Malicious Lateral Movement in 5G Core With Network Slicing And Its Detection

• URL: http://arxiv.org/abs/2312.01681v1
• Date: Mon, 4 Dec 2023 07:09:33 GMT
• Title: Malicious Lateral Movement in 5G Core With Network Slicing And Its Detection
• Authors: Ayush Kumar, Vrizlynn L. L. Thing,
• Abstract summary: We propose lateral movement strategies in a 5G Core (5GC) with network slicing enabled. We present 5GLatte, a system to detect such malicious lateral movement.
• Score: 4.12716042472541
• License: http://creativecommons.org/licenses/by-nc-nd/4.0/
• Abstract: 5G networks are susceptible to cyber attacks due to reasons such as implementation issues and vulnerabilities in 3GPP standard specifications. In this work, we propose lateral movement strategies in a 5G Core (5GC) with network slicing enabled, as part of a larger attack campaign by well-resourced adversaries such as APT groups. Further, we present 5GLatte, a system to detect such malicious lateral movement. 5GLatte operates on a host-container access graph built using host/NF container logs collected from the 5GC. Paths inferred from the access graph are scored based on selected filtering criteria and subsequently presented as input to a threshold-based anomaly detection algorithm to reveal malicious lateral movement paths. We evaluate 5GLatte on a dataset containing attack campaigns (based on MITRE ATT&CK and FiGHT frameworks) launched in a 5G test environment which shows that compared to other lateral movement detectors based on state-of-the-art, it can achieve higher true positive rates with similar false positive rates.

Related papers

• AdvQDet: Detecting Query-Based Adversarial Attacks with Adversarial Contrastive Prompt Tuning [93.77763753231338]
  Adversarial Contrastive Prompt Tuning (ACPT) is proposed to fine-tune the CLIP image encoder to extract similar embeddings for any two intermediate adversarial queries. We show that ACPT can detect 7 state-of-the-art query-based attacks with $>99%$ detection rate within 5 shots. We also show that ACPT is robust to 3 types of adaptive attacks.
  arXiv  Detail & Related papers  (2024-08-04T09:53:50Z)
• Advanced Penetration Testing for Enhancing 5G Security [0.0]
  This paper reviews penetration testing approaches for identifying security vulnerabilities in 5G networks. It examines ways adversaries exploit vulnerabilities in 5G networks, covering tactics and strategies targeted at 5G features. Our research indicates that 5G penetration testing should use a multithreaded approach for addressing current security challenges.
  arXiv  Detail & Related papers  (2024-07-24T13:35:35Z)
• Relaxing Graph Transformers for Adversarial Attacks [49.450581960551276]
  Graph Transformers (GTs) surpassed Message-Passing GNNs on several benchmarks, their adversarial robustness properties are unexplored. We overcome these challenges by targeting three representative architectures based on (1) random-walk PEs, (2) pair-wise-short-paths, and (3) spectral perturbations. Our evaluation reveals that they can be catastrophically fragile and underlines our work's importance and the necessity for adaptive attacks.
  arXiv  Detail & Related papers  (2024-07-16T14:24:58Z)
• Penetration Testing of 5G Core Network Web Technologies [53.89039878885825]
  We present the first security assessment of the 5G core from a web security perspective. We use the STRIDE threat modeling approach to define a complete list of possible threat vectors and associated attacks. Our analysis shows that all these cores are vulnerable to at least two of our identified attack vectors.
  arXiv  Detail & Related papers  (2024-03-04T09:27:11Z)
• Exploring Emerging Trends in 5G Malicious Traffic Analysis and Incremental Learning Intrusion Detection Strategies [9.466909402552844]
  As the use of 5G technology increases, so does the risk of malicious traffic activity on 5G networks. In this paper, we first provide an in-depth study of 5G technology and 5G security. Next, we analyze and discuss the latest malicious traffic detection under AI and their applicability to 5G networks. Finally, we present three major issues that need to be addressed for traffic detection in 5G environment.
  arXiv  Detail & Related papers  (2024-02-22T07:52:20Z)
• Critical Analysis of 5G Networks Traffic Intrusion using PCA, t-SNE and UMAP Visualization and Classifying Attacks [0.0]
  We use a recently published 5G traffic dataset, 5G-NIDD, to detect network traffic anomalies using machine and deep learning approaches. We reduce data dimensionality using mutual information and PCA techniques. We solve the class imbalance issue by inserting synthetic records of minority classes.
  arXiv  Detail & Related papers  (2023-12-08T06:43:19Z)
• Deep Attention Recognition for Attack Identification in 5G UAV scenarios: Novel Architecture and End-to-End Evaluation [3.3253720226707992]
  Despite the robust security features inherent in the 5G framework, attackers will still discover ways to disrupt 5G unmanned aerial vehicle (UAV) operations. We propose Deep Attention Recognition (DAtR) as a solution to identify attacks based on a small deep network embedded in authenticated UAVs.
  arXiv  Detail & Related papers  (2023-03-03T17:10:35Z)
• Robust Mid-Pass Filtering Graph Convolutional Networks [47.50194731200042]
  Graph convolutional networks (GCNs) are currently the most promising paradigm for dealing with graph-structure data. Recent studies have also shown that GCNs are vulnerable to adversarial attacks. We propose a simple yet effective Mid-pass filter GCN (Mid-GCN) to overcome these challenges.
  arXiv  Detail & Related papers  (2023-02-16T03:07:09Z)
• Machine Learning Assisted Security Analysis of 5G-Network-Connected Systems [5.918387680589584]
  5G networks have transitioned to software-defined infrastructures. New technologies, like network function virtualization and software-defined networking, have been incorporated in the 5G core network (5GCN) architecture to enable this transition. This article presents a comprehensive security analysis framework for the 5GCN.
  arXiv  Detail & Related papers  (2021-08-07T20:07:08Z)
• Discriminator-Free Generative Adversarial Attack [87.71852388383242]
  Agenerative-based adversarial attacks can get rid of this limitation. ASymmetric Saliency-based Auto-Encoder (SSAE) generates the perturbations. The adversarial examples generated by SSAE not only make thewidely-used models collapse, but also achieves good visual quality.
  arXiv  Detail & Related papers  (2021-07-20T01:55:21Z)
• On Topology Optimization and Routing in Integrated Access and Backhaul Networks: A Genetic Algorithm-based Approach [70.85399600288737]
  We study the problem of topology optimization and routing in IAB networks. We develop efficient genetic algorithm-based schemes for both IAB node placement and non-IAB backhaul link distribution. We discuss the main challenges for enabling mesh-based IAB networks.
  arXiv  Detail & Related papers  (2021-02-14T21:52:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.