Securing IMS against novel threats

Stefan Wahl; Konrad Rieck; Pavel Laskov; Peter Domschitz; Klaus Robert Müller

doi:10.1002/bltj.20365

Securing IMS against novel threats

Stefan Wahl, Konrad Rieck, Pavel Laskov, Peter Domschitz, Klaus Robert Müller

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

Original language	English
Pages (from-to)	243-257
Number of pages	15
Journal	Bell Labs Technical Journal
Volume	14
Issue number	1
DOIs	https://doi.org/10.1002/bltj.20365
Publication status	Published - 2009

ASJC Scopus subject areas

Electrical and Electronic Engineering

Access to Document

10.1002/bltj.20365

Cite this

@article{018f60de9b71485aab8e8d8e37474c29,

title = "Securing IMS against novel threats",

abstract = "Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.",

author = "Stefan Wahl and Konrad Rieck and Pavel Laskov and Peter Domschitz and M{\"u}ller, {Klaus Robert}",

year = "2009",

doi = "10.1002/bltj.20365",

language = "English",

volume = "14",

pages = "243--257",

journal = "Bell Labs Technical Journal",

issn = "1089-7089",

publisher = "John Wiley and Sons Inc.",

number = "1",

}

TY - JOUR

T1 - Securing IMS against novel threats

AU - Wahl, Stefan

AU - Rieck, Konrad

AU - Laskov, Pavel

AU - Domschitz, Peter

AU - Müller, Klaus Robert

PY - 2009

Y1 - 2009

N2 - Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

AB - Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

UR - http://www.scopus.com/inward/record.url?scp=66749192137&partnerID=8YFLogxK

U2 - 10.1002/bltj.20365

DO - 10.1002/bltj.20365

M3 - Article

AN - SCOPUS:66749192137

SN - 1089-7089

VL - 14

SP - 243

EP - 257

JO - Bell Labs Technical Journal

JF - Bell Labs Technical Journal

IS - 1

ER -

Securing IMS against novel threats

Abstract

ASJC Scopus subject areas

Access to Document

Other files and links

Fingerprint

Cite this