AAU Student Projects - visit Aalborg University's student projects portal
A master's thesis from Aalborg University
Book cover


Detecting SS7 Attacks in the Telecommunication Infrastructure Using SIEM

Author

Term

4. semester

Education

Computer Engineering, Master

Publication year

2025

Pages

45

Abstract

Mobilnet bruger stadig SS7 (Signaling System No. 7), et årtier gammelt sæt signaleringsprotokoller, der bygger på, at operatører kan stole på hinanden. Den tillid kan misbruges, så nogle angreb ikke opdages. Dette speciale udvikler en automatiseret metode til at identificere to typer lokationssporingsangreb, der udnytter SS7, ved hjælp af et SIEM-system (Security Information and Event Management). Metoden opretter netværkssimulationer, hvor forskellige operatører udveksler signaleringsbeskeder. Simulationerne genererer logfiler for to scenarier: (1) isolerede angreb og (2) et mere realistisk mix af normal og skadelig trafik. Ud fra de karakteristiske mønstre for hvert angreb defineres en søgning (forespørgsel) for at opdage dem. Hver søgning testes først på det isolerede scenarie og derefter på den realistiske simulation for at vurdere nøjagtigheden. Til sidst planlægges søgningerne til at køre dagligt i SIEM-systemet og til at underrette de relevante roller ved en mulig registrering.

Mobile networks still use SS7 (Signaling System No. 7), a decades-old set of signaling protocols that assumes operators can trust one another. That trust can be abused, allowing some attacks to go undetected. This thesis develops an automated way to identify two kinds of location-tracking attacks that misuse SS7, using a SIEM (Security Information and Event Management) system. The approach builds network simulations where different operators exchange signaling messages. These simulations produce logs for two settings: (1) isolated attacks and (2) a more realistic mix of normal and malicious traffic. Based on the characteristic patterns of each attack, a detection search (query) is defined, tested first on the isolated scenario and then on the realistic simulation to assess accuracy. Finally, the searches are scheduled to run daily in the SIEM and to alert the relevant roles when a potential attack is detected.

[This summary has been rewritten with the help of AI based on the project's original abstract]

Documents

Download
View record in AAU Student Projects