Securing IMS against novel threats

Fixed mobile convergence (FMC) based on the 3GPP IP Multimedia Subsystem (IMS) is considered one of the most important communication technologies of this decade. Yet this all-IP-based network technology brings about the growing danger of security vulnerabilities in communication and data services. Protecting IMS infrastructure servers against malicious exploits poses a major challenge due to the huge number of systems that may be affected. We approach this problem by proposing an architecture for an autonomous and self-sufficient monitoring and protection system for devices and infrastructure inspired by network intrusion detection techniques. The crucial feature of our system is a signature-less detection of abnormal events and zero-day attacks. These attacks may be hidden in a single message or spread across a sequence of messages. Anomalies identified at any of the network domain's ingresses can be further analyzed for discriminative patterns that can be immediately distributed to all edge nodes in the network domain.

[1]  Salvatore J. Stolfo,et al.  A data mining framework for building intrusion detection models , 1999, Proceedings of the 1999 IEEE Symposium on Security and Privacy (Cat. No.99CB36344).

[2]  Mauricio Cortes,et al.  On SIP performance , 2004, Bell Labs Technical Journal.

[3]  Salvatore J. Stolfo,et al.  Anagram: A Content Anomaly Detector Resistant to Mimicry Attack , 2006, RAID.

[4]  Gunnar Rätsch,et al.  An introduction to kernel-based learning algorithms , 2001, IEEE Trans. Neural Networks.

[5]  Michael Benedikt,et al.  Stream firewalling of xml constraints , 2008, SIGMOD Conference.

[6]  Robert P. W. Duin,et al.  Support vector domain description , 1999, Pattern Recognit. Lett..

[7]  Georg Mayer,et al.  The IMS: IP Multimedia Concepts and Services , 2004 .

[8]  Michael Scharf,et al.  Measurement of the SIP Parsing Performance in the SIP Express Router , 2007, EUNICE.

[9]  Cullen Jennings,et al.  The Session Initiation Protocol (SIP) and Spam , 2008, RFC.

[10]  Klaus-Robert Müller,et al.  Incremental Support Vector Learning: Analysis, Implementation and Applications , 2006, J. Mach. Learn. Res..

[11]  Muhammad Sher,et al.  Secure Service Provisioning (SSP) framework for IP Multimedia Subsystem (IMS) , 2008 .

[12]  Gerard Salton,et al.  A vector space model for automatic indexing , 1975, CACM.

[13]  Thorsten Joachims,et al.  Learning to classify text using support vector machines - methods, theory and algorithms , 2002, The Kluwer international series in engineering and computer science.

[14]  S. Wahl,et al.  ScaleNet – Converged Networks of the Future , .

[15]  Christopher Krügel,et al.  Service specific anomaly detection for network intrusion detection , 2002, SAC '02.

[16]  Konrad Rieck,et al.  Linear-Time Computation of Similarity Measures for Sequential Data , 2008, J. Mach. Learn. Res..

[17]  Bernhard Schölkopf,et al.  Nonlinear Component Analysis as a Kernel Eigenvalue Problem , 1998, Neural Computation.

[18]  Konrad Rieck,et al.  Language models for detection of unknown attacks in network traffic , 2006, Journal in Computer Virology.

[19]  Konrad Rieck,et al.  Detecting Unknown Network Attacks Using Language Models , 2006, DIMVA.