Threat-Specific Risk Assessment for IP Multimedia Subsystem Networks Based on Hierarchical Models
Abdullah Ehsan Shaikh, Simon Yusuf Enoch
TL;DR
This work addresses the growing threat surface of IP Multimedia Subsystem (IMS) networks by introducing IMS-HAG, a hierarchical graph model that links top-layer IMS topology with bottom-layer attack trees to compute threat-specific risk. Using CVSS-derived scores and STRIDE threat categories, it defines node-, path-, and network-level risk metrics and supports multi-goal attack scenarios with AND/OR gate semantics. The approach is validated with data from the National Vulnerability Database, illustrating two attack scenarios and showing how defense actions (e.g., patching the P-CSCF) can reduce risk, while residual risk remains along attack paths. The framework provides a practical method for defenders to prioritize mitigations and quantify security posture across IMS deployments.
Abstract
Over the years, IP Multimedia Subsystems (IMS) networks have become increasingly critical as they form the backbone of modern telecommunications, enabling the integration of multimedia services such as voice, video, and messaging over IP-based infrastructures and next-generation networks. However, this integration has led to an increase in the attack surface of the IMS network, making it more prone to various forms of cyber threats and attacks, including Denial of Service (DoS) attacks, SIP-based attacks, unauthorized access, etc. As a result, it is important to find a way to manage and assess the security of IMS networks, but there is a lack of a systematic approach to managing the identification of vulnerabilities and threats. In this paper, we propose a model and a threat-specific risk security modeling and assessment approach to model and assess the threats of the IMS network. This model will provide a structured methodology for representing and analyzing threats and attack scenarios in layers within a hierarchical model. The proposed model aims to enhance the security posture of IMS networks by improving vulnerability management, risk evaluation, and defense evaluation against cyber threats. We perform a preliminary evaluation based on vulnerability collected from the National Vulnerability Database for devices in the IMS network. The results showed that we can model and assess the threats of IMS networks. IMS network defenders can use this model to understand their security postures taking into account the threat and risk posed by each vulnerability.