Research And Design Of The Vulnerability Automated Assessment Of The IMS Network

As the core network infrastructure of the next generation network, IMS (IP Multimedia Subsystem) is designed to fill the gap between the existing traditional telecommunication technology and Internet technology over an all IP based network. This will enable operators to deploy new services, to provide users rich and flexible personalized services, and also to create enormous benefit. However, the security problems of the IMS are exposing while the network is being comprehensively constructed at the same time. In order to know the security status of the networks and find out the vulnerabilities comprehensively, it's necessary to research on the vulnerability assessment of the IMS. Nowadays there is already some research on vulnerability assessment of computer networks, but it could not be used on the IMS because the characteristics of the IMS have not been considered. And there is nearly nothing on the research of vulnerability assessment of the IMS. Therefore, this thesis is to research the assessment method of the IMS's security status from the vulnerability's aspect.Firstly, the general state of the art of the vulnerability assessment related technologies are introduced, and also the problems when aiming at the IMS network's automated assessment. And from these, the research idea is more clear.And then, an automated vulnerability assessment method of the IMS network is proposed aiming at its own features. At first, the thesis gives the single vulnerability assessment method in the IMS referring to the CVSS (Common Vulnerability Scoring System) assessment method, which is a single vulnerability's score from the vulnerability's own perspective. Then the comprehensive assessment of the network which is based on the cost and consequence of exploiting the vulnerability from the attacker's perspective is proposed in the thesis. In the comprehensive assessment part, the thesis gives the method to get the score of every single vulnerability based on the "cost - consequence" of exploiting it by using AHP (Analytic Hierarchy Process) algorithm referring to both the CVSS and TVRA (Threat, Vulnerability and Risk Analysis) at first; and then, assign the value of the "edge" in the attack graph which is automated generated based on the model detector; after this, the final comprehensive vulnerability assessment score of the IMS network will be calculated from the attack graph with the value.Finally, the thesis designs the vulnerability automated assessment component of the IMS network based on the research above. In this part, the thesis introduces the sub modules of the component, and emphasizes the design of the Logical Function Module which is to excute the fuction logic.