[go: up one dir, main page]

WO2010022777A1 - Suspicious heavy user handling - Google Patents

Suspicious heavy user handling Download PDF

Info

Publication number
WO2010022777A1
WO2010022777A1 PCT/EP2008/061296 EP2008061296W WO2010022777A1 WO 2010022777 A1 WO2010022777 A1 WO 2010022777A1 EP 2008061296 W EP2008061296 W EP 2008061296W WO 2010022777 A1 WO2010022777 A1 WO 2010022777A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
network connection
service
quality
threshold
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Ceased
Application number
PCT/EP2008/061296
Other languages
French (fr)
Inventor
Miikka Huomo
Juha Suojanen
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nokia Solutions and Networks Oy
Original Assignee
Nokia Siemens Networks Oy
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nokia Siemens Networks Oy filed Critical Nokia Siemens Networks Oy
Priority to PCT/EP2008/061296 priority Critical patent/WO2010022777A1/en
Publication of WO2010022777A1 publication Critical patent/WO2010022777A1/en
Anticipated expiration legal-status Critical
Ceased legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5061Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the interaction between service providers and their network customers, e.g. customer relationship management
    • H04L41/5067Customer-centric QoS measurements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L43/00Arrangements for monitoring or testing data switching networks
    • H04L43/16Threshold monitoring
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/11Identifying congestion
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2458Modification of priorities while in transit
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L47/00Traffic control in data switching networks
    • H04L47/10Flow control; Congestion control
    • H04L47/24Traffic characterised by specific attributes, e.g. priority or QoS
    • H04L47/2475Traffic characterised by specific attributes, e.g. priority or QoS for supporting traffic characterised by the type of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0205Traffic management, e.g. flow control or congestion control at the air interface
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0252Traffic management, e.g. flow control or congestion control per individual bearer or channel
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/02Traffic management, e.g. flow control or congestion control
    • H04W28/0284Traffic management, e.g. flow control or congestion control detecting congestion or overload during communication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W28/00Network traffic management; Network resource management
    • H04W28/16Central resource management; Negotiation of resources or communication parameters, e.g. negotiating bandwidth or QoS [Quality of Service]
    • H04W28/24Negotiating SLA [Service Level Agreement]; Negotiating QoS [Quality of Service]

Definitions

  • the present invention relates to an apparatus, system and method for controlling network usage by detecting use of unwanted bandwidth-hungry applications.
  • P2P peer-to-peer
  • Another method is to perform a bandwidth management where it is given less capacity for certain users or services, but at present it is possible to do that only on network level, not on radio cell level.
  • GGSN gateway GPRS support nodes
  • an apparatus comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • Certain modifications of the apparatus according to the first aspect may include the following.
  • the apparatus may be suitable for providing bandwidth management .
  • the identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
  • the identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
  • the identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
  • the quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
  • an apparatus comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .
  • a system comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • Certain modifications of the system according to the third aspect may include the following.
  • the system may be suitable for providing bandwidth management .
  • the identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
  • the identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
  • the identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
  • the quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
  • the system can further comprise provisioning means configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
  • the threshold can be set in relation to an average data transfer volume per time period of monitored user.
  • a system comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
  • system can further comprise a provisioning tool configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
  • the threshold can be set in relation to an average data transfer volume per time period of monitored user.
  • a method comprising identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service on said network connection which is actively set to represent a threshold exceeding application .
  • Certain modifications of the method according to the fifth aspect may include the following.
  • the method may be capable of providing bandwidth management .
  • the method can further comprise user-specifically counting transmitted data volume, wherein the actively set threshold defines a maximum data transfer volume per time period.
  • the transmitted data volume can be user-specifically counted for a fixed time period and in fixed intervals.
  • the method can further comprise restoring the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
  • the method can further comprise periodically checking a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and actively setting a checking period.
  • the method can further comprise monitoring a data volume of a user and including the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and providing the record.
  • the method can further comprise setting the threshold in relation to an average data transfer volume per time period of monitored user.
  • a computer program product embodied as a computer readable medium storing instructions which comprise identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service with said network connection which is actively set to represent a threshold exceeding application.
  • Fig. 1 shows an implementation example for certain embodiments of the present invention.
  • embodiments of the present invention are presently considered to be particularly useful in 3 rd generation partnership project (3GPP) radio access networks such as GSM EDGE radio access networks (GERAN) and UMTS terrestrial radio access networks (UTRAN) as well as in long term evolution (LTE) and system architecture evolution (SAE) networks, where EDGE refers to enhanced data rates for GSM evolution, GSM refers to global system for mobile communications, and UMTS refers to universal mobile .
  • 3GPP 3 rd generation partnership project
  • 3GPP 3 rd generation partnership project
  • GERAN GSM EDGE radio access networks
  • UTRAN UMTS terrestrial radio access networks
  • SAE system architecture evolution
  • EDGE refers to enhanced data rates for GSM evolution
  • GSM refers to global system for mobile communications
  • UMTS refers to universal mobile .
  • certain embodiments of the present invention are also applicable to any other network where bandwidth management and/or network usage control is used like in fixed broadband networks (e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG) , in WiMAX (worldwide interoperability for microwave access) networks (e.g. with respect to an access service network gateway/home agent) etc or any internet protocol edge/border gateway product that analyzes user data .
  • fixed broadband networks e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG
  • WiMAX worldwide interoperability for microwave access
  • implementation examples comprise the following functionalities :
  • those users which generate most of the network load are identified and subjected to a by-default downgraded quality of service at the session start-up.
  • DPI deep packet inspection
  • the identification of heavy users can be based on charging data record (CDR) data volumes, statistics or for example some internal counters in a gateway node such as a GGSN.
  • CDR charging data record
  • a list of suspicious user could be provided which can take place using existing provisioning tools of the operator.
  • the identification of TOP heavy users can include an offline analysis of collected statistics. This can be done based on collected data of charging data records (CDR) or gateway node internal statistical data.
  • CDR charging data records
  • Embodiment 1 gateway node internal alternative
  • the gateway node can count and compare users internally based on the currently existing subscriber specific data volume counters which are e.g. used in generating charging data records (CDR) .
  • CDR charging data records
  • the operator could define thresholds which the gateway node should check before it resets this internal counter and increments the charging data record (CDR) data volume.
  • CDR charging data record
  • GGSN statistical data collection As follows:
  • the sample collection period is defined.
  • the statistics time period parameter is determined as the time during which samples are collected. The time is given in minutes. Allowed values are 15, 30, 45, and 60. The default value is 15.
  • the sample collection interval is defined.
  • the statistics time interval parameter is determined as how often samples are collected. The value is given in minutes. Allowed values are 1, 5, 15, 30, 45, and 60. The default value is 1.
  • the operator could define e.g. if the user data volume during the last 1/15 minutes (last measurement collection period) exceeds 30 Mbits/300 Mbits, then the user (packet data protocol (PDP) context) shall be marked internally in the GGSN.
  • PDP packet data protocol
  • Embodiment 2 post processing and provisioning alternative
  • the operator has (automatic) charging data record post-processing tool (i.e. apparatus) that identifies TOP heavy users based on the transmitted data volumes in a given time.
  • automatically charging data record post-processing tool i.e. apparatus
  • the tool monitors user activity based on thresholds and the transferred user data volume exceeds the defined threshold, the tool marks the user to the list of suspicious user.
  • the threshold is a limit for data transfer per hour or day etc.
  • the tool may alternatively mark the users e.g. if the transmitted data volumes are considerably higher than other users in average where thresholds may be used as well. In such cases simply the heaviest users are marked.
  • the tool After the tool marks the user, it provides the information to a user profile database that may be any profile server/lightweight database access protocol (LDAP) /remote authentication dial in user service (RADIUS) or policy server or even the home location register (HLR) .
  • LDAP profile server/lightweight database access protocol
  • RADIUS remote authentication dial in user service
  • HLR home location register
  • the most practical way to update the profile database would be to use existing provisioning tools which the operator has. Hence, this tool may be somehow integrated to the operator's existing provisioning system.
  • the downgrade of the quality of service and activation of deep packet inspection to the users identified as TOP heavy users can involve the following.
  • the gateway node receives an indication of a suspicious user at session start-up or knows it internally when it receives user information from a user profile database. If the user or the PDP context is marked to be suspicious, the gateway node immediately downgrades the quality of service by e.g. decreasing the maximum bit rate (MBR) and downgrading the traffic class for these users internally. That is, no PDP update over the Gn interface is performed. Further, also the differentiated services codepoint (DSCP) marking in the Gn interface may be based on this temporary gateway node internal quality of service.
  • MLR maximum bit rate
  • DSCP differentiated services codepoint
  • the session is continued with the downgraded quality of service. It is to be understood that also at this point the user will be marked in the subscription profile to be able to continue with reduced quality of service immediately after PDP context re-establishment.
  • a PDP context with downgraded quality of service is checked again after a period determined by the operator. If a misuse in the sense of using an "unwanted” application has ended, the original quality of service which is negotiated for the PDP context shall be allowed.
  • an implementation in a gateway node such as (but not limited to) a gateway GPRS (general packet radio service) support node is considered advantageous.
  • a gateway GPRS general packet radio service
  • an implementation is considered to be useful in all 3 rd generation partnership project (3GPP) networks and others. Accordingly, benefits can be achieved for e.g. mobile data networks, radio and core networks, deep packet inspection and bandwidth management functionalities, provisioning and subscriber database manufacturers.
  • embodiments of the present invention may also be implemented in accordance with performing bandwidth management network usage control in the Gi interface (between the access network and the Internet) , and corresponding servers would also benefit a lot if user data volume information would be available. In this case deep user data inspection could focus only to most likely misuses (i.e. to respective users) and network capacity would be saved.
  • An implementation of embodiments of the present invention may be achieved by providing a computer program product embodied as a computer readable medium which stores instructions according to the above described embodiments.
  • a gateway GPRS support node detects the used quota per subscriber during a definable time period. Counters for the used data can be tracked either internally by the GGSN or the used quota can be reported in the form of charging data records to a system involving e.g. servers providing the functions of post-processing, policy enforcement, balance holding and provisioning.
  • Fig. 1 shows an online service controller as a post-processing tool for the charging data records (CDR) that identifies heavy users based on the transmitted data volume in a given time.
  • CDR charging data records
  • the online service controller marks the user as "heavy user” and provides the information to a subscriber profile database .
  • the quality of service After a heavy user is detected, the quality of service will be downgraded so that less bandwidth is given. The quality of service is upgraded back to an original value if unwanted service usage is not identified by performing deep packet inspection in the GGSN or in any other node.
  • a marking as heavy user can be removed from the subscriber profile at this point.
  • the operator has the option to double check the subscriber service usage once in a while.
  • the marked heavy user begins a session, lower quality of service will be given based on the user information stored in the subscriber profile data base, since the GGSN can query the subscriber profile database upon session initiation and find out about the marking as heavy user.
  • identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold
  • quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service
  • deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Quality & Reliability (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

An apparatus comprises identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold. The apparatus further comprises quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service. In addition, the apparatus comprises deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Description

Suspicious heavy user handling
Field of the Invention
The present invention relates to an apparatus, system and method for controlling network usage by detecting use of unwanted bandwidth-hungry applications.
Related Background Art
With the evolving Internet environment a number of bandwidth intensive applications are nowadays popular which are demanded over any access technology.
However, there is a tendency that few of such bandwidth intensive applications consume the most of the provided broadband bandwidth. One of the most popular among them is peer-to-peer (P2P) traffic for downloads of music, games, videos and other content. This leads to network congestion by few users, while the majority of other users suffer from a reduced bandwidth.
In cellular networks the problem can be even worse, where the provision of faster access technologies, such as 3rd generation and high speed packet access (HSPA) , combined with attractive charging models (flat fee, monthly subscription) is attracting more and more mobile data users. One major limiting factor in mobile networks today is the throughput (packets per second) capability.
However, few active users can easily congest radio cells if e.g. peer-to-peer traffic consumes all the available capacity leading to a situation where the network service quality is perceived poor by all users in that cell. Accordingly, the exceptional and unexpected packet data traffic growth has lead to the situation where operators need to control their mobile data network usage.
Though, at present, the operator has no means to dynamically control the usage of such services.
One obvious way to improve the situation is to increase the radio network capacity and add new hardware.
However, this is naturally costly for the operator and can only prolong the problem at best, since data services are capacity hungry by nature and tend to eat all the offered/available capacity.
Another method is to perform a bandwidth management where it is given less capacity for certain users or services, but at present it is possible to do that only on network level, not on radio cell level.
However, performing a bandwidth management for all users is not feasible due to its nature of loading central processing units (CPU) heavily, although some state-of-the-art gateway GPRS support nodes (GGSN) support such network level bandwidth management.
Summary of the Invention
Therefore, it is an object of the present invention to overcome the problems described above.
According to a first aspect of the present invention, there is provided an apparatus, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
Certain modifications of the apparatus according to the first aspect may include the following.
The apparatus may be suitable for providing bandwidth management .
The identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
The identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
The identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
The quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means. The deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
According to a second aspect of the present invention, there is provided an apparatus, comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .
Certain modifications of the apparatus according to the second aspect may correspond to the modifications of the apparatus according to the first aspect set forth above.
According to a third aspect of the present invention, there is provided a system, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
Certain modifications of the system according to the third aspect may include the following.
The system may be suitable for providing bandwidth management .
The identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.
The identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
The identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
The quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
The deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set. The system can further comprise provisioning means configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
The threshold can be set in relation to an average data transfer volume per time period of monitored user.
According to a fourth aspect of the present invention, there is provided a system, comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
Certain modifications of the system according to the fourth aspect may correspond to the modifications of the system according to the third aspect set forth above.
In particular, the system can further comprise a provisioning tool configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means. The threshold can be set in relation to an average data transfer volume per time period of monitored user.
According to a fifth aspect of the present invention, there is provided a method, comprising identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service on said network connection which is actively set to represent a threshold exceeding application .
Certain modifications of the method according to the fifth aspect may include the following.
The method may be capable of providing bandwidth management .
The method can further comprise user-specifically counting transmitted data volume, wherein the actively set threshold defines a maximum data transfer volume per time period.
The transmitted data volume can be user-specifically counted for a fixed time period and in fixed intervals.
The can further comprise receiving and referring to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
The method can further comprise restoring the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
The method can further comprise periodically checking a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and actively setting a checking period.
The method can further comprise monitoring a data volume of a user and including the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and providing the record.
The method can further comprise setting the threshold in relation to an average data transfer volume per time period of monitored user.
According to a sixth aspect of the present invention, there is provided a computer program product embodied as a computer readable medium storing instructions which comprise identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service with said network connection which is actively set to represent a threshold exceeding application.
Certain modifications of the computer program product according to the sixth aspect may correspond to the modifications of the method according to the fifth aspect set forth above.
Brief Description of the Drawings
Other objects, aspects, features and advantages of the present invention are apparent from the following description of the embodiments thereof which is to be taken in conjunction with the accompanying drawings, in which:
Fig. 1 shows an implementation example for certain embodiments of the present invention.
Description of the preferred Embodiments
In the following, description will be made to what are presently considered to be preferred embodiments of the present invention. It is to be understood, however, that the description is given by way of example only, and that the described embodiments are by no means to be understood as limiting the present invention thereto.
For example, embodiments of the present invention are presently considered to be particularly useful in 3rd generation partnership project (3GPP) radio access networks such as GSM EDGE radio access networks (GERAN) and UMTS terrestrial radio access networks (UTRAN) as well as in long term evolution (LTE) and system architecture evolution (SAE) networks, where EDGE refers to enhanced data rates for GSM evolution, GSM refers to global system for mobile communications, and UMTS refers to universal mobile .
However, certain embodiments of the present invention are also applicable to any other network where bandwidth management and/or network usage control is used like in fixed broadband networks (e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG) , in WiMAX (worldwide interoperability for microwave access) networks (e.g. with respect to an access service network gateway/home agent) etc or any internet protocol edge/border gateway product that analyzes user data .
According to certain embodiments of the present invention, implementation examples comprise the following functionalities :
— Identifying TOP heavy users;
— Downgrading quality of service and activating deep packet inspection to these users; and
— Checking used applications periodically and removing quality of service limitation when restricted applications are used no more.
Specifically, those users which generate most of the network load are identified and subjected to a by-default downgraded quality of service at the session start-up.
Simultaneously, deep packet inspection (DPI) is started for those users, and should the services be other than peer-to-peer, the original quality of service is returned. After the quality of service downgrade the "unwanted" applications cannot congest the core network (CN) or radio access network (RAN) .
According to certain embodiments of the present invention, the identification of heavy users can be based on charging data record (CDR) data volumes, statistics or for example some internal counters in a gateway node such as a GGSN. Alternatively, a list of suspicious user could be provided which can take place using existing provisioning tools of the operator.
In the following, the implementation examples identified above are described in more detail.
1) The identification of TOP heavy users can include an offline analysis of collected statistics. This can be done based on collected data of charging data records (CDR) or gateway node internal statistical data.
Embodiment 1 : gateway node internal alternative
The gateway node can count and compare users internally based on the currently existing subscriber specific data volume counters which are e.g. used in generating charging data records (CDR) .
The operator could define thresholds which the gateway node should check before it resets this internal counter and increments the charging data record (CDR) data volume.
Currently, an operator can configure a GGSN statistical data collection as follows:
The sample collection period is defined. The statistics time period parameter is determined as the time during which samples are collected. The time is given in minutes. Allowed values are 15, 30, 45, and 60. The default value is 15. The sample collection interval is defined. The statistics time interval parameter is determined as how often samples are collected. The value is given in minutes. Allowed values are 1, 5, 15, 30, 45, and 60. The default value is 1. The operator could define e.g. if the user data volume during the last 1/15 minutes (last measurement collection period) exceeds 30 Mbits/300 Mbits, then the user (packet data protocol (PDP) context) shall be marked internally in the GGSN.
Embodiment 2: post processing and provisioning alternative
The operator has (automatic) charging data record post-processing tool (i.e. apparatus) that identifies TOP heavy users based on the transmitted data volumes in a given time.
If the tool monitors user activity based on thresholds and the transferred user data volume exceeds the defined threshold, the tool marks the user to the list of suspicious user. Typically, the threshold is a limit for data transfer per hour or day etc.
The tool may alternatively mark the users e.g. if the transmitted data volumes are considerably higher than other users in average where thresholds may be used as well. In such cases simply the heaviest users are marked.
After the tool marks the user, it provides the information to a user profile database that may be any profile server/lightweight database access protocol (LDAP) /remote authentication dial in user service (RADIUS) or policy server or even the home location register (HLR) . Either a new parameter could be used, or an existing quality of service profile of the user could be modified. The most practical way to update the profile database would be to use existing provisioning tools which the operator has. Hence, this tool may be somehow integrated to the operator's existing provisioning system. 2) According to certain embodiments of the present invention the downgrade of the quality of service and activation of deep packet inspection to the users identified as TOP heavy users can involve the following.
The gateway node receives an indication of a suspicious user at session start-up or knows it internally when it receives user information from a user profile database. If the user or the PDP context is marked to be suspicious, the gateway node immediately downgrades the quality of service by e.g. decreasing the maximum bit rate (MBR) and downgrading the traffic class for these users internally. That is, no PDP update over the Gn interface is performed. Further, also the differentiated services codepoint (DSCP) marking in the Gn interface may be based on this temporary gateway node internal quality of service.
At substantially the same time deep packet inspection is started for the user PDP context to confirm that any "unwanted" services are used.
If unwanted services are found during the measurement period, the session is continued with the downgraded quality of service. It is to be understood that also at this point the user will be marked in the subscription profile to be able to continue with reduced quality of service immediately after PDP context re-establishment.
To the contrary, if no unwanted services are found during the measurement period the original quality of service which is negotiated for the PDP context shall be allowed for the session. At this point, it is possible to removethe possible heavy user marking from the subscriber profile. However, if heavy service usage continues, it is an option that the operator double checks the subscriber service usage once in a while.
In case a list of suspicious user is available for a gateway node, it would reduce the amount of deep packet inspection/bandwidth management related processing as only a small number of data user traffic would be analyzed.
3) Eventually, certain embodiments of the present invention provide that a periodical checking is performed.
Specifically, a PDP context with downgraded quality of service is checked again after a period determined by the operator. If a misuse in the sense of using an "unwanted" application has ended, the original quality of service which is negotiated for the PDP context shall be allowed.
Alternatively, it can be considered to stop the internal modification of quality of service and to return to the original quality of service if network statistics show that congestion is over.
However, this alternative might be implemented particularly carefully in order not to stop the quality of service modification too early. The reason is that some oscillating ON/OFF effect may be started, since a P2P application would immediately consume all the available bandwidth, and thus measures may be implemented to prevent this.
According to certain embodiments of the present invention, an implementation in a gateway node such as (but not limited to) a gateway GPRS (general packet radio service) support node is considered advantageous. Though, in accordance with certain embodiments of the present invention, an implementation is considered to be useful in all 3rd generation partnership project (3GPP) networks and others. Accordingly, benefits can be achieved for e.g. mobile data networks, radio and core networks, deep packet inspection and bandwidth management functionalities, provisioning and subscriber database manufacturers.
For example, embodiments of the present invention may also be implemented in accordance with performing bandwidth management network usage control in the Gi interface (between the access network and the Internet) , and corresponding servers would also benefit a lot if user data volume information would be available. In this case deep user data inspection could focus only to most likely misuses (i.e. to respective users) and network capacity would be saved.
An implementation of embodiments of the present invention may be achieved by providing a computer program product embodied as a computer readable medium which stores instructions according to the above described embodiments.
Hereinafter, by referring to Fig. 1, an implementation example of certain embodiments of the present invention is described in detail.
Specifically, a gateway GPRS support node (GGSN) detects the used quota per subscriber during a definable time period. Counters for the used data can be tracked either internally by the GGSN or the used quota can be reported in the form of charging data records to a system involving e.g. servers providing the functions of post-processing, policy enforcement, balance holding and provisioning.
For also illustrating the above described second embodiment, Fig. 1 shows an online service controller as a post-processing tool for the charging data records (CDR) that identifies heavy users based on the transmitted data volume in a given time.
If the data volume exceeds an actively set threshold, the online service controller marks the user as "heavy user" and provides the information to a subscriber profile database .
After a heavy user is detected, the quality of service will be downgraded so that less bandwidth is given. The quality of service is upgraded back to an original value if unwanted service usage is not identified by performing deep packet inspection in the GGSN or in any other node.
Also a marking as heavy user can be removed from the subscriber profile at this point. However, in case heavy usage continues, the operator has the option to double check the subscriber service usage once in a while.
Next time the marked heavy user begins a session, lower quality of service will be given based on the user information stored in the subscriber profile data base, since the GGSN can query the subscriber profile database upon session initiation and find out about the marking as heavy user.
Thus, described above is an apparatus, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.
What is described above is what is presently considered to be preferred embodiments of the present invention. However, as is apparent to the skilled reader, these are provided for illustrative purposes only and are in no way intended to that the present invention is restricted thereto. Rather, it is the intention that all variations and modifications be included which fall within the spirit and scope of the appended claims.

Claims

Claims :
1. An apparatus, comprising: identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .
2. The apparatus according to claim 1, wherein the identification means is further configured to user-specifically count transmitted data volume and the actively set threshold defines a maximum data transfer volume per time period.
3. The apparatus according to claim 2, wherein the identification means is further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
4. The apparatus according to claim 1, wherein the identification means is further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
5. The apparatus according to any one of the preceding claims, wherein the quality of service modification means is further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
6. The apparatus according to claim 5, wherein the deep packet inspection means is further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
7. A system, comprising: identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .
8. The system according to claim 7, wherein the identification means is further configured to user-specifically count transmitted data volume and the actively set threshold defines a maximum data transfer volume per time period.
9. The system according to claim 8, wherein the identification means is further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.
10. The system according to claim 7, wherein the identification means is further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
11. The system according to any one of claims 7 to 10, wherein the quality of service modification means is further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
12. The system according to claim 11, wherein the deep packet inspection means is further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.
13. The system according to claim 10, further comprising provisioning means configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.
14. The system according to claim 13, where the threshold is set in relation to an average data transfer volume per time period of monitored user.
15. A method, comprising: identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service on said network connection which is actively set to represent a threshold exceeding application .
16. The method according to claim 15, further comprising user-specifically counting transmitted data volume, wherein the actively set threshold defines a maximum data transfer volume per time period.
17. The method according to claim 16, wherein the transmitted data volume is user-specifically counted for a fixed time period and in fixed intervals.
18. The method according to claim 15, further comprising receiving and referring to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.
19. The method according to any one of claims 15 to 19, further comprising restoring the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.
20. The method according to claim 19, further comprising periodically checking a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and actively setting a checking period.
21. The method according to claim 18, further comprising monitoring a data volume of a user and including the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and providing the record.
22. The method according to claim 21, further comprising setting the threshold in relation to an average data transfer volume per time period of monitored user.
23. A computer program product embodied as a computer readable medium storing instructions which comprise: identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service with said network connection which is actively set to represent a threshold exceeding application .
PCT/EP2008/061296 2008-08-28 2008-08-28 Suspicious heavy user handling Ceased WO2010022777A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/061296 WO2010022777A1 (en) 2008-08-28 2008-08-28 Suspicious heavy user handling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/EP2008/061296 WO2010022777A1 (en) 2008-08-28 2008-08-28 Suspicious heavy user handling

Publications (1)

Publication Number Publication Date
WO2010022777A1 true WO2010022777A1 (en) 2010-03-04

Family

ID=40545771

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/EP2008/061296 Ceased WO2010022777A1 (en) 2008-08-28 2008-08-28 Suspicious heavy user handling

Country Status (1)

Country Link
WO (1) WO2010022777A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811204A (en) * 2011-06-01 2012-12-05 普天信息技术研究院有限公司 Bearer control system and method based on deep packet inspection in packet core evolution

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006108282A1 (en) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. An application aware traffic shaping service node positioned between the access and core networks
EP1798914A1 (en) * 2005-12-13 2007-06-20 Alcatel Lucent Congestion control
WO2008061171A2 (en) * 2006-11-16 2008-05-22 Comcast Cable Holdings, Llc Process for abuse mitigation

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2006108282A1 (en) * 2005-04-13 2006-10-19 Zeugma Systems Canada, Inc. An application aware traffic shaping service node positioned between the access and core networks
EP1798914A1 (en) * 2005-12-13 2007-06-20 Alcatel Lucent Congestion control
WO2008061171A2 (en) * 2006-11-16 2008-05-22 Comcast Cable Holdings, Llc Process for abuse mitigation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102811204A (en) * 2011-06-01 2012-12-05 普天信息技术研究院有限公司 Bearer control system and method based on deep packet inspection in packet core evolution

Similar Documents

Publication Publication Date Title
EP3909204B1 (en) Technique for correlating network data analytics information
US8458767B2 (en) Methods, systems, and computer readable media for enhanced service detection and policy rule determination
US8694619B2 (en) Packet classification method and apparatus
CN109076013B (en) Packet switching service identification method and terminal
US8773981B2 (en) Systems and methods for dynamic congestion management in communications networks
CN102142990B (en) Business consumption monitoring method and apparatus
JP5855268B2 (en) Generating network statistics using a policy controller
KR101884048B1 (en) Methods and nodes for managing network resources as well as a corresponding system and computer program
CN106332183B (en) Flow control method, flow control processing device and terminal
US20130272197A1 (en) Technique for Introducing a Real-Time Congestion Status in a Policy Decision for a Cellular Network
US20130003566A1 (en) Method and Node for Controlling Bearer Related Resources as well as a Corresponding System and Computer Program
WO2014127812A1 (en) Adapting pcc rules to user experience
WO2014146502A1 (en) Radio access network congestion management method and apparatus, and congestion strategy management method and system
CN103298035A (en) Congestion control method and device
US20230370950A1 (en) Providing network slice admission control in a mobile network environment
US9397908B2 (en) Method, apparatus, and system for acquiring quality of service QoS control information
EP4315777B1 (en) Controlling user plane function (upf) load
CN109428781A (en) Session dosage monitoring and control method, server and storage medium
WO2010022777A1 (en) Suspicious heavy user handling
CN103856924B (en) PCC strategy achieving method and device
WO2025017363A1 (en) Data analytics for energy management
FR3043515A1 (en) METHOD FOR MANAGING NETWORK TRAFFIC RELATING TO A TERMINAL PRESENCE SIGNALING MECHANISM
WO2013174416A1 (en) Network usage event data record handling
WO2024246609A1 (en) Data analytics for low latency low loss scalable throughput
CN102439907A (en) Method and device for monitoring business volume

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 08787539

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 08787539

Country of ref document: EP

Kind code of ref document: A1