A Runtime Anomaly Detector via Service Communication Proxy for 5G Mobile Networks.

With the growing popularity of the 5G mobile network, its security is becoming important. Although the newly introduced 5G security mechanisms have addressed many legacy security issues, there may be still vulnerabilities in the 5G network due to newly deployed components and used technologies. To detect security threats, we develop a runtime anomaly detector (RAD) platform, designated as 5G-RAD, to cooperate with the operational 5G core network via the service communication proxy (SCP). It validates the core network operation in terms of state machine and message content by analyzing control-plane messages. We demonstrate its effectiveness by building a 5G mobile network architecture with SCP based on the open-source free5GC and UERANSIM. The 5G-RAD is tested with three attacks, including DoS, authentication bypass, and invalid message injection; it can successfully detect them at run time.