The Design and Implementation of GTP-U Traffic Monitoring Module for GTP_IPS
|Course||Applied Computer Technology|
|Keywords||3G core networks GTP IPS GTP-U traffic monitoring|
With the development of the 3rd generation mobile communication (3G) networks and applications, security issues in such networks have become an increasing concern. GTP is one of the most important IP bearing and tunnels wrapper protocols in 3G core networks. However, the GTP protocol itself does not employ any security mechanism, and therefore it has obvious security vulnerabilities which can be easily exploited by attackers, so that the 3G core networks are facing huge security threats. To address this issue, research on security filtering and protective technologies for GTP is carried out, and a GTP IPS system, with GTP-C and GTP-U security features, has been designed and implemented.This thesis mainly focuses on the design and implementation of GTP-U traffic monitoring module for GTPIPS. First, the security threats faced by GTP-U are analyzed and protective functions for user plane traffic in the GTP protection products of the major security vendors at home and abroad are summarized. On this basis, combined with the GTP characteristics, a GTP-U traffic monitoring module has been designed and implemented. It mainly supports the following functions:information maintenance and detection of TEID and Sequence Number in the GTP-U, stratified protocol analysis of the GTP-U data, which include IPv4, TCP, UDP, HTTP protocol, HTTP service data restore and content audit, and GTP-U attack detection, such as GTP-in-GTP attack detection. In order to test the effectiveness of the module, a laboratory test environment is set up. And the module is tested by using GTP test tool and scenes. Test results show that, this GTP-U traffic monitoring module can effectively cope with many security threats for GTP-U, and meet the GTPIPS protective needs for GTP-U traffic.This work is supported by the National Natural Science Foundation of China.