As the mobile communication network is more and more widely applied, people use more frequently the mobile packet data service. As the wireless resources are scarce, the packet data service in the mobile communication system generally uses two-way charging, that is, both the flows of the mobile terminal receiving data messages from the network and sending data messages to the network (hereafter respectively referred to as downlink and uplink data) belong to the range of charging.
In the case of two-way charging, if there are other data subscribers maliciously sending junk data to a specific mobile terminal, the mobile terminal must pay for the junk data at the same time of suffering from the interference of the junk data, something that is intolerant for the subscribers. If no measures are taken to prevent this from happening, it may cause charge disputes and reduce the operator's network quality of service satisfaction.
Even if the operator does not charge the downlink flow, a lot of junk data still take up wireless bandwidth and reduce network operating efficiency and the capacity. Therefore, for wireless communication networks, the prevention of junk data has become common needs of the operators and the subscribers.
In data transmission, using the black lists to restrict data forwarding is a common means to prevent the transmission of the junk data, and the implementation of many black lists is currently done in the mobile terminal. Although such measures reduce the transmission of the junk data, but it cannot solve the problem of wireless bandwidth waste and subscriber charge loss. In addition, generally only high-end mobile terminal can implement the black lists, therefore, it needs to replace or upgrade the mobile terminal to prevent the transmission of the junk data. It can be seen that in the wireless communication systems, the prevention of the junk data is best implemented at the network side, thus to avoid the subscriber charge loss and wireless resource waste caused by the network based attacks.
However, for mobile communication systems, since the mobile terminal may roam and hand over, the access points also change due to the roaming and handover of the mobile terminal, therefore, the same access server cannot be fixedly used in the mobile data network to process the black lists, and a new mechanism is needed for black lists processing.
Currently, there are the following kinds of common methods for black lists processing:
first, black list control based on the terminal:
the black list control based on the terminal places the control points of the black lists in the mobile terminal, that is, when the junk data is sent to the mobile terminal, the mobile terminal detects and filters the source address of the data message based on the black lists set by the subscriber, and if the source address is found in the black lists, the data message is discarded.
With this method, the subscriber must purchase the terminal that supports black list filtering, which requires additional investment. In addition, when the terminal is used to refuse the junk data messages, the terminal cannot detect or discard the data messages until the junk data message or information is transmitted to the terminal, but at this point, the wireless bandwidth has been wasted, and the network has already charged the flow of the junk data. Therefore, the black list control in the terminal has defects such as flow charge loss, wireless resource waste and the increased investment in replacement of the terminal, and it has great application limitations.
Second, black list control based on the short message center:
In addition, there are some methods to prevent junk short messages, this kind of methods usually uses the short message center to achieve the junk information filtering, but, since the packet data flow does not actually go through the short message center, the short message center cannot be used to prevent malicious mobile packet data.
Third, unified black list control:
the unified black list control means to establish a unified black list in network devices and implement a unified black list control to all the subscribers. If the data of a subscriber in the black list is detected, the data is discarded. This control method does not distinguish the black list according to the needs of each subscriber, and it may either block or accept all. However, for the data messages from the same source, they may be junk data for one subscriber but useful data for another subscriber. Therefore, using the unified black list method cannot meet the special requirements of a single subscriber for shielding the junk data.
In addition, using the unified black list further brings the problem of black list update. If the black list is only added but not deleted, there may be so many black lists that the search efficiency is affected when forwarding the data messages, but if the black list is improperly removed, it will cause the attacker to strike again.
Fourth, the method for identifying the junk data and generating the black list:
There may be other methods for describing how to identify the junk information and generate the black list, whose emphasis is to automatically identify the malicious flow, and then extract the black list, but it does not consider how to control based on the black list. Such methods are often combined with the unified black list method to protect the network device from attacks, but it is difficult to ensure that a single subscriber device is not attacked.
Fifth, short message routing black list control based on the Home Subscriber Server (HSS):
Chinese patent application publication description CN200510137703 proposes a method of “storing anti-spam black list”. It is proposed that the Home Location Register (HLR) or HSS stores the black list, and when the message sent from the spammers is sent to the gateway, the gateway queries the HLR or HSS where the called party is located for the current roaming address of the called party, wherein, when querying the location server for the roaming address, the gateway carries the caller identifier and the called identifier. The HLR or HSS compares whether the calling address is in the called black list or not, if yes, directly reject the routing request, and do not give the routing information.
This method is relatively suitable for the processing of sending short message, but not for processing the packet data service, and it has the following problems:
1) this method requires the gateway to query the location server when forwarding each short message, which can not be implemented in the mobile packet data service. Since the data amount of the packet data service is large, if the gateway has to query the location server after receiving each IP data message, it will seriously degrade the data forwarding performance and substantially increase the load of the location server. In practical applications, the calling gateway often uses the first packet query, that is, only queries the location server about the routing of the called party when receiving the first IP data message, and then remembers the routing data of the called party, and in the subsequent process, when the gateway receives the data messages sent from the calling party to the called party, it does not query the location server about the routing but directly sends the data. Thus, when the called party detects the attack from the calling party, even if the called party adds the attacker into its own black list in the location server, since the gateway in which the attacker is located has already owned the routing information of the called party, it does not query the location server any more, thus the malicious attack cannot be terminated.
2) When there are a lot of caller subscribers in a gateway accessing to the same called network, for example, a lot of subscribers visit the Google webpage, if the gateway receives the Google access request from each caller, the gateway must reinitiate the routing query, which is clearly inefficient. The most common processing method is to store the routing information of the called party to be used for all subscribers. The location server (LS) records the black list, and the subscribers are required to query the LS for each packet, which is unreasonable and inefficient for the IP-based network.
3) When the called party removes the black list restriction on the calling party, since the called location does not store the routing information of the calling party, and the gateway does not query the location server about the routing information of the called party, the gateway cannot remove the restriction on the calling party in time, which will affect the quality of service.
In summary, the existing black list technologies cannot be applied to the mobile packet data service.