Evaluating the Security Posture of 5G Networks by Combining State Auditing and Event Monitoring

5G network technology is being rapidly adopted in various critical infrastructures, mainly due to its unique benefits (e.g., higher throughput, lower latency, and better scalability). This wide-spread and fast adoption necessitates securing those critical services deployed over 5G technology. However, evaluating the security posture of a 5G network is challenging due to the heterogeneous and large-scale nature of 5G networks coupled with new security threats. Moreover, existing 5G security approaches fall short as their results are typically binary and difficult to be translated into the overall security posture of a 5G network. In this paper, we propose a novel solution for evaluating the security posture of 5G networks by combining the results of existing security solutions for state auditing and event monitoring. To that end, our main idea is to first build a novel event-state model that captures both events and states in a 5G network, and then extend this model to evaluate the overall security posture and how such security posture may evolve over time due to persistent threats. We integrate this approach with free5GC (a popular 5G open-source project) and evaluate its effectiveness.