1. Field of the Invention
The present invention relates to limiting traffic in communications system. In particular, but not exclusively, the present invention relates to limiting useless traffic, for example traffic relating to viruses and other malware, in communications systems.
2. Related Art
A communication system can be seen as a facility that enables communication between two or more entities such as user equipment and/or other nodes associated with the system. The communication may comprise, for example, communication of voice, data, multimedia and so on. The communication system may be circuit switched or packet switched. The communication system may be configured to provide wireless communication.
Communication systems able to support mobility of communications devices across a large geographic area are generally called mobile communications system. In cellular communication systems a communications device typically changed the cell via which it communicates. Some examples of a cellular system are the Global System for Mobile Telecommunications (GSM) and General Packet Radio Service (GPRS). GPRS provides packet-switched data services and utilizes the infrastructure of a GSM system. Two further examples of cellular systems are EDGE and EGPRS, which are further enhancements to GSM and GPRS. EDGE refers to Enhanced Data Rates for GSM Evolution, and EGPRS refers to EDGE GPRS.
For illustrating packet-switched services in a cellular communication system, GPRS system is used below as an example. It is, however, appreciated, that similar concepts may be found also in other cellular systems supporting packet-switched services.
FIG. 1 illustrates schematically, as an example of a cellular system supporting packet-switched services, a GSM/GPRS communication system 10. Alternatively, the system 10 may be an EDGE/EGPRS network. Only some of the network elements of a GSM/GPRS network are illustrated in FIG. 1. The radio access network 20 comprises a number of base station systems (BSS). Each base station system comprises a base station controller (BSC) 22 and a number of base stations (BS) 21. A mobile station (MS) 11 communicates with a base station 21 over a radio interface. A packet-switched core network of the system GSM/GPRS system comprises a number of GPRS Supporting Nodes (GSN) 31. Each mobile station registered for packet-switched services has a serving GSN, called SGSN, which is responsible for controlling the packet-switched connections to and from the mobile station. The packet-switched core network is typically connected to further packet-switched networks via a Gateway GSN (GGSN) 32. As FIG. 1 shows, a further packet switched network 40 typically comprises an edge router (ER) 41.
Viruses are a common problem in personal computers (PCs) that are connected to public data networks. The effects of a virus on a computer may various: the computer may totally crash down, the user may notice some oddities or the user may be unaware of a virus infecting his computer. In any case, the virus typically aims to spread further via a network the computer is connected to. Some viruses may scan actively network nodes connected to the network. It is also possible that a node affected by a virus causes, by flooding a network or a server, connections to other nodes to be refused or cut off.
In the following, viruses are used as an example of malware. The term malware is abbreviated from malicious software, and it refers, for example, to various viruses, worms, and spying software. It is also appreciated that although traffic relating to malware is discussed in this description in some detail, network elements may malfunction and cause useless traffic to a communications system also due to other reasons than due to malware infection.
As it is possible to use a personal computer in, for example, a GPRS network by supplying the computer with suitable equipment (often called a card phone), the traffic caused by viruses affects also cellular networks. Furthermore, it is possible that viruses will spread also to other user equipment than personal computers, such as to personal digital assistants (PDAs) or modern portable telephones.
Especially in the radio access network (in wireless environment) communication resources are limited. Useless traffic caused by viruses, by other malware or by malfunctioning devices may cause serious difficulties, such as latency or loss of packets, for normal traffic. Especially connections, where both end points are reachable via a wireless network, are sensitive to latency and loss of packets. Due to latency and/or loss of packets, transport protocols encounter challenges to keep connections alive.
It would be beneficiary to remove viruses from network nodes and clear virus infected data packets. Some known approaches are static cleaning of the network nodes, packet filtering and firewalls. Static cleaning refers to anti-virus software installed/running on a computer or network node. The anti-virus software typically scans stored files or data and seeks featured character queue to identify known viruses. If anti-virus software finds virus infected file or data, the anti-virus software will clean or quarantine the infected object. The effectiveness of static cleaning depends on how well users of computers or other communication devices use anti-virus software.
Packet filtering refers to a network node scanning data packets transmitted via the node or to/from the node. For example, a network address translation (NAT) device may perform also packet filtering. If a data packet seems to be infected (that is, the data packet seems to contain data relating to a virus or be a data packet transmitted by a virus), the suspected packet is typically dropped. Packet filtering can work on a node, whereby transmitted and/or received data packets are filtered. Packet filtering may be implemented at entrance of a network segment. It may prevent traffic from going out from the network segment or into the network segment. Packet filtering usually needs to be based on simple rules, because very detailed analysis of the data packets may cause heavy latency to traffic. In any case, packet filtering typically causes some latency to all traffic. Packet filtering is usually not a practical approach for core networks. FIG. 2 shows, however, a simplified schematic example of packet filtering nodes 51a, 51b placed between edge routers 41a, 41b and a core network 40. The edge routers 41a, 41b are in FIG. 2 called Access Network Edge Routers (ANER). The situation FIG. 2 shows relates to two communications devices 11a, 11b using GRPS networks as access networks. The communications device 11a, 11b in FIG. 2 may be, for example, personal computer equipped with card phones.
A firewall refers to a network node separating typically a network segment from, say, a public packet network. A firewall typically uses packet filtering and may cause latency to all traffic. In a wireless network, more re-transmissions and error corrections are typically needed than in a fixed network. There typically is a certain time limit, within which a data packet should be successfully transmitted. The re-transmission and error corrections together with the latency caused by packet filtering in a firewall may cause too much delay for packets to be successfully transmitted in a wireless network. Rule based packet filtering in a firewall may therefore be an infeasible solution for wireless network segments.
There are thus problems relating to viruses infecting network nodes and/or to the traffic caused by viruses. In addition, useless traffic originating from malfunctioning device may cause problems. Especially in wireless communication system, the transmission capacity loss over the air interface may cause problems to the operators. Furthermore, processing capacity loss in, for example, GPRS supporting nodes may be significant. Packets may be lost due to too long latency. Users with no virus infected communications device are also affected indirectly by the transmission capacity loss and processing capacity loss. Furthermore, as the price for using wireless communication resources is typically considerable, a user with a virus infected communications device may have an unusually high invoice for data transmission services. It is also evident that virus infected data packets increase the risk to get a virus infection to a communications device or to a network node.
The present invention aims to address at least some of the problems discussed above.