報告題目:Proactive AnomalyDetection and Fine-Grained Root Cause Localization for 5G/ B5G Network Slicing.
報告人:劉家佳 西北工業大學 教授
報告時間:2024年11月25日(周一)15:30
報告地點:三牌樓校區科研樓208會議室
報告摘要:
The Service-Based Architecture (SBA)introduced by 3GPP allows the control plane of 5G Core Network (CN) to functionthrough a set of interconnected Network Functions (NFs), which offerssignificant benefits such as improved scalability, simplified operations, andefficient resource utilization. However, such a new transformation could alsomake critical NFs in 5G CN become more susceptible to attacks due to bothinternal vulnerabilities within the software-implemented NFs or the expandedinterfaces brought by the SBA. Existing studies targeting 5G network securitypay little attention to the detection of abnormal behaviors from control planeNFs. Therefore, we propose 5GCGuard, an anomaly detection scheme aiming atidentifying abnormal NF interactions in 5G CN. It employs a deep learning-basedsequence model to learn normal interaction patterns and detects anomalies basedon deviations from the learned pattern. Special designs including attentionmechanism, multi-task learning, probabilistic labeling and automatic thresholddecision are made to enhance its detection capabilities. We establish acloud-native 5G testbed to evaluate the effectiveness of 5GCGuard. Extensiveevaluation results show its superiority over comparison schemes. Case studiesalso demonstrate its ability to proactively detect various NF interaction anomalies,enabling swift action to block attacks and prevent further damage.Reflecting onthe lessons from recent large-scale and enduring telecommunication disasters,which resulted in severe service degradation or even complete outages, weobserve that many of these incidents stem from an initial simple malfunctionwithin the NFVI layer. To the best of our knowledge, we are the first toinvestigate the fine grained Root Cause Localization (RCL) issue for B5G/6Gnetwork slicing deep into the NFVI layer, with our proposed Zoom-inRCL schemecapable of not only localizing the malfunctioning entity but also identifyingthe fault-related metrics. Specifically, it first utilizes the Deep SupportVector Data Description (DeepSVDD) algorithm to filter abnormal NF call graphsfrom NF invocation traces collected during periods of service degradation inslices, and then identifies suspicious faulty entities through a uniquelydesigned scoring method, and finally ranks metrics exclusively for thoseentities exhibiting high faulty scores. Performance evaluation conducted on areal-world mobile operator dataset demonstrates that Zoom-inRCL, byprogressively filtering out unrelated noisy data, outperforms existing schemesin RCL accuracy while simultaneously maintaining low time costs. We believe ourdesign idea can enhance the assurance of intelligent and effective operation inthe future B5G/6G network slicing.
報告人簡介:
Jiajia Liu is afull professor (Vice Dean) with the School of Cybersecurity, Northwestern PolytechnicalUniversity. His research interests cover a wide range of areas includingintelligent and connected vehicles, mobile/edge/cloud computing and storage,Internet of things security, wireless and mobile ad hoc networks, andspace-air-ground integrated networks. He has been actively joining the societyactivities, like serving as the Chair of IEEE IOT-AHSN TC (2022-2023) and thegeneral chair of HPSR 2022. He is a Distinguished Lecturer of IEEECommunications Society and Vehicular Technology Society.