Securing IMS against novel threats

Stefan Wahl, Konrad Rieck, Pavel Laskov, Peter Domschitz, Klaus Muller

Research output: Contribution to journalArticle

8 Citations (Scopus)

Abstract

Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

Original languageEnglish
Pages (from-to)243-258
Number of pages16
JournalBell Labs Technical Journal
Volume14
Issue number1
DOIs
Publication statusPublished - 2009 Mar 1
Externally publishedYes

Fingerprint

Communication
Intrusion detection
Servers
Monitoring

ASJC Scopus subject areas

  • Electrical and Electronic Engineering

Cite this

Wahl, S., Rieck, K., Laskov, P., Domschitz, P., & Muller, K. (2009). Securing IMS against novel threats. Bell Labs Technical Journal, 14(1), 243-258. https://doi.org/10.1002/bltj.20365

Securing IMS against novel threats. / Wahl, Stefan; Rieck, Konrad; Laskov, Pavel; Domschitz, Peter; Muller, Klaus.

In: Bell Labs Technical Journal, Vol. 14, No. 1, 01.03.2009, p. 243-258.

Research output: Contribution to journalArticle

Wahl, S, Rieck, K, Laskov, P, Domschitz, P & Muller, K 2009, 'Securing IMS against novel threats', Bell Labs Technical Journal, vol. 14, no. 1, pp. 243-258. https://doi.org/10.1002/bltj.20365
Wahl S, Rieck K, Laskov P, Domschitz P, Muller K. Securing IMS against novel threats. Bell Labs Technical Journal. 2009 Mar 1;14(1):243-258. https://doi.org/10.1002/bltj.20365
Wahl, Stefan ; Rieck, Konrad ; Laskov, Pavel ; Domschitz, Peter ; Muller, Klaus. / Securing IMS against novel threats. In: Bell Labs Technical Journal. 2009 ; Vol. 14, No. 1. pp. 243-258.
@article{018f60de9b71485aab8e8d8e37474c29,
title = "Securing IMS against novel threats",
abstract = "Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.",
author = "Stefan Wahl and Konrad Rieck and Pavel Laskov and Peter Domschitz and Klaus Muller",
year = "2009",
month = "3",
day = "1",
doi = "10.1002/bltj.20365",
language = "English",
volume = "14",
pages = "243--258",
journal = "Bell Labs Technical Journal",
issn = "1089-7089",
publisher = "John Wiley and Sons Inc.",
number = "1",

}

TY - JOUR

T1 - Securing IMS against novel threats

AU - Wahl, Stefan

AU - Rieck, Konrad

AU - Laskov, Pavel

AU - Domschitz, Peter

AU - Muller, Klaus

PY - 2009/3/1

Y1 - 2009/3/1

N2 - Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

AB - Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

UR - http://www.scopus.com/inward/record.url?scp=66749192137&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=66749192137&partnerID=8YFLogxK

U2 - 10.1002/bltj.20365

DO - 10.1002/bltj.20365

M3 - Article

AN - SCOPUS:66749192137

VL - 14

SP - 243

EP - 258

JO - Bell Labs Technical Journal

JF - Bell Labs Technical Journal

SN - 1089-7089

IS - 1

ER -