The Signalling System No. 7 (SS7) is used in GSM/UMTS telecommunication technologies for signalling and management of communication. It was designed on the concept of private boundary walled technology having mutual trust between few national/multinational operators with no inherent security controls in 1970s. Deregulation, expansion, and merger of telecommunication technology with data networks have vanquished the concept of boundary walls hence increasing the number of service providers, entry points, and interfaces to the SS7 network, which made it vulnerable to serious attacks. The SS7 exploits can be used by attackers to intercept messages, track a subscriber’s location, tape/redirect calls, adversely affect disaster relief operations, drain funds of individuals from banks in combination with other methods and send billions of spam messages. This paper provides a comprehensive review of the SS7 attacks with detailed methods to execute attacks, methods to enter the SS7 core network, and recommends safeguards against the SS7 attacks. It also provides a machine learning based framework to detect anomalies in the SS7 network which is compared with rule based filtering. It further presents a conceptual model for the defense of network.

中文翻译：

---

SS7 漏洞 - 用于检测 SS7 网络攻击的机器学习与基于规则的过滤的调查和实施

7 号信令系统 (SS7) 用于 GSM/UMTS 电信技术，用于通信的信令和管理。它的设计理念是私人边界墙技术在 1970 年代没有固有安全控制的少数国家/跨国运营商之间具有相互信任。电信技术与数据网络的放松管制、扩展和合并已经消除了边界墙的概念，因此增加了服务提供商、入口点和 SS7 网络接口的数量，使其容易受到严重攻击。攻击者可以利用 SS7 漏洞来拦截消息、跟踪订阅者的位置、录音/重定向呼叫、对救灾行动产生不利影响、结合其他方法从银行提取个人资金并发送数十亿条垃圾邮件。本文全面回顾了 SS7 攻击，详细介绍了执行攻击的方法、进入 SS7 核心网络的方法，并提出了针对 SS7 攻击的防范措施。它还提供了一个基于机器学习的框架来检测 SS7 网络中的异常，并与基于规则的过滤进行比较。它进一步提出了网络防御的概念模型。