Abstract: Methods, access network devices and computer programs in a radio access network (100) comprising a first network function, NF1, (140) and a second network function, NF2 (150). The access network device is configured to obtain, in the NF1 (140), information indicating an anomalous behavior of a wireless device (125), WD. The access network device is configured to initiate copying or transfer of a signaling context (260) associated with the WD (125) and existing in the NF1, from the NF1 to the NF2 (150). A computer program product is also disclosed. An access network device is configured to receive signaling from a wireless device, WD, (125), whereby a transfer of the signaling context associated with the WD between an NF1, and an NF2 is internal to the radio access network.

Abstract: A method is performed by a network node for training of machine-learned models for detection of abnormal User Equipment, UE, behavior. The method comprises obtaining training data comprising a plurality of interaction logs for a respective plurality of training UEs and clustering each of the interaction logs of the training data into one or more activity clusters with a machine-learned behavior analysis model to learn one or more activities associated with at least one of the one or more activity clusters.

Abstract: Systems and methods of the present disclosure are directed to a method performed by a Wireless Communication Device (WCD) for securing wireless communication. The method includes obtaining a configuration descriptive of network entity(s) comprising (a) Legitimate Network Entity (LNE(s)); (b) or Illegitimate Network Entity (INE(s)); or (c) both LNE(s) and INE(s). The method includes determining that a trigger condition for applying the configuration has occurred. The method includes, responsive to making the determination, applying the configuration to the WCD such that connection related procedure(s) of the WCD related to connection between the WCD and the network entity(s) are adjusted in such a manner that the WCD is permitted to connect to only the LNE(s), not permitted to connect to the INE(s), both permitted to connect to only the LNE(s) and not permitted to connect to the INE(s), or not permitted to connect to any network entity.

Abstract: A method is disclosed for handling a radio communication of a malicious user equipment, UE, in a wireless communication network. The method is performed by at least one network node in the wireless communication network. The method includes obtaining information identifying the malicious UE attached to the wireless communication network. The method includes performing at least one action to deter or delay serving the malicious UE without terminating the radio communication of the malicious UE with the wireless communication network. Further, the method includes controlling allocation of resources to the malicious UE to allow the malicious UE to retain the radio communication with the wireless communication network. Corresponding network node, and computer program products are also disclosed.

Abstract: A method is disclosed for handling a radio communication of a malicious user equipment, UE, in a wireless communication network. The method is performed by at least one network node in the wireless communication network. The method includes obtaining information identifying the malicious UE attached to the wireless communication network. The method includes performing at least one action to deter or delay serving the malicious UE without terminating the radio communication of the malicious UE with the wireless communication network. Further, the method includes controlling allocation of resources to the malicious UE to allow the malicious UE to retain the radio communication with the wireless communication network. Corresponding network node, and computer program products are also disclosed.

Abstract: Systems and methods of the present disclosure are directed to a method performed by a Wireless Communication Device (WCD) for securing wireless communication. The method includes obtaining a configuration descriptive of network entity(s) comprising (a) Legitimate Network Entity (LNE(s)); (b) or Illegitimate Network Entity (INE(s)); or (c) both LNE(s) and INE(s). The method includes determining that a trigger condition for applying the configuration has occurred. The method includes, responsive to making the determination, applying the configuration to the WCD such that connection related procedure(s) of the WCD related to connection between the WCD and the network entity(s) are adjusted in such a manner that the WCD is permitted to connect to only the LNE(s), not permitted to connect to the INE(s), both permitted to connect to only the LNE(s) and not permitted to connect to the INE(s), or not permitted to connect to any network entity.