Detecting SS7 Attacks in the Telecommunication Infrastructure Using SIEM
Author
Term
4. semester
Education
Publication year
2025
Submitted on
2025-06-03
Pages
45
Abstract
Every year multiple attacks are carried out over the global network infrastructure without being detected due to the trust based nature of the SS7 protocol suite. This thesis aims to develop an automated identification mechanism using a SIEM system to detect two location tracking attacks carried out using SS7 protocols. Network simulations of different operators interacting with each other have been used to generate network logs consisting of isolated attacks, but also a realistic scenario in which regular traffic was also being exchanged. Based on the attack patterns that have been identified, a search for each attack was first defined, then tested on the isolated scenario, and finally on the realistic simulation to determine their accuracy. The execution of such searches has then been configured to periodically run each day and notify the appropriate roles in case of a detection.
Documents