The distributed design and diverse protocols in the 5G Core have increased the control-plane attack surface, making security a key concern. As threats increasingly originate from within the core, perimeter-based defenses alone are inadequate. Traditional tools lack visibility into protocol-level behavior and cannot detect malicious progression through core interfaces, creating a need for in-depth, protocol-aware security analysis targeting core functions and interfaces. To address this, a customized NWDAF is developed to support proactive threat detection and exposure assessment within the 5G Core. Built on the Open5GS platform, the system performs real-time behavioral analysis across key control-plane interfaces—N1, N2, N4, and the SBI. Customised protocol parsers for NGAP, PFCP and HTTP/2 extract detailed signaling information, enabling detection of session manipulation, signaling misuse, and other control-plane anomalies. A modular security exposure evaluation architecture computes dynamic threat exposure scores for each network function using anomaly patterns and entropy-based metrics, producing structured security reports with timestamped records of detected threats, exposure levels, and enforcement actions. These reports support temporal threat analysis and improve network-wide behavioral monitoring, enabling early detection and context-aware mitigation. Mitigation is automatically initiated via interfaces with the SMF, PCF, and NSSF. Experimental validation confirms the framework’s effectiveness in delivering accurate detection, low-latency analytics, and actionable insights for security-oriented 5G orchestration.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Security-Centric NWDAF Module for Threat Detection and Mitigation in 5G Core Networks

  • Lakshmi R. Nair,
  • Adithya Anil,
  • Preetam Mukherjee,
  • Manuj Aggarwal

摘要

The distributed design and diverse protocols in the 5G Core have increased the control-plane attack surface, making security a key concern. As threats increasingly originate from within the core, perimeter-based defenses alone are inadequate. Traditional tools lack visibility into protocol-level behavior and cannot detect malicious progression through core interfaces, creating a need for in-depth, protocol-aware security analysis targeting core functions and interfaces. To address this, a customized NWDAF is developed to support proactive threat detection and exposure assessment within the 5G Core. Built on the Open5GS platform, the system performs real-time behavioral analysis across key control-plane interfaces—N1, N2, N4, and the SBI. Customised protocol parsers for NGAP, PFCP and HTTP/2 extract detailed signaling information, enabling detection of session manipulation, signaling misuse, and other control-plane anomalies. A modular security exposure evaluation architecture computes dynamic threat exposure scores for each network function using anomaly patterns and entropy-based metrics, producing structured security reports with timestamped records of detected threats, exposure levels, and enforcement actions. These reports support temporal threat analysis and improve network-wide behavioral monitoring, enabling early detection and context-aware mitigation. Mitigation is automatically initiated via interfaces with the SMF, PCF, and NSSF. Experimental validation confirms the framework’s effectiveness in delivering accurate detection, low-latency analytics, and actionable insights for security-oriented 5G orchestration.