The Research Of IMS Network Vulnerability Analysis Model And Vulnerability Detection Technology

IP Multimedia Subsystem, is a common platform based on IP technology, which can provide multimedia services, is the direction of fixed network and mobile network convergence evolution. IMS has the feacture of completely separate of service, control and bearer, centralized management of user profile, independence of access technology, flexible business trigger mechanism and open API, has been accepted by other standardization organizations, becomes the core control layer of next generation network. In Europe and Asia-Pacific areas, operators are stepping up the deployment of IMS.IMS has the feature of opening, merging and IP-based, which brings a major security issues that different from traditional network, strengthen the research work about the vulnerability analysis and detection for IMS is very significance. This paper gives a comprehensive analysis and comparison of the industry-common vulnerability analysis model, based on it and with IMS network's actual situation, builds a comprehensive vulnerability analysis model. This model defines attributes of Security Objective, Asset, Weakness, Threat Family, Threat, Location and Unwanted Incident, also gives a clear definition for the concept of IMS network's vulnerability, makes an in-depth analysis of the security objectives, network assets, inherent weaknesses and unwanted incidents of IMS, and puts forward a method for threat classification. This paper makes an E-R model for the comprehensive vulnerability analysis model, and establishes IMS vulnerability knowledge base.This paper also makes a study about the detection techniques for the vulnerability of IMS network, designs and develops IMS network vulnerability detection system based on C/S structure, and integrates with vulnerability base, and detailed vulnerability reports can be generated based on vulnerability test results. And use the detection system make a vulnerability test for open-source IMS (OpenIMSCore).Finally, the paper made a number of possible solutionson how to compensate for IMS network vulnerability. Puts forward a new security entity ASCF, and make a description on how to protect the IMS network security from the signaling, media and authentication level. Research results of this paper can provide basic information for IMS network's security assessment, and give a reference value for the safe deployment of IMS network, and it has certain significance for improving the security level of IMS.