Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are...Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are highly secure closed systems with interfaces defined through the 3rd Generation Partnership Project(3GPP)specifications to fulfill communication requirements.However,the 5GC boundary,especially the access domain,faces diverse security threats due to the availability of open-source cellular software suites and SoftwareDefined Radio(SDR)devices.Therefore,we systematically summarize security threats targeting the N2 interfaces at the 5GC boundary,which are categorized as Illegal Registration,Protocol attack,and Signaling Storm.We further construct datasets of attack and normal communication patterns based on a 5G simulated platform.In addition,we propose an anomaly detection method based on Next Generation Application Protocol(NGAP)message sequences,which extracts session temporal features at the granularity of User Equipment(UE).The method combines the Long Short-Term Memory Network(LSTM)and the attention mechanism can effectively mine the dynamic patterns and key anomaly time-steps in the temporal sequence.We conducted anomaly detection baseline algorithm comparison experiments,ablation experiments,and real-world simulation experiments.Experimental evaluations demonstrated that our model can accurately learn the dependencies of uplink and downlink messages for our self-constructed datasets,achieving 99.80%Accuracy and 99.85%F1 Score,which can effectively detect UE anomaly behavior.展开更多
文摘Service-Based Architecture(SBA)of 5G network introduces novel communication technology and advanced features,while simultaneously presenting new security requirements and challenges.Commercial 5G Core(5GC)networks are highly secure closed systems with interfaces defined through the 3rd Generation Partnership Project(3GPP)specifications to fulfill communication requirements.However,the 5GC boundary,especially the access domain,faces diverse security threats due to the availability of open-source cellular software suites and SoftwareDefined Radio(SDR)devices.Therefore,we systematically summarize security threats targeting the N2 interfaces at the 5GC boundary,which are categorized as Illegal Registration,Protocol attack,and Signaling Storm.We further construct datasets of attack and normal communication patterns based on a 5G simulated platform.In addition,we propose an anomaly detection method based on Next Generation Application Protocol(NGAP)message sequences,which extracts session temporal features at the granularity of User Equipment(UE).The method combines the Long Short-Term Memory Network(LSTM)and the attention mechanism can effectively mine the dynamic patterns and key anomaly time-steps in the temporal sequence.We conducted anomaly detection baseline algorithm comparison experiments,ablation experiments,and real-world simulation experiments.Experimental evaluations demonstrated that our model can accurately learn the dependencies of uplink and downlink messages for our self-constructed datasets,achieving 99.80%Accuracy and 99.85%F1 Score,which can effectively detect UE anomaly behavior.
