SS7 Vulnerabilities—A Survey and Implementation of Machine Learning vs Rule Based Filtering for Detection of SS7 Network Attacks

Ullah, Kaleem; Rashid, Imran; Afzal, Hammad; Iqbal, Waseem; Bangash, Yawar Abbas; Abbas, Haider

doi:10.1109/comst.2020.2971757

Cited by 179 publications

(62 citation statements)

References 46 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…While TRM has been investigated in access networks, it has not been well investigated in core networks. This is because core networks are traditionally closed trusted networks established by national or multinational corporations on the basis of trust among network operators [44]. Since the core networks are accessed by a few trusted network operators only, security measures are not incorporated in some core networks (e.g., SS7 core networks [44]).…”

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

“…This is because core networks are traditionally closed trusted networks established by national or multinational corporations on the basis of trust among network operators [44]. Since the core networks are accessed by a few trusted network operators only, security measures are not incorporated in some core networks (e.g., SS7 core networks [44]). Moreover, core networks can reject packets from malicious entities in the access networks [51].…”

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

“…However, the belief of core networks being closed trusted networks is no longer safe with the convergence and incorporation of new technologies, as well as deregulation, and some works, particularly the application layer solutions, have emerged recently [44]. While our focus is the access network, we have provided some open issues related to the core networks, particularly addressing security vulnerabilities in network virtualization in Section VI-A.…”

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

See 2 more Smart Citations

Trust and Reputation Management for Securing Collaboration in 5G Access Networks: The Road Ahead

et al. 2020

View full text Add to dashboard Cite

Trust represents the belief or perception of an entity, such as a mobile device or a node, in the extent to which future actions and reactions are appropriate in a collaborative relationship. Reputation represents the network-wide belief or perception of the trustworthiness of an entity. Each entity computes and assigns a trust or reputation value, which increases and decreases with the appropriateness of actions and reactions, to another entity in order to ensure a healthy collaborative relationship. Trust and reputation management (TRM) has been investigated to improve the security of traditional networks, particularly the access networks. In 5G, the access networks are multi-hop networks formed by entities which may not be trustable, and so such networks are prone to attacks, such as Sybil and crude attacks. TRM addresses such attacks to enhance the overall network performance, including reliability, scalability, and stability. Nevertheless, the investigation of TRM in 5G, which is the next-generation wireless networks, is still at its infancy. TRM must cater for the characteristics of 5G. Firstly, ultra-densification due to the exponential growth of mobile users and data traffic. Secondly, high heterogeneity due to the different characteristics of mobile users, such as different transmission characteristics (e.g., different transmission power) and different user equipment (e.g., laptops and smartphones). Thirdly, high variability due to the dynamicity of the entities' behaviors and operating environment. TRM must also cater for the core features of 5G (e.g., millimeter wave transmission, and device-to-device communication) and the core technologies of 5G (e.g., massive MIMO and beamforming, and network virtualization). In this paper, a review of TRM schemes in 5G and traditional networks, which can be leveraged to 5G, is presented. We also provide an insight on some of the important open issues and vulnerabilities in 5G networks that can be resolved using a TRM framework.

show abstract

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

Section: Which Part Of the 5g Network Uses Trm In Lower Layers?mentioning

confidence: 99%

See 1 more Smart Citation

Trust and Reputation Management for Securing Collaboration in 5G Access Networks: The Road Ahead

et al. 2020

View full text Add to dashboard Cite

show abstract

“…The existing intrusion detection methods mainly use K-means clustering, decision trees, random forest, ANN, and generic rule-based filtering algorithm. The feature sets used by these methods are; distance travelled since the previous location, location update frequency, elapsed time since the previous location update message request, network the message originates from, and message request size [7][8][9]. Although, rule-based filtering algorithms outperform other machine learning algorithms mentioned above in terms of better accuracy and detection rate with decreased false alarm rates.…”

Section: Introductionmentioning

confidence: 99%

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

Afzal¹,

Murugesan²

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

The global Signalling System No. 7 (SS7) network protocol standard has been developed and regulated based only on trusted partner networks. The SS7 network protocol by design neither secures the communication channel nor verifies the entire network peers. The SS7 network protocol used in telecommunications has deficiencies that include verification of actual subscribers, precise location, subscriber's belonging to a network, absence of illegitimate message filtering mechanism, and configuration deficiencies in home routing networks. Attackers can take advantage of these deficiencies and exploit them to impose threats such as subscriber or network data disclosure, intercept mobile traffic, perform account frauds, track subscriber location, and deny services. Existing methods are unable to identify suspicious hosts as they use a minimal number of network parameters. So, there is a vital need to overcome these deficiencies to detect the abnormal behaviour of users and hence mitigate security attacks in a mobile network. This research proposes a model for anomaly detection in mobile networks based on Rule-based filtering with stateful correlation. The performance of the proposed method is evaluated using synthetic datasets. Results show that the proposed anomaly detection model performs 0.37% better in terms of security attack detection rate, 24.25% better in terms of false alarm rate, and 31.45% better in terms of true positive rate when compared with the existing pattern recognition Artificial Neural Network (ANN) algorithm.

show abstract

“…Intrusion Detection Systems (IDSes) play a critical role in the security of networked systems by monitoring and detecting malicious attacks against systems [3]. Machine Learning (ML) algorithms can assists an IDS to continuously learn and adapt to changes based on known attacks and to improve detection accuracy [9,10,13,19]. However, despite the benefits offered by the ML approaches, attackers with knowledge about the type of the model or the working/design of the system, can exploit weaknesses in the algorithm and evade the defense mechanism put in place.…”

Section: A Framework For Generating Evasion Attacks For Machine Learning Based Network Intrusion Detection Systems 1 Introductionmentioning

confidence: 99%

A Framework for Generating Evasion Attacks for Machine Learning based Network Intrusion Detection Systems

Mogg¹,

Enoch²,

Kim³

2021

Preprint

View full text Add to dashboard Cite

<p>Intrusion Detection System (IDS) plays a vital role in detecting anomalies and cyber-attacks in networked systems. However, sophisticated attackers can manipulate the IDS’ attacks samples to evade possible detection. In this paper, we present a network-based IDS and investigate the viability of generating interpretable evasion attacks against the IDS through the application of a machine learning technique and an evolutionary algorithm. We employ a genetic algorithm to generate optimal attack features for certain attack categories, which are evaluated against a decision tree-based IDS in terms of their fitness measurements. To demonstrate the feasibility of our approach, we perform experiments based on the NSL-KDD dataset and analyze the algorithm performance. </p> <p> </p>

show abstract

SS7 Vulnerabilities—A Survey and Implementation of Machine Learning vs Rule Based Filtering for Detection of SS7 Network Attacks

Cited by 179 publications

References 46 publications

Trust and Reputation Management for Securing Collaboration in 5G Access Networks: The Road Ahead

Trust and Reputation Management for Securing Collaboration in 5G Access Networks: The Road Ahead

Rule-Based Anomaly Detection Model with Stateful Correlation Enhancing Mobile Network Security

A Framework for Generating Evasion Attacks for Machine Learning based Network Intrusion Detection Systems

Contact Info

Product

Resources

About