RAFT: A Real-Time Framework for Root Cause Analysis in 5G and beyond Vulnerability Detection

The reliability of 5G systems and their applications in a complex, dynamic, and heterogeneous environment requires rigorous testing and real-time detection for system vulnerabilities and unintended emergent behaviors. In this paper, fuzz testing is performed on 5G systems by randomly injecting and permuting control commands into the system under test (SUT) of the 5G radio resource control (RRC) authentication and authorization process, emulating Man-In-The-Middle (MITM) attacks to trigger potential vulnerabilities and unintended behaviors. The fuzzed system behaviors contain information that could indicate the system's health status, and potential vulnerabilities, and, more importantly, it enables the causation analysis in the SUT to detect the location and type of attacks or abnormal inputs from the profiling of the impacted behaviors. We then propose a Real-time Framework for Root Cause Analyses (RAFT) in NextG Vulnerability Detection based on analyzing the random fragments of the log file generated during the communication process. By processing the random fragments of the logging profiles captured during fuzz testing with the continuous bag-of-words (CBOW) Model, we extract the information of states and states transitions and perform causal analysis to identify the root cause for vulnerability detection in the 5G system. The novelty of our framework lies in the creation and analysis of the information extraction that does not require capturing the entire log file instead only the log file fragments to achieve high accuracy. This approach enables real-time detection and deployment to real-life scenarios where access to the entire logging profile is difficult to obtain or unavailable. The presented framework RAFT directly adapts to various machine learning (ML) models, which allow the adaptation to hardware with various computation complexity from internet-of-things (IoT) to Radio Access Network (RAN) servers. The experimental results show a significant performance gain and are thoroughly evaluated by the accuracy and area under the curve (AUC) results. In particular, we show that the proposed framework can attain a high AUC value (0.92≤AUC < 0.96) by accessing only a 70% fragment of the original log file while maintaining a higher accuracy. In addition, we find that RAFT reduces the time complexity by more than 5% as the fragment size reduces to 70% of the original log file. The causation analysis nature of RAFT summarizes vulnerability information into essential root causes that can be easily transmitted within the network in real-time and turned into guidance for back-end engineers. The unique advantages of RAFT, including accurate causation with information fragments, reliable performance without large training datasets and less computation complexity guarantee a wide range of use cases and deployment environment of RAFT.