TY - GEN
T1 - NLP-based Cross-Layer 5G Vulnerabilities Detection via Fuzzing Generated Run-Time Profiling
AU - Wang, Zhuzhu
AU - Wang, Ying
N1 - Publisher Copyright:
© 2023 IEEE.
PY - 2023
Y1 - 2023
N2 - The effectiveness and efficiency of 5G software stack vulnerability and unintended behavior detection are essential for 5G assurance, especially for its applications in critical infrastructures. Scalability and automation are the main challenges in testing approaches and cybersecurity research, especially for fuzz testing and formal verification, which are commonly used to detect vulnerabilities. To this end, we propose an innovative approach for automatically detecting vulnerabilities and unintended emergent behaviors in 5G stacks via run-time profiling documents corresponding to fuzz testing in code repositories. More specifically, piloting on the srsRAN platform, we consider log files as regular text and leverage modern techniques from natural language processing (NLP) to map the run-time profiling via Logging Information (LogInfo) generated by fuzzing test to a high dimensional metric space. Then we construct feature spaces combined with their timestamp information. Lastly, we further exploit them using classifiers, including Logistic Regression, K-Nearest Neighbors, and Random Forest to categorize the impacts on performance and security attributes. After verification by examples, the performance of the proposed approach has high accuracy, ranging from 93.4% to 95.9%, in detecting the fuzzing impacts. In addition, the proof of concept could identify real-time vulnerabilities in 5G infrastructures and critical applications in various verticals.
AB - The effectiveness and efficiency of 5G software stack vulnerability and unintended behavior detection are essential for 5G assurance, especially for its applications in critical infrastructures. Scalability and automation are the main challenges in testing approaches and cybersecurity research, especially for fuzz testing and formal verification, which are commonly used to detect vulnerabilities. To this end, we propose an innovative approach for automatically detecting vulnerabilities and unintended emergent behaviors in 5G stacks via run-time profiling documents corresponding to fuzz testing in code repositories. More specifically, piloting on the srsRAN platform, we consider log files as regular text and leverage modern techniques from natural language processing (NLP) to map the run-time profiling via Logging Information (LogInfo) generated by fuzzing test to a high dimensional metric space. Then we construct feature spaces combined with their timestamp information. Lastly, we further exploit them using classifiers, including Logistic Regression, K-Nearest Neighbors, and Random Forest to categorize the impacts on performance and security attributes. After verification by examples, the performance of the proposed approach has high accuracy, ranging from 93.4% to 95.9%, in detecting the fuzzing impacts. In addition, the proof of concept could identify real-time vulnerabilities in 5G infrastructures and critical applications in various verticals.
KW - 5G systems
KW - LogInfo
KW - fuzzing test
KW - machine learning
KW - natural language processing
UR - http://www.scopus.com/inward/record.url?scp=85191255760&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85191255760&partnerID=8YFLogxK
U2 - 10.1109/CloudNet59005.2023.10490042
DO - 10.1109/CloudNet59005.2023.10490042
M3 - Conference contribution
AN - SCOPUS:85191255760
T3 - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
SP - 194
EP - 202
BT - 2023 IEEE 12th International Conference on Cloud Networking, CloudNet 2023
T2 - 12th IEEE International Conference on Cloud Networking, CloudNet 2023
Y2 - 1 November 2023 through 3 November 2023
ER -