The Analysis And Design Of Dpi-Based Telecommunications Business Monitoring System

With the rapid development of mobile Internet and the promotion of intelligent terminals, mobile-network has been increasingly popularized. Network’s open interconnection and information sharing, however, pose a certain threat to the telecommunications network security, so that content security, spam, business fraud and phone virus become growing serious problems. Both3GPP and OMA provide network and business security with a safety mechanism and framework. But the defects of protocol, the holes in service and the imperfectness of security system make the security issues of the telecommunications business endless, so an automatic analysis of content-based monitoring system is urgently needed, which can analyze, filter and protect the telecommunications business, and enhance the security and quality of the telecommunications business.With respect to the security status and needs of the telecommunications network, the paper designs an application of DPI technology which uses lightweight open source intrusion detection system Snort as the underlying framework, so that without affecting the performance of the mobile communication network we can analysis and record user online behavior, curb the spread of bad information, and alarm and block unsafe business behavior. Through monitoring GPRS Internet browsing and WAP order business, the system can detect browsing objectionable information, malicious order and other irregular business behavior, thus it effectively protects the safety of telecommunication services and improves the user experience.This paper mainly embraces the following work:1. The theory research of the basic principles and processes of the mobile Internet, GPRS system and WAP technology, the analysis of the principles and architecture of intrusion detection system snort, and deploying it in the telecommunications network for reasonable business content analysis.2. Studying DPI technology, combining data packet detection with protocol analysis, from the mixed telecommunication network traffic quickly identifying the service traffic which needs analysis.3. Analyzing browsing objectionable information and malicious order two behaviors’detection methods, proposing the blocking strategy and implementation process. For the browser business, the system, by analyzing the GTP protocol, obtains user information and browsing content, and uses URL or keyword blacklist to filter bad information. For WAP ordering, the system parses the RADIUS protocol and compares it with before and after order packets which go through the WAP gateway, and if inconsistent, it is malicious order. In addition, the system makes use of constructing simulation package to block the way and thus interrupt the illegal business behavior.4. In order to cope with the high-speed telecommunications network environment’s monitoring demand, several measures like zero-copy technology, binding buffer queue with multi-threading technology, optimizing the matching pattern and applying AC-WM multi-pattern matching algorithm are proposed to improve the efficiency and performance of the system.5. Based on completion of the detailed design, making initial coding implementation and test on the system.