TY - GEN
T1 - AI/ML-Based IDS as 5G Core Network Function in the Control Plane for IP/non-IP CIoT Traffic
AU - Le, Tan Nhat Linh
AU - Ait Salem, Boussad
AU - Appadoo, Dave
AU - Aitsaadi, Nadjib
AU - Du, Xiaojiang
N1 - Publisher Copyright:
© 2024 IEEE.
PY - 2024
Y1 - 2024
N2 - In this paper, we design and implement an Intrusion Detection System (IDS) within the 5G core network, which is capable of inspecting both IP and non-IP data flows. By leveraging the Access and Mobility Management Function (AMF) Network Function (NF) communication service, our IDS can analyze all Cellular Internet of Things (CIoT) data traffic flowing across both the User and Control Planes (UP and CP), enabling the detection of malicious activities originating from or targeting IoT networks. Our proposal is aligned with the 3GPP Release 17 (R17) standard and makes use of predefined functionalities to ensure compliance. Our proposal is non-intrusive and does not interfere with the core network's usual processes based on existing Service Based Interfaces (SBI). Additionally, we demonstrate that the classification of a data packet as malicious or benign is context-dependent using AI/ML Transformer Encoder architectures. We implement and integrate our proposed 5GCIoT IDS as a Network Function inside the 5G Amarisoft platform for extensive experimentation. To evaluate the models' performance, we train our models with different categories of safe and malicious generated traffic and apply them to an emulated realistic scenario. We obtained a very promising result.
AB - In this paper, we design and implement an Intrusion Detection System (IDS) within the 5G core network, which is capable of inspecting both IP and non-IP data flows. By leveraging the Access and Mobility Management Function (AMF) Network Function (NF) communication service, our IDS can analyze all Cellular Internet of Things (CIoT) data traffic flowing across both the User and Control Planes (UP and CP), enabling the detection of malicious activities originating from or targeting IoT networks. Our proposal is aligned with the 3GPP Release 17 (R17) standard and makes use of predefined functionalities to ensure compliance. Our proposal is non-intrusive and does not interfere with the core network's usual processes based on existing Service Based Interfaces (SBI). Additionally, we demonstrate that the classification of a data packet as malicious or benign is context-dependent using AI/ML Transformer Encoder architectures. We implement and integrate our proposed 5GCIoT IDS as a Network Function inside the 5G Amarisoft platform for extensive experimentation. To evaluate the models' performance, we train our models with different categories of safe and malicious generated traffic and apply them to an emulated realistic scenario. We obtained a very promising result.
KW - 3GPP
KW - 5GC
KW - CIoT
KW - IDS
KW - ML/AI
KW - Network Function
UR - http://www.scopus.com/inward/record.url?scp=85214871477&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85214871477&partnerID=8YFLogxK
U2 - 10.1109/LCN60385.2024.10639697
DO - 10.1109/LCN60385.2024.10639697
M3 - Conference contribution
AN - SCOPUS:85214871477
T3 - Proceedings - Conference on Local Computer Networks, LCN
BT - Proceedings of the 49th IEEE Conference on Local Computer Networks, LCN 2024
A2 - Tschorsch, Florian
A2 - Thilakarathna, Kanchana
A2 - Solmaz, Gurkan
T2 - 49th IEEE Conference on Local Computer Networks, LCN 2024
Y2 - 8 October 2024 through 10 October 2024
ER -