Field of the Invention

The present invention relates to an apparatus, system and method for controlling network usage by detecting use of unwanted bandwidth-hungry applications.

Related Background Art

With the evolving Internet environment a number of bandwidth intensive applications are nowadays popular which are demanded over any access technology.

However, there is a tendency that few of such bandwidth intensive applications consume the most of the provided broadband bandwidth. One of the most popular among them is peer-to-peer (P2P) traffic for downloads of music, games, videos and other content. This leads to network congestion by few users, while the majority of other users suffer from a reduced bandwidth.

In cellular networks the problem can be even worse, where the provision of faster access technologies, such as 3 ^rd generation and high speed packet access (HSPA) , combined with attractive charging models (flat fee, monthly subscription) is attracting more and more mobile data users. One major limiting factor in mobile networks today is the throughput (packets per second) capability.

However, few active users can easily congest radio cells if e.g. peer-to-peer traffic consumes all the available capacity leading to a situation where the network service quality is perceived poor by all users in that cell. Accordingly, the exceptional and unexpected packet data traffic growth has lead to the situation where operators need to control their mobile data network usage.

Though, at present, the operator has no means to dynamically control the usage of such services.

One obvious way to improve the situation is to increase the radio network capacity and add new hardware.

However, this is naturally costly for the operator and can only prolong the problem at best, since data services are capacity hungry by nature and tend to eat all the offered/available capacity.

Another method is to perform a bandwidth management where it is given less capacity for certain users or services, but at present it is possible to do that only on network level, not on radio cell level.

However, performing a bandwidth management for all users is not feasible due to its nature of loading central processing units (CPU) heavily, although some state-of-the-art gateway GPRS support nodes (GGSN) support such network level bandwidth management.

Summary of the Invention

Therefore, it is an object of the present invention to overcome the problems described above.

According to a first aspect of the present invention, there is provided an apparatus, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Certain modifications of the apparatus according to the first aspect may include the following.

The apparatus may be suitable for providing bandwidth management .

The identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.

The identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.

The identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.

The quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means. The deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set.

According to a second aspect of the present invention, there is provided an apparatus, comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application .

Certain modifications of the apparatus according to the second aspect may correspond to the modifications of the apparatus according to the first aspect set forth above.

According to a third aspect of the present invention, there is provided a system, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Certain modifications of the system according to the third aspect may include the following.

The system may be suitable for providing bandwidth management .

The identification means can be further configured to user-specifically count transmitted data volume and the actively set threshold can define a maximum data transfer volume per time period.

The identification means can be further configured to user-specifically count transmitted data volume for a fixed time period and in fixed intervals.

The identification means can be further configured to receive and refer to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.

The quality of service modification means can be further configured to restore the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.

The deep packet inspection means can be further configured to periodically check a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and to have a checking period actively set. The system can further comprise provisioning means configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means.

The threshold can be set in relation to an average data transfer volume per time period of monitored user.

According to a fourth aspect of the present invention, there is provided a system, comprising an identification processor configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; a quality of service modification controller configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and a deep packet inspection processor configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

Certain modifications of the system according to the fourth aspect may correspond to the modifications of the system according to the third aspect set forth above.

In particular, the system can further comprise a provisioning tool configured to monitor a data volume of a user and to include the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and to provide the record to the identification means. The threshold can be set in relation to an average data transfer volume per time period of monitored user.

According to a fifth aspect of the present invention, there is provided a method, comprising identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service on said network connection which is actively set to represent a threshold exceeding application .

Certain modifications of the method according to the fifth aspect may include the following.

The method may be capable of providing bandwidth management .

The method can further comprise user-specifically counting transmitted data volume, wherein the actively set threshold defines a maximum data transfer volume per time period.

The transmitted data volume can be user-specifically counted for a fixed time period and in fixed intervals.

The can further comprise receiving and referring to a record listing user corresponding to a bandwidth consumption of a network connection which exceeds the actively set threshold.

The method can further comprise restoring the initially negotiated quality of service to a network connection of the user if no threshold exceeding application is detected by the deep packet inspection means.

The method can further comprise periodically checking a network connection of the user where a threshold exceeding application is detected if the threshold exceeding application is still present, and actively setting a checking period.

The method can further comprise monitoring a data volume of a user and including the user to the record if an actively set threshold is exceeded which is defined by a maximum data transfer volume per time period, and providing the record.

The method can further comprise setting the threshold in relation to an average data transfer volume per time period of monitored user.

According to a sixth aspect of the present invention, there is provided a computer program product embodied as a computer readable medium storing instructions which comprise identifying a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; downgrading a quality of service for a network connection of said user below an initially negotiated quality of service; and activating deep packet inspection to a network connection of said user and detecting by deep packet inspection a service with said network connection which is actively set to represent a threshold exceeding application.

Certain modifications of the computer program product according to the sixth aspect may correspond to the modifications of the method according to the fifth aspect set forth above.

Brief Description of the Drawings

Other objects, aspects, features and advantages of the present invention are apparent from the following description of the embodiments thereof which is to be taken in conjunction with the accompanying drawings, in which:

Fig. 1 shows an implementation example for certain embodiments of the present invention.

Description of the preferred Embodiments

In the following, description will be made to what are presently considered to be preferred embodiments of the present invention. It is to be understood, however, that the description is given by way of example only, and that the described embodiments are by no means to be understood as limiting the present invention thereto.

For example, embodiments of the present invention are presently considered to be particularly useful in 3 ^rd generation partnership project (3GPP) radio access networks such as GSM EDGE radio access networks (GERAN) and UMTS terrestrial radio access networks (UTRAN) as well as in long term evolution (LTE) and system architecture evolution (SAE) networks, where EDGE refers to enhanced data rates for GSM evolution, GSM refers to global system for mobile communications, and UMTS refers to universal mobile .

However, certain embodiments of the present invention are also applicable to any other network where bandwidth management and/or network usage control is used like in fixed broadband networks (e.g. with respect to a broadband remote access server - BRAS - and/or a broadband network gateway - BNG) , in WiMAX (worldwide interoperability for microwave access) networks (e.g. with respect to an access service network gateway/home agent) etc or any internet protocol edge/border gateway product that analyzes user data .

According to certain embodiments of the present invention, implementation examples comprise the following functionalities :

— Identifying TOP heavy users;

— Downgrading quality of service and activating deep packet inspection to these users; and

— Checking used applications periodically and removing quality of service limitation when restricted applications are used no more.

Specifically, those users which generate most of the network load are identified and subjected to a by-default downgraded quality of service at the session start-up.

Simultaneously, deep packet inspection (DPI) is started for those users, and should the services be other than peer-to-peer, the original quality of service is returned. After the quality of service downgrade the "unwanted" applications cannot congest the core network (CN) or radio access network (RAN) .

According to certain embodiments of the present invention, the identification of heavy users can be based on charging data record (CDR) data volumes, statistics or for example some internal counters in a gateway node such as a GGSN. Alternatively, a list of suspicious user could be provided which can take place using existing provisioning tools of the operator.

In the following, the implementation examples identified above are described in more detail.

1) The identification of TOP heavy users can include an offline analysis of collected statistics. This can be done based on collected data of charging data records (CDR) or gateway node internal statistical data.

Embodiment 1 : gateway node internal alternative

The gateway node can count and compare users internally based on the currently existing subscriber specific data volume counters which are e.g. used in generating charging data records (CDR) .

The operator could define thresholds which the gateway node should check before it resets this internal counter and increments the charging data record (CDR) data volume.

Currently, an operator can configure a GGSN statistical data collection as follows:

The sample collection period is defined. The statistics time period parameter is determined as the time during which samples are collected. The time is given in minutes. Allowed values are 15, 30, 45, and 60. The default value is 15. The sample collection interval is defined. The statistics time interval parameter is determined as how often samples are collected. The value is given in minutes. Allowed values are 1, 5, 15, 30, 45, and 60. The default value is 1. The operator could define e.g. if the user data volume during the last 1/15 minutes (last measurement collection period) exceeds 30 Mbits/300 Mbits, then the user (packet data protocol (PDP) context) shall be marked internally in the GGSN.

Embodiment 2: post processing and provisioning alternative

The operator has (automatic) charging data record post-processing tool (i.e. apparatus) that identifies TOP heavy users based on the transmitted data volumes in a given time.

If the tool monitors user activity based on thresholds and the transferred user data volume exceeds the defined threshold, the tool marks the user to the list of suspicious user. Typically, the threshold is a limit for data transfer per hour or day etc.

The tool may alternatively mark the users e.g. if the transmitted data volumes are considerably higher than other users in average where thresholds may be used as well. In such cases simply the heaviest users are marked.

After the tool marks the user, it provides the information to a user profile database that may be any profile server/lightweight database access protocol (LDAP) /remote authentication dial in user service (RADIUS) or policy server or even the home location register (HLR) . Either a new parameter could be used, or an existing quality of service profile of the user could be modified. The most practical way to update the profile database would be to use existing provisioning tools which the operator has. Hence, this tool may be somehow integrated to the operator's existing provisioning system. 2) According to certain embodiments of the present invention the downgrade of the quality of service and activation of deep packet inspection to the users identified as TOP heavy users can involve the following.

The gateway node receives an indication of a suspicious user at session start-up or knows it internally when it receives user information from a user profile database. If the user or the PDP context is marked to be suspicious, the gateway node immediately downgrades the quality of service by e.g. decreasing the maximum bit rate (MBR) and downgrading the traffic class for these users internally. That is, no PDP update over the Gn interface is performed. Further, also the differentiated services codepoint (DSCP) marking in the Gn interface may be based on this temporary gateway node internal quality of service.

At substantially the same time deep packet inspection is started for the user PDP context to confirm that any "unwanted" services are used.

If unwanted services are found during the measurement period, the session is continued with the downgraded quality of service. It is to be understood that also at this point the user will be marked in the subscription profile to be able to continue with reduced quality of service immediately after PDP context re-establishment.

To the contrary, if no unwanted services are found during the measurement period the original quality of service which is negotiated for the PDP context shall be allowed for the session. At this point, it is possible to removethe possible heavy user marking from the subscriber profile. However, if heavy service usage continues, it is an option that the operator double checks the subscriber service usage once in a while.

In case a list of suspicious user is available for a gateway node, it would reduce the amount of deep packet inspection/bandwidth management related processing as only a small number of data user traffic would be analyzed.

3) Eventually, certain embodiments of the present invention provide that a periodical checking is performed.

Specifically, a PDP context with downgraded quality of service is checked again after a period determined by the operator. If a misuse in the sense of using an "unwanted" application has ended, the original quality of service which is negotiated for the PDP context shall be allowed.

Alternatively, it can be considered to stop the internal modification of quality of service and to return to the original quality of service if network statistics show that congestion is over.

However, this alternative might be implemented particularly carefully in order not to stop the quality of service modification too early. The reason is that some oscillating ON/OFF effect may be started, since a P2P application would immediately consume all the available bandwidth, and thus measures may be implemented to prevent this.

According to certain embodiments of the present invention, an implementation in a gateway node such as (but not limited to) a gateway GPRS (general packet radio service) support node is considered advantageous. Though, in accordance with certain embodiments of the present invention, an implementation is considered to be useful in all 3 ^rd generation partnership project (3GPP) networks and others. Accordingly, benefits can be achieved for e.g. mobile data networks, radio and core networks, deep packet inspection and bandwidth management functionalities, provisioning and subscriber database manufacturers.

For example, embodiments of the present invention may also be implemented in accordance with performing bandwidth management network usage control in the Gi interface (between the access network and the Internet) , and corresponding servers would also benefit a lot if user data volume information would be available. In this case deep user data inspection could focus only to most likely misuses (i.e. to respective users) and network capacity would be saved.

An implementation of embodiments of the present invention may be achieved by providing a computer program product embodied as a computer readable medium which stores instructions according to the above described embodiments.

Hereinafter, by referring to Fig. 1, an implementation example of certain embodiments of the present invention is described in detail.

Specifically, a gateway GPRS support node (GGSN) detects the used quota per subscriber during a definable time period. Counters for the used data can be tracked either internally by the GGSN or the used quota can be reported in the form of charging data records to a system involving e.g. servers providing the functions of post-processing, policy enforcement, balance holding and provisioning.

For also illustrating the above described second embodiment, Fig. 1 shows an online service controller as a post-processing tool for the charging data records (CDR) that identifies heavy users based on the transmitted data volume in a given time.

If the data volume exceeds an actively set threshold, the online service controller marks the user as "heavy user" and provides the information to a subscriber profile database .

After a heavy user is detected, the quality of service will be downgraded so that less bandwidth is given. The quality of service is upgraded back to an original value if unwanted service usage is not identified by performing deep packet inspection in the GGSN or in any other node.

Also a marking as heavy user can be removed from the subscriber profile at this point. However, in case heavy usage continues, the operator has the option to double check the subscriber service usage once in a while.

Next time the marked heavy user begins a session, lower quality of service will be given based on the user information stored in the subscriber profile data base, since the GGSN can query the subscriber profile database upon session initiation and find out about the marking as heavy user.

Thus, described above is an apparatus, comprising identification means configured to identify a user corresponding to a bandwidth consumption of a network connection which exceeds an actively set threshold; quality of service modification means configured to downgrade a quality of service for a network connection of said user below an initially negotiated quality of service; and deep packet inspection means configured to be activated to a network connection of said user and to detect a service on said network connection which is actively set to represent a threshold exceeding application.

What is described above is what is presently considered to be preferred embodiments of the present invention. However, as is apparent to the skilled reader, these are provided for illustrative purposes only and are in no way intended to that the present invention is restricted thereto. Rather, it is the intention that all variations and modifications be included which fall within the spirit and scope of the appended claims.