) | Apparatus and method for detection of wireless intrusion detection system using WiFi access point | |
| Michelson et al. | Interference detection and reporting in IEEE 802.11 p connected vehicle networks | |
| CN108271156B (en) | Method and device for identifying pseudo base station | |
| CN111698683B (en) | Network security control method and device, storage medium and computer equipment | |
| CN110234106B (en) | Method and device for detecting whether VLR verifies identification response of called terminal |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |