Overview
Explore a comprehensive framework for detecting threats in telecommunication networks in this 25-minute conference talk from Hack.lu 2017. Dive into the TIDS (Telecom IDS) monitoring system developed by POST Luxembourg to protect critical telecom infrastructure from abuses, DoS attacks, and security issues affecting subscribers. Learn about the framework's two main components: a data collector for live signaling data and an analytics app utilizing statistical and machine-learning methods. Discover how TIDS addresses vulnerabilities in telecom networks, including location tracking, spoofing, and interception. Gain insights into the actual technology stack, Diameter monitoring setup, and advanced data analytics techniques used for detecting anomalies and predicting threats. Understand the importance of regulation and data in telecom security, and explore methods for passively fingerprinting vendors and monitoring traffic rerouting.
Syllabus
Intro
Actual stack of technologies
TIDS global coverage
Diameter Monitoring - Actual setup
TIDS - Telecom IDS Diameter
Why building it
Monitored issues
IDR - Location tracking
Passively fingerprint vendors
Session-id vendor patterns
S6a Reset - Upgrade in progress
Spoofing - Topology hidding
Monitoring traffic rerouting
Behavior Analytics - Call SPAM
Advanced Data Analytics on Telecom Data
Regulation, data, and beyond
Predicting the present to detect anomalies
Clustering data to detect outliers
Questions?
Taught by
Cooper