Search

CN-119653324-B - 5G multistage processing user data tracing association method based on strong verification

CN119653324BCN 119653324 BCN119653324 BCN 119653324BCN-119653324-B

Abstract

The invention discloses a 5G multistage processing user data tracing association method based on strong verification, which specifically comprises the step that 5G original signaling enters a first-stage processing board card in a load balancing mode. The first-level board card analyzes N11 and N16 signaling, and encapsulates the analyzed data into a first-level semi-structured data packet. And after the second-level board card receives the first-level semi-structured data, updating the user table entry. And the second-level board card packages the three-code information and the tunnel information into second-level structured data, and filters and sends the second-level structured data to the third-level board card according to the learned UPF IP. The three-level board analyzes and extracts the three codes of the user, the position information NCGI, the uplink and downlink tunnel numbers and the network element IP allocated to the user and the IP address allocated to the user to surf the Internet, and the three-level board analyzes the external tunnel numbers and the external IP address from the 5G N3 interface service data. And carrying out user tracing association by using the outer IP of the N3 service data and the tunnel number. And (3) performing strong verification by using the inner layer IP, the IMSI associated with the double-side tunnels and the IP associated with the base station, and ensuring the tracing association accuracy of the user.

Inventors

  • SU WEIQIN
  • BI YONGHUI
  • ZHANG RUOFENG
  • WU HONGWEI
  • LIN SHIGUO
  • ZHANG CHUNHUI
  • GUO ZHIWANG

Assignees

  • 厦门市美亚柏科信息安全研究所有限公司

Dates

Publication Date
20260512
Application Date
20241031

Claims (7)

  1. 1. A5G multistage processing user data tracing association method based on strong verification is characterized by comprising the following steps: S1, 5G original signaling enters a first-level board card in a load balancing mode, the first-level board card analyzes N11 and N16 signaling, the analyzed data is packaged into a first-level semi-structured data packet, and the data packet is distributed on a second-level board card in an imsi load balancing mode; S2, the second-level board card receives the first-level semi-structured data packet, updates a user table entry, encapsulates user three codes and tunnel information into second-level structured data, learns and screens the second-level structured data by using UPF IP, and sends the screened data to the third-level board card, wherein the user three codes comprise an IMSI international mobile subscriber identity, an IMEI international mobile equipment identity and a using mobile phone number of an MSISDN user; S3, the three-level board analyzes the received two-level structured data, extracts the user three codes and the position information NCGI, allocates uplink and downlink tunnel numbers and network element IP for the user, and allocates Internet IP for the user; s4, the three-level board receives service data through a 5G N3 interface, and analyzes an uplink and downlink tunnel number, an uplink and downlink network element IP, an Inner layer source IP address and an Inner layer destination IP address from the service data, wherein the uplink and downlink tunnel number and the uplink and downlink network element IP are recorded as Teid _N3_Up+UPF IP and Teid _N3_Down+ gNode IP, and the Inner layer source IP address and the Inner layer destination IP address are recorded as IPv4_src_Inner, ipv 4_Dst_Inder, ipv6_src_Inner and Ipv6_Dst_ Innder; S5, performing user tracing association by using the uplink and downlink tunnel numbers and the uplink and downlink network element IP, and performing strong verification by using the IMSI associated with the uplink and downlink tunnel numbers and the IP associated with the base station by using the inner layer source IP address and the inner layer destination IP address, wherein the strong verification specifically comprises the following steps: S5.1, the user information queried by utilizing the Teid _N3_Up+UPF IP and Teid _N3_Down+ gNode IP needs to be consistent; S5.2, checking by using the Internet Protocol (IP) of the user and an Inner layer IP, if the Inner layer IP is IPv4, the IPv4_src_inner or the IPv4_Dst_ Innder needs to be consistent with UE IPv4 in an associated user information table, and if the Inner layer IP is IPv6 prefix, the prefix of the IPv6_src_inner or the IPv6_Dst_ Innder is consistent with the UE IPv6 prefix in the associated user information table, wherein the Inner layer IP comprises an Inner layer source IP address and an Inner layer destination IP address; S5.3, the base station IP corresponding to the associated position information NCGI is required to be consistent with the base station IP of the N3 interface service data, and the method comprises the steps of searching gNB ID- > gNB IP list items by using the base station ID extracted by the position information NCGI, and obtaining the base station IP consistent with the gNB IP analyzed by the N3 interface service data.
  2. 2. The method for tracing association of user data according to claim 1, wherein the specific step of step S1 further comprises: S1.1, resolving a user three code, position information NCGI and a session ID from Nsmf _ PDUSession _ CreateSMContext Request signaling, packaging the user three code, the position information NCGI and the session ID into semi-structured data, marking the semi-structured data as semi_data_a, and balancing loads to a secondary board card through imis; S1.2, resolving smContextRef from Nsmf _ PDUSession _ CreateSMContext Response signaling, packaging smContextRef into semi-structured data by imis, marking as semi_data_b, and balancing the load to a secondary board card through imis; S1.3, analyzing IMSI, smContextRef and tunnel information in a user three code from Namf _communication_N1N MESSAGETRANSFER signaling, packaging the semi-structured data, marking the semi-structured data as semi-data_c, and balancing the semi-data_c to a second-level board card through an imsi load; S1.4, resolving smContextRef and tunnel information from Nsmf _ PDUSession _ UpdateSMContext Request signaling, packaging the semi-structured data, marking the semi-structured data as semi_data_d, and sending the semi-structured data to a secondary board card in a broadcasting mode; s1.5, resolving smContextRef from Nsmf _ PDUSession _ ReleaseSMContext Request signaling, marking user off line, packaging into semi-structured data, recording as semi-structured data_e, and sending to a secondary board card in a broadcasting mode.
  3. 3. The method for tracing association of user data according to claim 2, wherein the specific processing step of receiving the primary semi-structured data packet by the secondary board card to update the user table entry comprises: S2.1, receiving the semi_data_a semi-structured data, and establishing imis associated imsiInfo table entries, wherein imsiInfo comprises user three codes, position information NCGI, uplink and downlink tunnel numbers allocated for users, network element IP and Internet access IP allocated for users; S2.2, receiving the semi_data_b semi-structured data, and establishing smContextRef- > imis table entries; S2.3, receiving the semi_data_c semi-structured data, and updating an imsi- > imsiInfo table entry; S2.4, receiving semi_data_d semi-structured data, searching smContextRef- > imis table items, acquiring imis, and searching imsi- > imsiInfo table items through the imsi to update; S2.5, receiving semi_data_e semi-structured data, searching smContextRef- > imis table items, acquiring imis, searching imsi- > imsiInfo table items through the imsi, and deleting the user offline.
  4. 4. The method for tracing association of user data according to claim 1, wherein the step S3 of processing further comprises: s3.1, establishing a user association list item, wherein the user association list item comprises association list items for establishing the uplink and downlink tunnel numbers, user three codes, position information NCGI and internet access IP; S3.2, establishing a base station IP association table entry, including extracting gNB ID by using the position information NCGI, and establishing the gNB ID association base station IP.
  5. 5. The method for tracing and associating user data according to claim 1, wherein the step of tracing and associating the user by using the uplink and downlink tunnel numbers and the uplink and downlink network element IP specifically comprises the steps of searching Teid +ip- > UserInfo table entries by using Teid _n3_up+upf IP as a Key, obtaining first user information, and searching Teid +ip- > UserInfo table entries by using Teid _n3_down+ gNode IP as a Key, and obtaining second user information.
  6. 6. A computer program product, characterized in that it has stored thereon a computer program which, when executed by a processor, implements the method according to any of claims 1-5.
  7. 7. A computing system comprising a processor and a memory, the processor configured to perform the method of any of claims 1-5.

Description

5G multistage processing user data tracing association method based on strong verification Technical Field The invention relates to the field of automatic flow collection and analysis, in particular to a 5G multistage processing user data tracing association method based on strong verification. Background Mobile communication has undergone evolution of 1G, 2G, 3G, and 4G according to the development law of every ten years. Each transition between generations and technological progress has greatly driven industry upgrades and economic and social developments. The rapid development of 4G networks brings about explosive growth of new services and new businesses, and simultaneously, urgent and higher demands are put forward on the next-generation communication technology, 5G. At present, the 5G is deeply fused with technologies such as cloud computing, big data, artificial intelligence, big models and the like, so that the fusion application of the 5G in various industries is accelerated, the business model innovation is promoted, the 5G technology is promoted to diffuse and permeate into various fields of economy and society, new information products and services are inoculated, and a new digital economy development space is expanded. How to perform traceability association on 5G user data and make network space security management is an important difficulty problem faced by us at present. Through research, the existing 5G user data tracing technology does not verify the accuracy of the user data, which results in insufficient accuracy. Aiming at the defects of the existing scheme and combining the characteristics and the requirements of specific application, the invention provides a method for carrying out strong verification on 5G user data in the field of 5G user data tracing so as to achieve the purpose of improving the accuracy of user data tracing association. Disclosure of Invention The invention aims to overcome the defects of the existing method, and provides a 5G multistage processing user data tracing association method based on strong verification according to the requirements of specific application and actual combat, which is used for solving the problems that the 5G original signaling flow is large, the number of users exceeds tens of millions, the multistage processing user tracing is creatively used, and the problems of inaccuracy, easy error and the like are solved by adopting a strong verification mode. According to one aspect of the invention, a 5G multistage processing user data tracing association method based on strong verification is provided, which comprises the following steps: S1, 5G original signaling enters a first-level board card in a load balancing mode, the first-level board card analyzes N11 and N16 signaling, the analyzed data is packaged into a first-level semi-structured data packet, and the data packet is distributed on a second-level board card in an imsi load balancing mode; S2, the second-level board card receives the first-level semi-structured data packet, updates user table entries, encapsulates user three codes and tunnel information into second-level structured data, learns and screens the second-level structured data by using UPF IP, and sends the screened data to the third-level board card; S3, the three-level board analyzes the received two-level structured data, extracts the user three codes and the position information NCGI, allocates uplink and downlink tunnel numbers and network element IP for the user, and allocates Internet IP for the user; s4, the three-level board receives service data through a 5G N3 interface, and analyzes uplink and downlink tunnel numbers, uplink and downlink network element IP, an inner layer source IP address and an inner layer destination IP address from the service data; s5, performing user tracing association by using the uplink and downlink tunnel numbers and the uplink and downlink network element IP, and performing strong verification by using the IMSI associated with the uplink and downlink tunnel numbers and the IP associated with the base station by using the inner layer source IP address and the inner layer destination IP address. Further, the specific step of step S1 further includes: S1.1, resolving a user three code, position information NCGI and a session ID from Nsmf _ PDUSession _ CreateSMContext Request signaling, packaging the user three code, the position information NCGI and the session ID into semi-structured data, marking the semi-structured data as semi_data_a, and balancing loads to a secondary board card through imis; S1.2, resolving smContextRef from Nsmf _ PDUSession _ CreateSMContext Response signaling, packaging smContextRef into semi-structured data by imis, marking as semi_data_b, and balancing the load to a secondary board card through imis; S1.3, analyzing IMSI, smContextRef and tunnel information in a user three code from Namf _communication_N1N MESSAGETRANSFER signaling, packaging the semi-structu