Project Description

Network slicing partitions the physical network into several fit-for-purpose virtual networks with different degrees of isolation and quality of service to meet application requirements. However, it introduces vulnerabilities inherent to softwarization and virtualization technologies that could lead to compromised services. This project aims to secure 5G network slices end-to-end while meeting high levels of performance, flexibility, and reliability. The objectives include: (1) Artificial Intelligence (AI) based threat detection, and automatic deployment of countermeasures; (2) Security-by-design end-to-end network slice orchestration, including ZeroTrust attestation of underlying software supply chain; (3) Softwarized, high-performance and scalable Multi-access Edge Computing (MEC) platform to facilitate network telemetry, AI-based analytics, and on-demand orchestration of security functions, at the network edge. The MEC and AI solutions will be integrated into a large-scale 5G testbed.

Project Objectives and Outcomes

Objectives

• Objective 1 is to leverage the application of AI to enhance network performance and security. In this regard, AI solutions deployed in the MEC will detect known and unknown attacks by learning to detect anomalies in the 5G network traffic, and potentially trace the source. The high-performance MEC will facilitate the (near) real time ingestion of network telemetry data and AI analytics for timely response to attacks on the 5G slices. The software-defined capabilities of the 5G infrastructure and its programmability will allow for on-demand orchestration of countermeasures to mitigate attacks.

• Objective 2 is to deploy and orchestrate 5G slices that meet requirements in terms of high-performance and security. Slice configuration and security functions (e.g. isolation, non-cryptographic data protection, ZeroTrust software validation) will be enforced end-to-end when applicable. Slice configuration and orchestration decisions will be guided by applications security requirements and threat assessment.

• Objective 3 is to integrate developed solutions with partners and collaborator technologies into a Proof of Concept (PoC) MEC-enabled 5G testbed with secure slices. This testbed will be used to demonstrate a prototype architecture for (i) secure applications of machine-to-machine communications and Internet of Things leveraging a 5G network, and (ii) exploiting the features of 5G to improve situational awareness, among others.

Outcomes

• Developing AI solutions to detect threats, and automatically deploy countermeasures. Leveraging AI and minimizing human intervention will significantly increase responsiveness to known and unknown attacks.

• Inculcating security in the design and orchestration of end-to-end 5G network slices. Integrating the application security requirements into the 5G slice configuration, overlooked by classical 5G service categories, will allow to ensure integrity throughout the lifecycle of slices. On-demand orchestration of security functions will allow to reinforce the integrity of compromised slices in the event of attacks. Developing ZeroTrust-based assessment of software composition, provenance, and behavior, to ensure software security attestation throughout the lifecycle of end-to-end network slices, will limit the attack vector and allow for the integration of software from various vendors, similar to Open Radio Access Network (RAN) principle, using a built-in risk assessment mechanism.

• Building a 5G MEC platform to facilitate telemetry, AI-based analytics, on-demand deployment of security functions and their orchestration at the network edge. The MEC will improve the performance and security of the 5G network compared to a more traditional distant cloud-based solution, as well as allow for quick deployments in many scenarios from a mobile Forward Operating Base to a large-scale multi-nation deployment hosting secure applications from many different organizations. The MEC will also facilitate delay and latency sensitive applications, such as haptic, virtual or artificial reality applications for simulation, training and operational use, for many organizations simultaneously and securely.

Related Publications

• M. S.Towhid, N. S. Khan, M. M. Hasan, N. Shahriar. Towards Effective Network Intrusion Detection in Imbalanced Datasets: A Hierarchical Approach. IEEE International Conference on Computing, Networking and Communications (ICNC), Big Island, Hawaii, USA, February 19-22, 2024.

• F. Alalyan, B. Bousalem, W. Jaafar, R. Langar. Secure Peer-to-Peer Federated Learning for Efficient Cyberattacks Detection in 5G and Beyond Networks. IEEE International Conference on Communications (ICC), Denver, CO, USA, June 9-13, 2024.

• B. Zhang, P. Zeinaty, N. Limam, R. Boutaba. Mitigating Signaling Storms in 5G with Blockchain-assisted 5GAKA. IEEE/ACM/IFIP Conference on Network and Service Management (CNSM). Niagara Falls, Canada, October 30 - November 2, 2023.

• B. Farzaneh, N. Shahriar, A. H. Al Muktadir, M. S. Towhid. “DTL-IDS: Deep Transfer Learning-based Intrusion Detection System in 5G Networks,” IEEE/ACM/IFIP Conference on Network and Service Management (CNSM). Niagara Falls, Canada, October 30-November 2, 2023.

• B. Bousalem, M. A. Sakka, V. F. Silva, W. Jaafar, A. B. Letaifa, R. Langar. DDoS Attacks Mitigation in 5G-V2X Networks: A Reinforcement Learning-based Approach. IEEE/ACM/IFIP Conference on Network and Service Management (CNSM). Niagara Falls, Canada, October 30-November 2, 2023.

• B. Bousalem, V. F. Silva, A. Boualouache, R. Langar, S. Cherrier. Deep Learning-based Smart Radio Jamming Attacks Detection on 5G V2I/V2N Communications. IEEE Global Communications Conference (GLOBECOM), Kuala Lumpur, Malaysia, December 4-8, 2023.

• V. Pourahmadi, H. A. Alameddine, M. A. Salahuddin, R. Boutaba. Spotting Anomalies at the Edge: Outlier Exposure-based Cross-silo Federated Learning for DDoS Detection. IEEE Transactions on Dependable and Secure Computing (TDSC), vol. 20(5), pp. 4002-4015, September 2023.

• M. S. Towhid, N. Shahriar. Early detection of intrusion in SDN. IEEE/IFIP Network Operations and Management Symposium (NOMS), Miami, FL, USA, May 8-12, 2023.

• B. Bousalem, V. F. Silva, R. Langar, S. Cherrier. DDoS Attacks Detection and Mitigation in 5G and Beyond Networks: A Deep Learning-based Approach. IEEE Global Communications Conference (GLOBECOM), Rio de Janeiro, Brazil, December 4-8, 2022.

• M. S. Khan, B. Farzaneh, N. Shahriar, N. Saha, R. Boutaba. Slicesecure: Impact and detection of DoS/DDoS attacks on 5G network slices. IEEE Future Networks World Forum (FNWF), Montreal, Canada, October 12-14, 2022.

Datasets

• Repository of code and data for early detection of intrusion in SDN

• Jamming attack dataset

• DoS/DDoS attack dataset

Sponsors and Partners