Abstract: A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

Abstract: A system and method for defending a mobile network from a fraud committed via GTP is disclosed. According to one embodiment, a computer-implemented method includes receiving receives information associated with a GTP request from a serving node to a gateway node in a mobile network. The information associated with the GTP request is a GTP control plane request or a CDR associated with the GTP request. The information associated with a GTP request is examined, and parameters contained in the information associated with the GTP request are analyzed. It is determined that the GTP request is a fraudulent GTP request if the parameters do not belong to an authorized subscriber of the mobile network. A GTP tunnel associated with the fraudulent GTP request is denied, an established fraudulent GTP tunnel is deleted, or network traffic established by a fraudulent GTP tunnel is redirected to a monitoring node.

Abstract: A system and method for discovering user equipment in a network is disclosed. According to one embodiment, a discovery proxy periodically scans an access router that serves a target user equipment and collects an address assignment record of the target user equipment via the access router. The discovery proxy passes the address assignment record to a discovery server, and the discovery server identifies a location of the target user equipment based on the address assignment record of the target user equipment.