SS7 Vulnerabilities - A Survey and Implementation of Machine Learning vs Rule Based Filtering for Detection of SS7 Network Attacks

The Signalling System No. 7 (SS7) is used in GSM/UMTS telecommunication technologies for signalling and management of communication. It was designed on the concept of private boundary walled technology having mutual trust between few national/multinational operators with no inherent security controls in 1970s. Deregulation, expansion, and merger of telecommunication technology with data networks have vanquished the concept of boundary walls hence increasing the number of service providers, entry points, and interfaces to the SS7 network, which made it vulnerable to serious attacks. The SS7 exploits can be used by attackers to intercept messages, track a subscriber's location, tape/redirect calls, adversely affect disaster relief operations, drain funds of individuals from banks in combination with other methods and send billions of spam messages. This paper provides a comprehensive review of the SS7 attacks with detailed methods to execute attacks, methods to enter the SS7 core network, and recommends safeguards against the SS7 attacks. It also provides a machine learning based framework to detect anomalies in the SS7 network which is compared with rule based filtering. It further presents a conceptual model for the defense of network.