Threat-Specific Risk Assessment for IP Multimedia Subsystem Networks Based on Hierarchical Models

Over the years, IP Multimedia Subsystems (IMS) networks have become increasingly critical as they form the backbone of modern telecommunications, enabling the integration of multimedia services such as voice, video, and messaging over IP-based infrastructures and next-generation networks. However, this integration has led to an increase in the attack surface of the IMS network, making it more prone to various forms of cyber threats and attacks, including Denial of Service (DoS) attacks, SIP-based attacks, unauthorized access, etc. As a result, it is important to find a way to manage and assess the security of IMS networks, but there is a lack of a systematic approach to managing the identification of vulnerabilities and threats. In this paper, we propose a model and a threat-specific risk security modeling and assessment approach to model and assess the threats of the IMS network. This model will provide a structured methodology for representing and analyzing threats and attack scenarios in layers within a hierarchical model. The proposed model aims to enhance the security posture of IMS networks by improving vulnerability management, risk evaluation, and defense evaluation against cyber threats. We perform a preliminary evaluation based on vulnerability collected from the National Vulnerability Database for devices in the IMS network. The results showed that we can model and assess the threats of IMS networks. IMS network defenders can use this model to understand their security postures taking into account the threat and risk posed by each vulnerability.