AI-Assisted Anomaly Detection for Cybersecurity in IMS Core Networks: A KPI-Driven Study Based on Real-World Telecom Data
Downloads
In modern IP Multimedia Subsystem (IMS) core networks, the detection and prevention of cybersecurity threats remain a critical challenge due to the dynamic nature of signaling traffic and the increasing complexity of infrastructure. This paper proposes an AI-assisted anomaly detection approach based on statistical modeling of key performance indicators (KPIs) collected from real-world telecom networks over a one-month period. The analysis targets multiple IMS elements across two major network regions, focusing on Call Setup Success Rate and Total Traffic (Erlang). A contextual z-score model was implemented in MATLAB to monitor these KPIs per hour, enabling the identification of time-based deviations without relying on static thresholds. An alert logic was added to mark days with excessive anomaly rates (>5%) as potentially suspicious. A major traffic spike detected on March 1st is analyzed as a case study, suggesting a possible signaling flood or operational event. The results demonstrate the feasibility of unsupervised anomaly detection in IMS environments, providing early warning signals for cybersecurity-related incidents. This KPI-driven methodology can be extended with advanced AI models for predictive alerting and integration with network management systems.
Downloads
E. E. Anderlind et al., "IMS security," in Bell Labs Technical Journal, vol. 11, no. 1, pp. 37-58, Spring 2006, doi: 10.1002/bltj.20143.
H. Pant, A. R. McGee, U. Chandrashekhar and S. H. Richman, "Optimal availability and security for IMS-based VoIP networks," in Bell Labs Technical Journal, vol. 11, no. 3, pp. 211-223, Fall 2006, doi: 10.1002/bltj.20190.
B. Soewito, O. D. Saiman and F. E. Gunawan, "Internet Protocol Multimedia Subsystem Security Risk Mitigation In Fix Telephone Network," 2019 IEEE International Conference on Engineering, Technology and Education (TALE), Yogyakarta, Indonesia, 2019, pp. 1-6, doi: 10.1109/TALE48000.2019.9225986.
A. Neureiter, Security Protection of IMS Based Telecom Networks, M.Sc. thesis, Univ. of Applied Sciences Technikum Wien, Vienna, Austria, May 2017.
A. Sardella, “Building IMS-Capable Core Networks: Backbone Foundations for Fixed-Mobile Convergence,” Juniper Networks, White Paper, Mar. 2006.
O. S. Althobaiti and M. Dohler, "Cybersecurity Challenges Associated With the Internet of Things in a Post-Quantum World," in IEEE Access, vol. 8, pp. 157356-157381, 2020, doi: 10.1109/ACCESS.2020.3019345.
H. Kim, “5G Core Network Security Issues and Attack Classification from Network Protocol Perspective,” Journal of Internet Services and Information Security (JISIS), vol. 10, no. 2, pp. 1–15, 2020.
R. Dean, W. Akpose, W. Zegeye, and F. Moazzami, “Cyber Security Architecture for Networked Telemetry,” in Proc. International Telemetering Conference (ITC), 2024.
L. Al-Doski and S. Mohan, “A Cached Registration Scheme for IP Multimedia Subsystem (IMS),” Journal of Cyber Security and Mobility, vol. 3, pp. 317–338, 2014.
