The present invention relates to a system and method for detecting intrusion into, and for assessing the vulnerability of, a telecommunications signaling network.
Telecommunications signaling networks are susceptible to intrusion, meaning that a person may use software or physical means to cause disruption or denial of service within the network. For example, a person may use software operating on a computer in an attempt to seize control of a particular node or link in the network and consequently cause a disruption or denial of service. As another example, a person may attempt to take physical control of an entity in the network, such as a link, resulting in a disruption or denial of service.
These intrusions create an undesirable situation for communications service providers and for customers using the network. In particular, the disruptions or denials of service may inconvenience customers and potentially cause a loss in revenue for the communications service provider. When a disruption occurs, a service provider may attempt to locate the disruption and determine a cause of the intrusion. However, in that case the service provider only obtains an indication of the intrusion after it has already caused a disruption and thus cannot anticipate such an intrusion before it occurs. In addition, the service provider may not necessarily know in advance which portions of the network are most susceptible to an intrusion and thus not know how to best monitor the network for potential intrusion.
Accordingly, a need exists for detection of intrusion in a telecommunications signaling network, potentially in real-time, and for analysis of the vulnerability of the telecommunications signaling network to an intrusion.